Windows Analysis Report
https://webservice.ucampaign.unear.net/UmailTracking/t.aspx?p=64620006&c=MTI2NjMxOA==&up=46435316&e=jlim@vvblawyers.com&l=MTczODQ=&i=1126&u=aHR0cHM6Ly9zcGhleGFtcy5jb20vLndlbGwta25vdy8/MHM1N2RiPU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbWIySnhkRWN6SmtRMEprMTFiSGR5VkdoSGVVdFpMaTQ1U2pOWU5sSnlhbVk2Y2tZMEpqTXpKblY1

Overview

General Information

Sample URL:	https://webservice.ucampaign.unear.net/UmailTracking/t.aspx?p=64620006&c=MTI2NjMxOA==&up=46435316&e=jlim@vvblawyers.com&l=MTczODQ=&i=1126&u=aHR0cHM6Ly9zcGhleGFtcy5jb20vLndlbGwta25vdy8/MHM1N2RiPU1UTW1N
Analysis ID:	1571837
Infos:

Detection

HTMLPhisher

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Suricata IDS alerts for network traffic

Yara detected HtmlPhish54

AI detected landing page (webpage, office document or email)

AI detected suspicious Javascript

Phishing site or detected (based on various text indicators)

Detected hidden input values containing email addresses (often used in phishing pages)

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

URL contains potential PII (phishing indication)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://webservice.ucampaign.unear.net/UmailTracking/t.aspx?p=64620006&c=MTI2NjMxOA==&up=46435316&e=jlim@vvblawyers.com&l=MTczODQ=&i=1126&u=aHR0cHM6Ly9zcGhleGFtcy5jb20vLndlbGwta25vdy8/MHM1N2RiPU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbWIySnhkRWN6SmtRMEprMTFiSGR5VkdoSGVVdFpMaTQ1U2pOWU5sSnlhbVk2Y2tZMEpqTXpKblY1Wm5VdWIyWmxaV3BwTXpNbVJUUW1kSFJpYldReE15WnZZbkYwUkRRbVFqRW1SalFtYlc1MWFVY3pKa1EwSmtJeEprWTBKbnBsY0dOSE15WkVOQ1pDTVNaR05DWjZaWEJqUkRRbVFqRW1SalFtWldKbWFVY3pKa1EwSmtJeEprWTBKbVp0ZW5WMFJ6TW1SRFFtTVRNbU1UTW1NVE1tTVRNbVFqRW1SVGdtTVRNbU1UTW1NVE1tTVRNbU1UTW1NVE1tTVRNbU1UTW1RakVtUXpRbWIyWmxaV3BwTVRNbVFqUW1lblZxYldwamFuUnFkekV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKa0l4SmtNMEptWjFhbWw0TVRNbVFqUW1jM0J0Y0dReE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkRPQ1l4TXlaMWVXWjFMbTltWldWcWFTOHhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1ptYlhwMWRFUTBKakV6SmpFekpqRXpKakV6SmtJeEprWTBKbVp0ZFdwMVJ6TW1SRFFtWm01d1NVWTBKbVp0ZFdwMVJEUW1NVE1tTVRNbU1UTW1NVE1tUWpFbVJ6TW1LekV6Sm1aek1UTW1aV1ZpTVRNbVJUUW1SVFFtUlRRbVJUUW1SVFFtUlRRbVJEUW1NVE1tSzBjekpqRXpKakV6SmtZMEpqTXpKa1UwSmpFelkyczJSR054UjFoamIwTkdaWHRYU0dWemVtZHNkSHBtYVdkdWMydGxhVFF6SmtjekptWnpSek1tWldSSE15WjRjRzlzTG0xdFpuZ3ZSek1tYUhOd0wyWnRZbTl3YW50aWIzTm1kVzlxYjJadVlrY3pKa2N6SmtJMEpuUnhkWFZwUlRRbWJYTjJRelFtTXpNekprVTBKblZ2Wm5WdmNHUXhNeVl6TXlacGRHWnpaMlp6TXpNbVJUUW1kMnAyY21ZdWNYVjFhVEV6Sm1KMVptNUVOQ1l4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1l6TXlZNUxrZFZWak16SmtVMEpuVm1kSE5pYVdReE15WmlkV1p1UkRRbU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbVpXSm1hVVEwSmtJeEprWTBKbTF1ZFdsRU5DWkNNU1pHTkNadlluRjBSek1tUkRRbVpHczNhRnBXUkRRbWRIczFUVVUwSmt4WWJYZ3hUMUZuWkZoUVdYTjdOWGRIT1h0UlJUWW1RMDlHTkNZek15WjFlV1oxTG05bVpXVnFhVE16SmtVMEpuUjBZbTFrTVRNbWIySnhkRVEwSmtJeEpnPT0=

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://ameninternazionale.org/.well-know/cd/re/#hdjrmfheyskfyrdGVzdEBnbWFpbC5jb20=

Joe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft' is a well-known global technology company., The URL 'ameninternazionale.org' does not match the legitimate domain 'microsoft.com'., The domain 'ameninternazionale.org' does not have any obvious connection to Microsoft., The URL does not contain any recognizable elements related to Microsoft, which is suspicious., The use of a completely different domain name suggests a potential phishing attempt. DOM: 2.3.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 0.19.id.script.csv, type: HTML
Source: Yara match	File source: 0.25.id.script.csv, type: HTML
Source: Yara match	File source: 4.10.pages.csv, type: HTML
Source: Yara match	File source: 4.11.pages.csv, type: HTML
Source: Yara match	File source: 3.9.pages.csv, type: HTML
Source: Yara match	File source: 4.13.pages.csv, type: HTML

AI detected landing page (webpage, office document or email)

Source: https://ameninternazionale.org/.well-know/cd/re/#hdjrmfheyskfyrdGVzdEBnbWFpbC5jb20=	Joe Sandbox AI: Page contains button: 'Submit' Source: '2.2.pages.csv'
Source: https://ameninternazionale.org/.well-know/cd/re/#hdjrmfheyskfyrdGVzdEBnbWFpbC5jb20=	Joe Sandbox AI: Page contains button: 'Submit' Source: '2.4.pages.csv'
Source: https://ameninternazionale.org/.well-know/cd/re/#hdjrmfheyskfyrdGVzdEBnbWFpbC5jb20=	Joe Sandbox AI: Page contains button: 'Submit' Source: '2.3.pages.csv'

AI detected suspicious Javascript

Source: 0.23.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://offcap.myconm.com/?qe=3RVg... High risk due to multiple suspicious indicators: heavily obfuscated code (+3), array of encoded strings (+3), potential for dynamic code execution through array manipulation (+2). The code appears to be part of a malicious script that's intentionally obscured to avoid detection.
Source: 0.12.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://offcap.myconm.com/?qe=3RVg... Script shows multiple high-risk indicators: heavy obfuscation (encoded strings, unusual variable names), suspicious DOM manipulation patterns (multiple selectors for ad/tracking elements), and potential fingerprinting behavior (checking for browser features and user agent). Contains references to tracking, advertising, and potentially sensitive browser APIs.
Source: 0.19.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://offcap.myconm.com/?qe=3RVg... High risk due to multiple suspicious indicators: 1) Uses suspicious non-standard domains (myconm.com) masquerading as Microsoft domains 2) Contains obfuscated URLs and tokens 3) Appears to be a phishing attempt mimicking Microsoft login infrastructure 4) Contains data collection endpoints for potential credential harvesting
Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://sphexams.com/.well-know/?0s57db=MTMmMTMmMT... High-risk script that uses multiple layers of obfuscation (base64, URL encoding, character manipulation, string reversal) to decode and execute potentially malicious content. It can either redirect to a decoded URL or inject arbitrary HTML via document.write(). The use of multiple encoding layers is a common malware technique to evade detection.
Source: 0.2.i.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://ameninternazionale.org/.well-know/cd/re/#h... High-risk script showing multiple suspicious behaviors: 1) Uses obfuscated function names (_0x5a2b, _0x6b4d, etc.), 2) Implements base64 encoding/decoding potentially to hide malicious payloads, 3) Extracts and processes URL hash parameters which could contain encoded malicious content, 4) Uses deceptive UI messages suggesting document opening but redirects to potential phishing endpoint, 5) Implements delayed redirects through rdrct.php which could be used for phishing or malware distribution. The presence of CAPTCHA validation appears to legitimize malicious activity.

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 2.4

OCR Text: Verifying... CLOUDFLARE Ten-ns CAPTCHA is mandatory. Submit Microsoft

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://l1ve.myconm.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com

HTTP Parser: bob@outlook.com

HTML body contains low number of good links

Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden javascript code

Source: https://offcap.myconm.com/?qe=3RVg

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

HTML title does not match URL

Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://l1ve.myconm.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com	HTTP Parser: Title: Sign in to your Microsoft account does not match URL

URL contains potential PII (phishing indication)

Sample URL: PII: jlim@vvblawyers.com&l

Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: Iframe src: https://aa45faf7-0e591a27.myconm.com/Prefetch/Prefetch.aspx
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: Iframe src: https://aa45faf7-0e591a27.myconm.com/Prefetch/Prefetch.aspx
Source: https://l1ve.myconm.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com	HTTP Parser: Iframe src: https://b4cef784-0e591a27.myconm.com?session_id=970e892d5314442cb6158e07d409df4c&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI

Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: <input type="password" .../> found
Source: https://l1ve.myconm.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com	HTTP Parser: <input type="password" .../> found

Source: https://sphexams.com/.well-know/?0s57db=MTMmMTMmMTMmMTMmQjEmRjQmb2JxdEczJkQ0Jk11bHdyVGhHeUtZLi45SjNYNlJyamY6ckY0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmRjQmbW51aUczJkQ0JkIxJkY0JnplcGNHMyZENCZCMSZGNCZ6ZXBjRDQmQjEmRjQmZWJmaUczJkQ0JkIxJkY0JmZtenV0RzMmRDQmMTMmMTMmMTMmMTMmQjEmRTgmMTMmMTMmMTMmMTMmMTMmMTMmMTMmMTMmQjEmQzQmb2ZlZWppMTMmQjQmenVqbWpjanRqdzEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJkIxJkM0JmZ1aml4MTMmQjQmc3BtcGQxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZDOCYxMyZ1eWZ1Lm9mZWVqaS8xMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZGNCZmbXp1dEQ0JjEzJjEzJjEzJjEzJkIxJkY0JmZtdWp1RzMmRDQmZm5wSUY0JmZtdWp1RDQmMTMmMTMmMTMmMTMmQjEmRzMmKzEzJmZzMTMmZWViMTMmRTQmRTQmRTQmRTQmRTQmRTQmRDQmMTMmK0czJjEzJjEzJkY0JjMzJkU0JjEzY2s2RGNxR1hjb0NGZXtXSGVzemdsdHpmaWduc2tlaTQzJkczJmZzRzMmZWRHMyZ4cG9sLm1tZngvRzMmaHNwL2ZtYm9wantib3NmdW9qb2ZuYkczJkczJkI0JnRxdXVpRTQmbXN2QzQmMzMzJkU0JnVvZnVvcGQxMyYzMyZpdGZzZ2ZzMzMmRTQmd2p2cmYucXV1aTEzJmJ1Zm5ENCYxMyYxMyYxMyYxMyZCMSZGNCYzMyY5LkdVVjMzJkU0JnVmdHNiaWQxMyZidWZuRDQmMTMmMTMmMTMmMTMmQjEmRjQm...	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No favicon

Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://l1ve.myconm.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com	HTTP Parser: No <meta name="author".. found

Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://l1ve.myconm.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com	HTTP Parser: No <meta name="copyright".. found

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 164.92.188.247:443 -> 192.168.2.17:49763

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: webservice.ucampaign.unear.net to https://sphexams.com/.well-know/?0s57db=mtmmmtmmmtmmmtmmqjemrjqmb2jxdeczjkq0jk11bhdyvghheutzli45sjnynljyamy6cky0jjmzjnv5znuub2zlzwppmzmmrtqmdhribwqxmyzvynf0rdqmqjemrjqmbw51auczjkq0jkixjky0jnplcgnhmyzenczcmszgncz6zxbjrdqmqjemrjqmzwjmauczjkq0jkixjky0jmztenv0rzmmrdqmmtmmmtmmmtmmmtmmqjemrtgmmtmmmtmmmtmmmtmmmtmmmtmmmtmmmtmmqjemqzqmb2zlzwppmtmmqjqmenvqbwpjanrqdzezjjezjjezjjezjjezjjezjjezjjezjjezjjezjjezjjezjkixjkm0jmz1aml4mtmmqjqmc3btcgqxmyyxmyyxmyyxmyyxmyyxmyyxmyyxmyyxmyyxmyyxmyyxmyzcmszdocyxmyz1ewz1lm9mzwvqas8xmyyxmyyxmyyxmyyxmyyxmyyxmyyxmyzcmszgnczmbxp1deq0jjezjjezjjezjjezjkixjky0jmztdwp1rzmmrdqmzm5wsuy0jmztdwp1rdqmmtmmmtmmmtmmmtmmqjemrzmmkzezjmzzmtmmzwvimtmmrtqmrtqmrtqmrtqmrtqmrtqmrdqmmtmmk0czjjezjjezjky0jjmzjku0jjezy2s2rgnxr1hjb0ngzxtxsgvzemdsdhpmawduc2tlatqzjkczjmzzrzmmzwrhmyz4cg9slm1tzngvrzmmahnwl2ztym9wantib3nmdw9qb2zuykczjkczjki0jnrxdxvprtqmbxn2qzqmmzmzjku0jnvvznvvcgqxmyyzmyzpdgzzz2zzmzmmrtqmd2p2cmyucxv1atezjmj1zm5encyxmyyxmyyxmyyxmyzcmszgncyzmyy5lkdvvjmzjku0jnvmdhniawqxmyzidwzurdqmmtmmmtmmmtmmmtmmqjemrjqmzwjmauq0jkixjky0jm1udwlenczcmszgnczvynf0rzmmrdqmzgs3afpwrdqmdhs1tuu0jkxybxgxt1fnzfhqwxn7nxdhoxtrrtymq09gncyzmyz1ewz1lm9mzwvqatmzjku0jnr0ym1kmtmmb2jxdeq0jkixjg==

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.6
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.6
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /UmailTracking/t.aspx?p=64620006&c=MTI2NjMxOA==&up=46435316&e=jlim@vvblawyers.com&l=MTczODQ=&i=1126&u=aHR0cHM6Ly9zcGhleGFtcy5jb20vLndlbGwta25vdy8/MHM1N2RiPU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbWIySnhkRWN6SmtRMEprMTFiSGR5VkdoSGVVdFpMaTQ1U2pOWU5sSnlhbVk2Y2tZMEpqTXpKblY1Wm5VdWIyWmxaV3BwTXpNbVJUUW1kSFJpYldReE15WnZZbkYwUkRRbVFqRW1SalFtYlc1MWFVY3pKa1EwSmtJeEprWTBKbnBsY0dOSE15WkVOQ1pDTVNaR05DWjZaWEJqUkRRbVFqRW1SalFtWldKbWFVY3pKa1EwSmtJeEprWTBKbVp0ZW5WMFJ6TW1SRFFtTVRNbU1UTW1NVE1tTVRNbVFqRW1SVGdtTVRNbU1UTW1NVE1tTVRNbU1UTW1NVE1tTVRNbU1UTW1RakVtUXpRbWIyWmxaV3BwTVRNbVFqUW1lblZxYldwamFuUnFkekV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKa0l4SmtNMEptWjFhbWw0TVRNbVFqUW1jM0J0Y0dReE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkRPQ1l4TXlaMWVXWjFMbTltWldWcWFTOHhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1ptYlhwMWRFUTBKakV6SmpFekpqRXpKakV6SmtJeEprWTBKbVp0ZFdwMVJ6TW1SRFFtWm01d1NVWTBKbVp0ZFdwMVJEUW1NVE1tTVRNbU1UTW1NVE1tUWpFbVJ6TW1LekV6Sm1aek1UTW1aV1ZpTVRNbVJUUW1SVFFtUlRRbVJUUW1SVFFtUlRRbVJEUW1NVE1tSzBjekpqRXpKakV6SmtZMEpqTXpKa1UwSmpFelkyczJSR054UjFoamIwTkdaWHRYU0dWemVtZHNkSHBtYVdkdWMydGxhVFF6SmtjekptWnpSek1tWldSSE15WjRjRzlzTG0xdFpuZ3ZSek1tYUhOd0wyWnRZbTl3YW50aWIzTm1kVzlxYjJadVlrY3pKa2N6SmtJMEpuUnhkWFZwUlRRbWJYTjJRelFtTXpNekprVTBKblZ2Wm5WdmNHUXhNeVl6TXlacGRHWnpaMlp6TXpNbVJUUW1kMnAyY21ZdWNYVjFhVEV6Sm1KMVptNUVOQ1l4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1l6TXlZNUxrZFZWak16SmtVMEpuVm1kSE5pYVdReE15WmlkV1p1UkRRbU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbVpXSm1hVVEwSmtJeEprWTBKbTF1ZFdsRU5DWkNNU1pHTkNadlluRjBSek1tUkRRbVpHczNhRnBXUkRRbWRIczFUVVUwSmt4WWJYZ3hUMUZuWkZoUVdYTjdOWGRIT1h0UlJUWW1RMDlHTkNZek15WjFlV1oxTG05bVpXVnFhVE16SmtVMEpuUjBZbTFrTVRNbWIySnhkRVEwSmtJeEpnPT0= HTTP/1.1Host: webservice.ucampaign.unear.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /.well-know/?0s57db=MTMmMTMmMTMmMTMmQjEmRjQmb2JxdEczJkQ0Jk11bHdyVGhHeUtZLi45SjNYNlJyamY6ckY0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmRjQmbW51aUczJkQ0JkIxJkY0JnplcGNHMyZENCZCMSZGNCZ6ZXBjRDQmQjEmRjQmZWJmaUczJkQ0JkIxJkY0JmZtenV0RzMmRDQmMTMmMTMmMTMmMTMmQjEmRTgmMTMmMTMmMTMmMTMmMTMmMTMmMTMmMTMmQjEmQzQmb2ZlZWppMTMmQjQmenVqbWpjanRqdzEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJkIxJkM0JmZ1aml4MTMmQjQmc3BtcGQxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZDOCYxMyZ1eWZ1Lm9mZWVqaS8xMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZGNCZmbXp1dEQ0JjEzJjEzJjEzJjEzJkIxJkY0JmZtdWp1RzMmRDQmZm5wSUY0JmZtdWp1RDQmMTMmMTMmMTMmMTMmQjEmRzMmKzEzJmZzMTMmZWViMTMmRTQmRTQmRTQmRTQmRTQmRTQmRDQmMTMmK0czJjEzJjEzJkY0JjMzJkU0JjEzY2s2RGNxR1hjb0NGZXtXSGVzemdsdHpmaWduc2tlaTQzJkczJmZzRzMmZWRHMyZ4cG9sLm1tZngvRzMmaHNwL2ZtYm9wantib3NmdW9qb2ZuYkczJkczJkI0JnRxdXVpRTQmbXN2QzQmMzMzJkU0JnVvZnVvcGQxMyYzMyZpdGZzZ2ZzMzMmRTQmd2p2cmYucXV1aTEzJmJ1Zm5ENCYxMyYxMyYxMyYxMyZCMSZGNCYzMyY5LkdVVjMzJkU0JnVmdHNiaWQxMyZidWZuRDQmMTMmMTMmMTMmMTMmQjEmRjQmZWJmaUQ0JkIxJkY0Jm1udWlENCZCMSZGNCZvYnF0RzMmRDQmZGs3aFpWRDQmdHs1TUU0JkxYbXgxT1FnZFhQWXN7NXdHOXtRRTYmQ09GNCYzMyZ1eWZ1Lm9mZWVqaTMzJkU0JnR0Ym1kMTMmb2JxdEQ0JkIxJg== HTTP/1.1Host: sphexams.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sphexams.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sphexams.com/.well-know/?0s57db=MTMmMTMmMTMmMTMmQjEmRjQmb2JxdEczJkQ0Jk11bHdyVGhHeUtZLi45SjNYNlJyamY6ckY0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmRjQmbW51aUczJkQ0JkIxJkY0JnplcGNHMyZENCZCMSZGNCZ6ZXBjRDQmQjEmRjQmZWJmaUczJkQ0JkIxJkY0JmZtenV0RzMmRDQmMTMmMTMmMTMmMTMmQjEmRTgmMTMmMTMmMTMmMTMmMTMmMTMmMTMmMTMmQjEmQzQmb2ZlZWppMTMmQjQmenVqbWpjanRqdzEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJkIxJkM0JmZ1aml4MTMmQjQmc3BtcGQxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZDOCYxMyZ1eWZ1Lm9mZWVqaS8xMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZGNCZmbXp1dEQ0JjEzJjEzJjEzJjEzJkIxJkY0JmZtdWp1RzMmRDQmZm5wSUY0JmZtdWp1RDQmMTMmMTMmMTMmMTMmQjEmRzMmKzEzJmZzMTMmZWViMTMmRTQmRTQmRTQmRTQmRTQmRTQmRDQmMTMmK0czJjEzJjEzJkY0JjMzJkU0JjEzY2s2RGNxR1hjb0NGZXtXSGVzemdsdHpmaWduc2tlaTQzJkczJmZzRzMmZWRHMyZ4cG9sLm1tZngvRzMmaHNwL2ZtYm9wantib3NmdW9qb2ZuYkczJkczJkI0JnRxdXVpRTQmbXN2QzQmMzMzJkU0JnVvZnVvcGQxMyYzMyZpdGZzZ2ZzMzMmRTQmd2p2cmYucXV1aTEzJmJ1Zm5ENCYxMyYxMyYxMyYxMyZCMSZGNCYzMyY5LkdVVjMzJkU0JnVmdHNiaWQxMyZidWZuRDQmMTMmMTMmMTMmMTMmQjEmRjQmZWJmaUQ0JkIxJkY0Jm1udWlENCZCMSZGNCZvYnF0RzMmRDQmZGs3aFpWRDQmdHs1TUU0JkxYbXgxT1FnZFhQWXN7NXdHOXtRRTYmQ09GNCYzMyZ1eWZ1Lm9mZWVqaTMzJkU0JnR0Ym1kMTMmb2JxdEQ0JkIxJg==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /.well-know/cd/re/ HTTP/1.1Host: ameninternazionale.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sphexams.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sphexams.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ameninternazionale.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ameninternazionale.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?compat=recaptcha HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ameninternazionale.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f9063374b04d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ameninternazionale.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f9063374b04d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ameninternazionale.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6c96199b00fa1&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6c96199b00fa1&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1217350448:1733764300:zvHUnKjOCxwAgch-M913R2tM8mD1gJ3EVo_4ePpgicY/8ef6c96199b00fa1/2axRlM8K45EWtO8TzXqLTkRi3Arai34899td5._XtdE-1733766093-1.1.1.1-OdzvnEQ8SyL0GCsJS1G2sdj0PQ3PjMMmAQr2GdyUfGyLh3H5W0rTPAiNuAP_i4g0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8ef6c96199b00fa1/1733766097531/3c1556456805cec06261fea5cd49ae21a31f255a700692ea9b772b9bb1cf13d6/hRGKLkag-0o1Umn HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://ameninternazionale.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6c997a86442ad&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6c997a86442ad&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/457009411:1733764360:aRg59TFp1OaI8N3nms2oLtLRWIfPtC0oPIhQYUzdBuM/8ef6c997a86442ad/_cseFwbR5uxQq4PfUG_ziYTu0z6kkpOVCPujpnWiXkM-1733766101-1.1.1.1-vL1CA2AtL3EdsjEAXym3NkSt74DVDhri37ZdlfJcVcPPMA5Sq8JnJVPGfRKVgKuE HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8ef6c997a86442ad/1733766106030/5ym9Qb7hUPt95Jw HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8ef6c997a86442ad/1733766106030/5ym9Qb7hUPt95Jw HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8ef6c997a86442ad/1733766106033/cd511318b73ec19c11cc90f41c187ab72a36e207c9465082a957b4b829a9bcb8/6vTyGsiZscPh32f HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/457009411:1733764360:aRg59TFp1OaI8N3nms2oLtLRWIfPtC0oPIhQYUzdBuM/8ef6c997a86442ad/_cseFwbR5uxQq4PfUG_ziYTu0z6kkpOVCPujpnWiXkM-1733766101-1.1.1.1-vL1CA2AtL3EdsjEAXym3NkSt74DVDhri37ZdlfJcVcPPMA5Sq8JnJVPGfRKVgKuE HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/457009411:1733764360:aRg59TFp1OaI8N3nms2oLtLRWIfPtC0oPIhQYUzdBuM/8ef6c997a86442ad/_cseFwbR5uxQq4PfUG_ziYTu0z6kkpOVCPujpnWiXkM-1733766101-1.1.1.1-vL1CA2AtL3EdsjEAXym3NkSt74DVDhri37ZdlfJcVcPPMA5Sq8JnJVPGfRKVgKuE HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /.well-know/cd/re/sts.php HTTP/1.1Host: ameninternazionale.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ameninternazionale.org/.well-know/cd/re/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /.well-know/cd/re/rdrct.php?code=hdjrmfheyskfyrdGVzdEBnbWFpbC5jb20%3D HTTP/1.1Host: ameninternazionale.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://ameninternazionale.org/.well-know/cd/re/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=2751027388f5ab72f265578dd5215654
Source: global traffic	HTTP traffic detected: GET /.well-know/cd/re/sts.php HTTP/1.1Host: ameninternazionale.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=2751027388f5ab72f265578dd5215654
Source: global traffic	HTTP traffic detected: GET /?qe=3RVg HTTP/1.1Host: offcap.myconm.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://ameninternazionale.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png HTTP/1.1Host: findicons.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f9063374b04d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xb30u/0x4AAAAAAAz81HM6AHANCtc4/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons HTTP/1.1Host: images.freeimages.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6ca8f8eb542b2&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xb30u/0x4AAAAAAAz81HM6AHANCtc4/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xb30u/0x4AAAAAAAz81HM6AHANCtc4/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons HTTP/1.1Host: images.freeimages.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6ca8f8eb542b2&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: offcap.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/?qe=3RVgAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/229150693:1733764372:1Vm_HqExEuCYrHrKbLx421CcUDMOvlx4T7bCqGuy2i4/8ef6ca8f8eb542b2/r3GJ4_A152EC8qp39ln_Z9EC_KemNmwazh6UB0lpyxE-1733766141-1.1.1.1-nQxGVFeYLVUC.NVgYp4gG1F7O_IhbWZmZV82zspKiHyXomE6Mct38w1.jXhk_pFw HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8ef6ca8f8eb542b2/1733766145524/089324410dbdf74386b787908899f8f848ed1d8d89bb6b3e56936f9ce32c8be9/UDLw0pNuMHcnTL9 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xb30u/0x4AAAAAAAz81HM6AHANCtc4/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8ef6ca8f8eb542b2/1733766145528/q8Z6Lw0ZA8dnFtz HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xb30u/0x4AAAAAAAz81HM6AHANCtc4/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8ef6ca8f8eb542b2/1733766145528/q8Z6Lw0ZA8dnFtz HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/229150693:1733764372:1Vm_HqExEuCYrHrKbLx421CcUDMOvlx4T7bCqGuy2i4/8ef6ca8f8eb542b2/r3GJ4_A152EC8qp39ln_Z9EC_KemNmwazh6UB0lpyxE-1733766141-1.1.1.1-nQxGVFeYLVUC.NVgYp4gG1F7O_IhbWZmZV82zspKiHyXomE6Mct38w1.jXhk_pFw HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/229150693:1733764372:1Vm_HqExEuCYrHrKbLx421CcUDMOvlx4T7bCqGuy2i4/8ef6ca8f8eb542b2/r3GJ4_A152EC8qp39ln_Z9EC_KemNmwazh6UB0lpyxE-1733766141-1.1.1.1-nQxGVFeYLVUC.NVgYp4gG1F7O_IhbWZmZV82zspKiHyXomE6Mct38w1.jXhk_pFw HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?qe=3RVg HTTP/1.1Host: offcap.myconm.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://offcap.myconm.com/?qe=3RVgAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: 6d700e25-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://offcap.myconm.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0e591a278ea443c18aa44fdb64cfa07a/ HTTP/1.1Host: offcap.myconm.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://offcap.myconm.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="Sec-WebSocket-Key: VX/caWE8nSqL+x0r11Ne9A==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?qe=3RVg&sso_reload=true HTTP/1.1Host: offcap.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://offcap.myconm.com/?qe=3RVgAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: 6d700e25-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://offcap.myconm.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_i5YupurhQAo9inu_OetqHw2.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://offcap.myconm.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://offcap.myconm.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_i5YupurhQAo9inu_OetqHw2.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /0e591a278ea443c18aa44fdb64cfa07a/ HTTP/1.1Host: offcap.myconm.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://offcap.myconm.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: SNdymVN/YoAfMqPrBKkluw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: aa45faf7-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /0e591a278ea443c18aa44fdb64cfa07a/ HTTP/1.1Host: offcap.myconm.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://offcap.myconm.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=f838640a-cf8a-4a39-8bf0-a2fc6bb74112; brcap=0Sec-WebSocket-Key: rABVgOFLHsWXz+frWttiBw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /0e591a278ea443c18aa44fdb64cfa07a/ HTTP/1.1Host: offcap.myconm.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://offcap.myconm.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=f838640a-cf8a-4a39-8bf0-a2fc6bb74112; brcap=0Sec-WebSocket-Key: BrcrT96RocZzlZRG7wT6Bw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com HTTP/1.1Host: l1ve.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: offcap.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=f838640a-cf8a-4a39-8bf0-a2fc6bb74112; brcap=0; ESTSWCTXFLOWTOKEN=AQABIQEAAADW6jl31mB3T7ugrWTT8pFe2j3RdnNuE0GFdTQS7Ut67vMN1C1Guyb7dFdurOJ0jfOvTtrUGz0f7WyrXMilqve5aDst3BqHOq51zsPBDnzlxT6epiyYDsiwTAIbHvdxDoudG2ntcDeHu2TObVS0Ec8C1dTR-5mKNfuwUCgmWRXX8cpJuVe5nJR0DZxBStdKKnL4lFMoCa4w-96R7bLkD5khmqgpX592icGzBIjVWSIRkKos6W4bgJkPacRVy7okWhnMwjtADiqxqkoufFGuY5fkMLBCFTbAyawTAvTtdaEUz4U4PIbRchFdHWHC_FvSGRgjRRSsAeec8I1J6JWsHVmEBQ7uAC2G6zGAKDq4xV_gj95Svk-0p2RvzGYvlsewqiWgwK_XE9eJteiRJ3ho8DxolmjSruvCEJcJyvAYGZFxF42KiWGPvgAS9cpQanjbsy8PRfNPxnve1HeRNl1eeqhL9h63bsqTbmhNiix5cSTNctF1fR4N9laeFy6r9tVjCG2Mv__gLJp-F2w8f03j8Q6FIAA
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/5/js/login_en_GZu1H3AHaJ0ROCr2BSwwfw2.js HTTP/1.1Host: 32eb4ebc-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l1ve.myconm.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://l1ve.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0e591a278ea443c18aa44fdb64cfa07a/ HTTP/1.1Host: l1ve.myconm.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://l1ve.myconm.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="Sec-WebSocket-Key: cLnuZn7d9cyJr69dqTrFxA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /0e591a278ea443c18aa44fdb64cfa07a/ HTTP/1.1Host: l1ve.myconm.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://l1ve.myconm.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; MC1="GUID=79c56b7970324e2f992d785b446d07d7&HASH=79c5&LV=202412&V=4&LU=1733766196293"; MS0=0948991d4b3d449c8f22fe345e27b6c0Sec-WebSocket-Key: X7AqElgbTITcXGIhT2CN3g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_077217740c853b5d4fe8.js HTTP/1.1Host: 32eb4ebc-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l1ve.myconm.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://l1ve.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: 32eb4ebc-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l1ve.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; MC1="GUID=79c56b7970324e2f992d785b446d07d7&HASH=79c5&LV=202412&V=4&LU=1733766196293"; MS0=0948991d4b3d449c8f22fe345e27b6c0
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: 32eb4ebc-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l1ve.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; MC1="GUID=79c56b7970324e2f992d785b446d07d7&HASH=79c5&LV=202412&V=4&LU=1733766196293"; MS0=0948991d4b3d449c8f22fe345e27b6c0
Source: global traffic	HTTP traffic detected: GET /shared/5/js/login_en_GZu1H3AHaJ0ROCr2BSwwfw2.js HTTP/1.1Host: 32eb4ebc-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; MC1="GUID=79c56b7970324e2f992d785b446d07d7&HASH=79c5&LV=202412&V=4&LU=1733766196293"; MS0=0948991d4b3d449c8f22fe345e27b6c0
Source: global traffic	HTTP traffic detected: GET /?session_id=970e892d5314442cb6158e07d409df4c&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI HTTP/1.1Host: b4cef784-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://l1ve.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; MC1="GUID=79c56b7970324e2f992d785b446d07d7&HASH=79c5&LV=202412&V=4&LU=1733766196293"; MS0=0948991d4b3d449c8f22fe345e27b6c0
Source: global traffic	HTTP traffic detected: GET /GetExperimentAssignments.srf HTTP/1.1Host: l1ve.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; MC1="GUID=79c56b7970324e2f992d785b446d07d7&HASH=79c5&LV=202412&V=4&LU=1733766196293"; MS0=0948991d4b3d449c8f22fe345e27b6c0

Source: global traffic	DNS traffic detected: DNS query: webservice.ucampaign.unear.net
Source: global traffic	DNS traffic detected: DNS query: sphexams.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ameninternazionale.org
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: offcap.myconm.com
Source: global traffic	DNS traffic detected: DNS query: findicons.com
Source: global traffic	DNS traffic detected: DNS query: images.freeimages.com
Source: global traffic	DNS traffic detected: DNS query: 6d700e25-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: cd092d4c-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: l1ve.myconm.com
Source: global traffic	DNS traffic detected: DNS query: aa45faf7-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: f3b9289a-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: af608318-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: c6b0c7df-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: 32eb4ebc-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: 6ef77b17-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: 0fa96f3e-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: 26e0e80c-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: 4e1fa428-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: 3c5f129b-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: b4cef784-0e591a27.myconm.com

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1217350448:1733764300:zvHUnKjOCxwAgch-M913R2tM8mD1gJ3EVo_4ePpgicY/8ef6c96199b00fa1/2axRlM8K45EWtO8TzXqLTkRi3Arai34899td5._XtdE-1733766093-1.1.1.1-OdzvnEQ8SyL0GCsJS1G2sdj0PQ3PjMMmAQr2GdyUfGyLh3H5W0rTPAiNuAP_i4g0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3389sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedCF-Chl-RetryAttempt: 0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: 2axRlM8K45EWtO8TzXqLTkRi3Arai34899td5._XtdE-1733766093-1.1.1.1-OdzvnEQ8SyL0GCsJS1G2sdj0PQ3PjMMmAQr2GdyUfGyLh3H5W0rTPAiNuAP_i4g0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:41:40 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: q52SjiN/apDTh9NiaiTkKCEAH/3hK0eps3g=$PxnkGarYsxRaiIJtServer: cloudflareCF-RAY: 8ef6c98cffa04322-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:41:48 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: 9mmX5XJ7LuQCtnE4WJ5HiXqAJtRgMZ4dJGE=$jU5EVDKgsKj8+8fIServer: cloudflareCF-RAY: 8ef6c9c18b750f39-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:41:54 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: pf9LmYck1j3M9tygGwrJ9SClFK/JCNOWx5M=$vTJuWXuzNr0ptnp4Server: cloudflareCF-RAY: 8ef6c9e91b5f42dd-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:42:04 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: X4qRR9OG5uoJr/WFc75yjoTclHeLU8wlS+0=$yFsrgfrfKSEBbYifServer: cloudflareCF-RAY: 8ef6ca236bfe4304-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:42:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encoding
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:42:28 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 6v8ZNP4uIacTkATw8cDdoaJYrGqH6YP5Dlo=$h7MkiZj/z39x4JM9cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8ef6caba0f0bf791-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:42:34 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: dB33gsAJyDb3nd1EWfA3Kd7KPF0YDTdYjcg=$lYmOfnEV6DOan0mNServer: cloudflareCF-RAY: 8ef6cae2e84a728a-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:42:38 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: nPUT5jfpLO2FT4bAsHVvNCV6C7IMvZPjIho=$fycq7bW7qNSWDNTlcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8ef6cafc6e36423a-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:42:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 0441a297-3ebe-496c-a692-1f747e950901x-ms-ests-server: 2.1.19492.3 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://d31a483e-0e591a27.myconm.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:42:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 392a303a-a797-40f2-8e9c-b7bfbe312300x-ms-ests-server: 2.1.19568.3 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://d31a483e-0e591a27.myconm.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:42:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: 2086b97e-21fb-4359-ad84-15ff54ea7044x-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 80F7F6DDF0E542C0AD2281AB24283C00 Ref B: AMS231032610049 Ref C: 2024-12-09T17:42:56Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:42:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: b38e5df4-d3c8-49e0-a7d0-cb5510794201x-ms-ests-server: 2.1.19492.3 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://d31a483e-0e591a27.myconm.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:43:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 7ef7cbe9-9e70-4fdb-97b1-8e7f006c6101x-ms-ests-server: 2.1.19492.3 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://d31a483e-0e591a27.myconm.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:43:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingppserver: PPV: 30 H: BL02EPF0001DA3A V: 0access-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:43:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingppserver: PPV: 30 H: SN1PEPF0002FA29 V: 0access-control-allow-origin: access-control-allow-headers:

Source: chromecache_130.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: chromecache_130.1.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?compat=recaptcha
Source: chromecache_130.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_130.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufA5qW54A.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufB5qW54A.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufC5qW54A.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufD5qW54A.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufJ5qW54A.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufO5qW54A.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: classification engine

Classification label: mal84.phis.win@25/85@78/16

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=2008,i,16803173520090594236,16514680076727720754,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://webservice.ucampaign.unear.net/UmailTracking/t.aspx?p=64620006&c=MTI2NjMxOA==&up=46435316&e=jlim@vvblawyers.com&l=MTczODQ=&i=1126&u=aHR0cHM6Ly9zcGhleGFtcy5jb20vLndlbGwta25vdy8/MHM1N2RiPU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbWIySnhkRWN6SmtRMEprMTFiSGR5VkdoSGVVdFpMaTQ1U2pOWU5sSnlhbVk2Y2tZMEpqTXpKblY1Wm5VdWIyWmxaV3BwTXpNbVJUUW1kSFJpYldReE15WnZZbkYwUkRRbVFqRW1SalFtYlc1MWFVY3pKa1EwSmtJeEprWTBKbnBsY0dOSE15WkVOQ1pDTVNaR05DWjZaWEJqUkRRbVFqRW1SalFtWldKbWFVY3pKa1EwSmtJeEprWTBKbVp0ZW5WMFJ6TW1SRFFtTVRNbU1UTW1NVE1tTVRNbVFqRW1SVGdtTVRNbU1UTW1NVE1tTVRNbU1UTW1NVE1tTVRNbU1UTW1RakVtUXpRbWIyWmxaV3BwTVRNbVFqUW1lblZxYldwamFuUnFkekV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKa0l4SmtNMEptWjFhbWw0TVRNbVFqUW1jM0J0Y0dReE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkRPQ1l4TXlaMWVXWjFMbTltWldWcWFTOHhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1ptYlhwMWRFUTBKakV6SmpFekpqRXpKakV6SmtJeEprWTBKbVp0ZFdwMVJ6TW1SRFFtWm01d1NVWTBKbVp0ZFdwMVJEUW1NVE1tTVRNbU1UTW1NVE1tUWpFbVJ6TW1LekV6Sm1aek1UTW1aV1ZpTVRNbVJUUW1SVFFtUlRRbVJUUW1SVFFtUlRRbVJEUW1NVE1tSzBjekpqRXpKakV6SmtZMEpqTXpKa1UwSmpFelkyczJSR054UjFoamIwTkdaWHRYU0dWemVtZHNkSHBtYVdkdWMydGxhVFF6SmtjekptWnpSek1tWldSSE15WjRjRzlzTG0xdFpuZ3ZSek1tYUhOd0wyWnRZbTl3YW50aWIzTm1kVzlxYjJadVlrY3pKa2N6SmtJMEpuUnhkWFZwUlRRbWJYTjJRelFtTXpNekprVTBKblZ2Wm5WdmNHUXhNeVl6TXlacGRHWnpaMlp6TXpNbVJUUW1kMnAyY21ZdWNYVjFhVEV6Sm1KMVptNUVOQ1l4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1l6TXlZNUxrZFZWak16SmtVMEpuVm1kSE5pYVdReE15WmlkV1p1UkRRbU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbVpXSm1hVVEwSmtJeEprWTBKbTF1ZFdsRU5DWkNNU1pHTkNadlluRjBSek1tUkRRbVpHczNhRnBXUkRRbWRIczFUVVUwSmt4WWJYZ3hUMUZuWkZoUVdYTjdOWGRIT1h0UlJUWW1RMDlHTkNZek15WjFlV1oxTG05bVpXVnFhVE16SmtVMEpuUjBZbTFrTVRNbWIySnhkRVEwSmtJeEpnPT0="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=2008,i,16803173520090594236,16514680076727720754,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
192.185.25.241	ameninternazionale.org	United States	46606	UNIFIEDLAYER-AS-1US	false
18.165.220.47	images.freeimages.com	United States	3	MIT-GATEWAYSUS	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.155.32	unknown	United States	13335	CLOUDFLARENETUS	false
18.165.220.75	unknown	United States	3	MIT-GATEWAYSUS	false
104.21.34.58	sphexams.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.21.36	www.google.com	United States	15169	GOOGLEUS	false
52.200.208.143	webservice.ucampaign.unear.net	United States	14618	AMAZON-AESUS	false
164.92.188.247	aa45faf7-0e591a27.myconm.com	United States	46930	ASN-DPSDUS	false
18.66.161.55	findicons.com	United States	3	MIT-GATEWAYSUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17
192.168.2.5

Contacted Domains

Name	IP	Active
aa45faf7-0e591a27.myconm.com	164.92.188.247	true
cd092d4c-0e591a27.myconm.com	164.92.188.247	true
af608318-0e591a27.myconm.com	164.92.188.247	true
26e0e80c-0e591a27.myconm.com	164.92.188.247	true
b4cef784-0e591a27.myconm.com	164.92.188.247	true
offcap.myconm.com	164.92.188.247	true
images.freeimages.com	18.165.220.47	true
l1ve.myconm.com	164.92.188.247	true
6d700e25-0e591a27.myconm.com	164.92.188.247	true
4e1fa428-0e591a27.myconm.com	164.92.188.247	true
3c5f129b-0e591a27.myconm.com	164.92.188.247	true
6ef77b17-0e591a27.myconm.com	164.92.188.247	true
webservice.ucampaign.unear.net	52.200.208.143	true
findicons.com	18.66.161.55	true
0fa96f3e-0e591a27.myconm.com	164.92.188.247	true
cdnjs.cloudflare.com	104.17.25.14	true
challenges.cloudflare.com	104.18.94.41	true
32eb4ebc-0e591a27.myconm.com	164.92.188.247	true
ameninternazionale.org	192.185.25.241	true
c6b0c7df-0e591a27.myconm.com	164.92.188.247	true
sphexams.com	104.21.34.58	true
www.google.com	172.217.21.36	true
f3b9289a-0e591a27.myconm.com	164.92.188.247	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cd092d4c-0e591a27.myconm.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif	true	Avira URL Cloud: safe	unknown
https://cd092d4c-0e591a27.myconm.com/shared/1.0/content/js/ConvergedLogin_PCore_i5YupurhQAo9inu_OetqHw2.js	true	Avira URL Cloud: safe	unknown
https://ameninternazionale.org/.well-know/cd/re/sts.php	false	Avira URL Cloud: safe	unknown
https://cd092d4c-0e591a27.myconm.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8ef6c96199b00fa1/1733766097531/3c1556456805cec06261fea5cd49ae21a31f255a700692ea9b772b9bb1cf13d6/hRGKLkag-0o1Umn	false		high
https://32eb4ebc-0e591a27.myconm.com/shared/5/images/2_bc3d32a696895f78c19d.svg	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1217350448:1733764300:zvHUnKjOCxwAgch-M913R2tM8mD1gJ3EVo_4ePpgicY/8ef6c96199b00fa1/2axRlM8K45EWtO8TzXqLTkRi3Arai34899td5._XtdE-1733766093-1.1.1.1-OdzvnEQ8SyL0GCsJS1G2sdj0PQ3PjMMmAQr2GdyUfGyLh3H5W0rTPAiNuAP_i4g0	false		high
https://cd092d4c-0e591a27.myconm.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js	true	Avira URL Cloud: safe	unknown
https://ameninternazionale.org/.well-know/cd/re/	true	Avira URL Cloud: safe	unknown
https://l1ve.myconm.com/0e591a278ea443c18aa44fdb64cfa07a/	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/g/f9063374b04d/api.js	false		high
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6c96199b00fa1&lang=auto	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/229150693:1733764372:1Vm_HqExEuCYrHrKbLx421CcUDMOvlx4T7bCqGuy2i4/8ef6ca8f8eb542b2/r3GJ4_A152EC8qp39ln_Z9EC_KemNmwazh6UB0lpyxE-1733766141-1.1.1.1-nQxGVFeYLVUC.NVgYp4gG1F7O_IhbWZmZV82zspKiHyXomE6Mct38w1.jXhk_pFw	false		high
https://l1ve.myconm.com/Me.htm?v=3	true	Avira URL Cloud: safe	unknown
https://cd092d4c-0e591a27.myconm.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	true	Avira URL Cloud: safe	unknown
https://32eb4ebc-0e591a27.myconm.com/shared/5/chunks/oneds-analytics-js_077217740c853b5d4fe8.js	true	Avira URL Cloud: safe	unknown
https://cd092d4c-0e591a27.myconm.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js	true	Avira URL Cloud: safe	unknown
https://aa45faf7-0e591a27.myconm.com/Prefetch/Prefetch.aspx	true	Avira URL Cloud: safe	unknown
https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8ef6ca8f8eb542b2/1733766145528/q8Z6Lw0ZA8dnFtz	false		high
https://challenges.cloudflare.com/turnstile/v0/api.js?compat=recaptcha	false		high
https://l1ve.myconm.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com	false		unknown
https://offcap.myconm.com/common/GetCredentialType?mkt=en-US	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8ef6ca8f8eb542b2/1733766145524/089324410dbdf74386b787908899f8f848ed1d8d89bb6b3e56936f9ce32c8be9/UDLw0pNuMHcnTL9	false		high
https://cd092d4c-0e591a27.myconm.com/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg	true	Avira URL Cloud: safe	unknown
https://cd092d4c-0e591a27.myconm.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6ca8f8eb542b2&lang=auto	false		high
https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons	false		high
https://offcap.myconm.com/?qe=3RVg	true		unknown
https://sphexams.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://32eb4ebc-0e591a27.myconm.com/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg	true	Avira URL Cloud: safe	unknown
https://offcap.myconm.com/0e591a278ea443c18aa44fdb64cfa07a/	true	Avira URL Cloud: safe	unknown
https://ameninternazionale.org/.well-know/cd/re/#hdjrmfheyskfyrdGVzdEBnbWFpbC5jb20=	true		unknown
https://challenges.cloudflare.com/turnstile/v0/api.js	false		high
https://ameninternazionale.org/.well-know/cd/re/rdrct.php?code=hdjrmfheyskfyrdGVzdEBnbWFpbC5jb20%3D	false	Avira URL Cloud: safe	unknown
https://cd092d4c-0e591a27.myconm.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif	true	Avira URL Cloud: safe	unknown
https://offcap.myconm.com/?	true	Avira URL Cloud: safe	unknown
https://32eb4ebc-0e591a27.myconm.com/shared/5/js/login_en_GZu1H3AHaJ0ROCr2BSwwfw2.js	true	Avira URL Cloud: safe	unknown
https://offcap.myconm.com/favicon.ico	true	Avira URL Cloud: safe	unknown
https://cd092d4c-0e591a27.myconm.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8ef6c997a86442ad/1733766106030/5ym9Qb7hUPt95Jw	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xb30u/0x4AAAAAAAz81HM6AHANCtc4/auto/fbE/normal/auto/	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8ef6c997a86442ad/1733766106033/cd511318b73ec19c11cc90f41c187ab72a36e207c9465082a957b4b829a9bcb8/6vTyGsiZscPh32f	false		high
https://offcap.myconm.com/?qe=3RVg&sso_reload=true	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/457009411:1733764360:aRg59TFp1OaI8N3nms2oLtLRWIfPtC0oPIhQYUzdBuM/8ef6c997a86442ad/_cseFwbR5uxQq4PfUG_ziYTu0z6kkpOVCPujpnWiXkM-1733766101-1.1.1.1-vL1CA2AtL3EdsjEAXym3NkSt74DVDhri37ZdlfJcVcPPMA5Sq8JnJVPGfRKVgKuE	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6c997a86442ad&lang=auto	false		high
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	false		high
https://cd092d4c-0e591a27.myconm.com/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/	false		high
https://b4cef784-0e591a27.myconm.com/?session_id=970e892d5314442cb6158e07d409df4c&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1	false		high
https://f3b9289a-0e591a27.myconm.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1733766191542&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true	true	Avira URL Cloud: safe	unknown
https://cd092d4c-0e591a27.myconm.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js	true	Avira URL Cloud: safe	unknown
https://6d700e25-0e591a27.myconm.com/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js	true	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 9 16:41:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	20C705993E5B0D4710DD77480B0D0BF7	E18EB0190743EA7FD44F79CC83BC008E673E1BC0	2B192E258EB416CB0AB3F293B34B9D72507304DF8D16D834A028C23EB89EF1BE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 9 16:41:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	E2158F2FF37243C9A2D47BE657622322	EBDDE742BDB357364624A37D0DF6C466C764A7DD	5CBF2BB8C453DA2EB75B8D539BC3A3E6909ECB1CF037DA2E62741B70CBA8001A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	5BEBA52C5E5B8A935671003AD5101D04	73791CEA445650C218BA72ECA48BCD0095638C18	7C6FB4A2B53542A85351B94DF9BE028CCD9711032D60FF305428F2DBBB22C68F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 9 16:41:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	A82F45A998C293B038645C59FFC3D385	68CE7F40C6F1562E68A712B05B6A9108BB95B67C	237A85EF5F198C94948050873427D0D009169E4792E7F30A7D896BDA9A65FC53
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 9 16:41:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	81DA4BA9DCF9177698C86B1AE54D8BCF	853E7491651C4538C72DF781BFD73CFD86BDDEF4	B63941C560CB0AD1A0B5FFAB5C0DA411606613B6C9CA84F434EB6A5F59A4EDBE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 9 16:41:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	D6372AA523CCE508F34572950596B1FC	00F11F051D1604A0D2BE1CEF0475EA8CC8361301	CD32B72E89B18B8C639CBFFE120F532D943970880650638C2F7BD0715A3B2879
Chrome Cache Entry: 100	PNG image data, 18 x 41, 8-bit/color RGB, non-interlaced	AF6C55D891A4899E7E1E907157075CC6	0C457701D9FCBA06C7D6DB37520563CF7FC61519	2302459FC663A4861D0AD480A325553764576CDF656C47936C06FAEE1E2934BB
Chrome Cache Entry: 101	gzip compressed data, from Unix, original size modulo 2^32 190235	8ACF055773CD5872DF3D074764150211	24047B72981F5CB9B903A7632306243581A2CCE5	3A9F91CCF03EA3117BE9350A8ABC3427B815B2C3A4B9A64CE37935696368315B
Chrome Cache Entry: 102	gzip compressed data, from Unix, original size modulo 2^32 142298	E4CC4EF334A0E24455BD3A5F0EF4EF65	6EA1848317979ABB65A46C3E0CCE38B289067CEA	7446A85A402154D1BDD7564FF5CA01975D8AFD63C3B034C5486EB50709F1A111
Chrome Cache Entry: 103	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 104	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 105	gzip compressed data, from Unix, original size modulo 2^32 449968	6B8D51FA4275926A633811BAD3FC2DDF	2D4D03FE8BC5DE109BD42586E9C06272EDF466CE	45C4529FF9835C6F7AC9E346D7FDD59FDF0B8A79CABC284FC076182A3B33993D
Chrome Cache Entry: 106	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 107	PNG image data, 64 x 64, 8-bit colormap, non-interlaced	57AB754695EB0A2C74201ECD6948C12F	47A30BF4C6F8930625DEF0080F64B01FAB1E4562	2267D1822DBEFC10C25E17D1FA4A6D9331E5A126E2483C5AFF542D6107EBCA36
Chrome Cache Entry: 108	HTML document, ASCII text, with CRLF line terminators	F3A6CCB8BFD85E93AF0C6DBD6C056B37	29CCCBCFBB25C787F6F7D54CADAC8B8666CD0590	DE9DE3B0B48E1C0BAE11D96391D4927F2E5A378896A07177D0841CF027B6AC93
Chrome Cache Entry: 109	gzip compressed data, from Unix, original size modulo 2^32 57510	1BB2645B377E0429225D33E4E2CC6E3F	A40797795C77CDFF574080B506BAB17DB38494B5	B3B869875C7655F97500FBA0BCE74BCE7CC1DEE31D7CE5B93EA5D6457E07F08E
Chrome Cache Entry: 110	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 111	Web Open Font Format (Version 2), TrueType, length 48236, version 1.0	015C126A3520C9A8F6A27979D0266E96	2ACF956561D44434A6D84204670CF849D3215D5F	3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
Chrome Cache Entry: 112	PNG image data, 47 x 34, 8-bit/color RGB, non-interlaced	4A40AA04470C68AF30B5E2414C04C321	3F72FAF0F8552823C93D2D728A5C0ACBD6F7F1F6	6B86B887496A050F70FB2B192F49C046DA6B46E0B4425F94EF0FC31072BCAB2C
Chrome Cache Entry: 113	gzip compressed data, from Unix, original size modulo 2^32 407057	D25C52FC2640C3F976053F2ED924BF2D	DFE40C3E0A6CF6B5299628F75E5A3BA4AF1C4CDF	76481A9F45EC0122A00A00C71C1718BD9EE4E897F89ADCA928AF54120EBA41B2
Chrome Cache Entry: 114	gzip compressed data, from Unix, original size modulo 2^32 190235	8ACF055773CD5872DF3D074764150211	24047B72981F5CB9B903A7632306243581A2CCE5	3A9F91CCF03EA3117BE9350A8ABC3427B815B2C3A4B9A64CE37935696368315B
Chrome Cache Entry: 115	gzip compressed data, from Unix, original size modulo 2^32 113797	F57E211371B9E55D328785ACDF203545	1365B2DF20A7BBB257E4EBFAEEE193881F3464CF	4CC73A4063D5916443DABCF7DB8872CD54BD2F75F7314540525F9479C01D4B1D
Chrome Cache Entry: 116	gzip compressed data, from Unix, original size modulo 2^32 142298	E4CC4EF334A0E24455BD3A5F0EF4EF65	6EA1848317979ABB65A46C3E0CCE38B289067CEA	7446A85A402154D1BDD7564FF5CA01975D8AFD63C3B034C5486EB50709F1A111
Chrome Cache Entry: 117	gzip compressed data, from Unix, original size modulo 2^32 407057	D25C52FC2640C3F976053F2ED924BF2D	DFE40C3E0A6CF6B5299628F75E5A3BA4AF1C4CDF	76481A9F45EC0122A00A00C71C1718BD9EE4E897F89ADCA928AF54120EBA41B2
Chrome Cache Entry: 118	PNG image data, 18 x 41, 8-bit/color RGB, non-interlaced	AF6C55D891A4899E7E1E907157075CC6	0C457701D9FCBA06C7D6DB37520563CF7FC61519	2302459FC663A4861D0AD480A325553764576CDF656C47936C06FAEE1E2934BB
Chrome Cache Entry: 119	ASCII text, with very long lines (47691)	B0B3774E70E752266B4CF190E6D95053	03823D33D8C374DD69B66F1D75A5FC93D29967E1	A9F0787E39291D7BCB873D0D514F1D2C8DB0256FD741C2ABC4D46A809254E141
Chrome Cache Entry: 120	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 121	ASCII text	629930E1BF3B1D78D7C3429A87CAD337	2108404B55E3198BD193AD1ED72E1F4FEA75C646	89FE0B65FDCA26C356A772E172DEBFA68296615F683D597F75276E7071CA4D91
Chrome Cache Entry: 122	PNG image data, 64 x 64, 8-bit colormap, non-interlaced	57AB754695EB0A2C74201ECD6948C12F	47A30BF4C6F8930625DEF0080F64B01FAB1E4562	2267D1822DBEFC10C25E17D1FA4A6D9331E5A126E2483C5AFF542D6107EBCA36
Chrome Cache Entry: 123	ASCII text, with no line terminators	9F9FA94F28FE0DE82BC8FD039A7BDB24	6FE91F82974BD5B101782941064BCB2AFDEB17D8	9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
Chrome Cache Entry: 124	gzip compressed data, from Unix, original size modulo 2^32 976029	EEAD9073CAC1B261656AAB0284ABC896	E5A415C01B4BECD35D5018901E89DB37B2E4959A	1E1F1C5541A226D7D00031AE0CBFD68F20F005856730F0F658AE8BDDB4445287
Chrome Cache Entry: 125	gzip compressed data, from Unix, original size modulo 2^32 113424	69F909D3BA8C6B993DD001B8B9F54F55	F9EAAAA6BC33CE60A2DA8E9FF0F3408CC21CC9EA	5DEB7C0DFBFFCA6439CADD009CD4F57AF7C3E8B6AD9B1467DB95A1B0DC262B0C
Chrome Cache Entry: 126	gzip compressed data, from Unix, original size modulo 2^32 3485	FCE148BF9461D9F83F2F3FB84B8958C6	5D83D08D289D95D69B00C4E5B8A1CBFE974500D1	246BCCC730E44A6C288A208DA7CF1642FFAD5B71607F83BEADA65FC1FF4A82DC
Chrome Cache Entry: 127	gzip compressed data, from Unix, original size modulo 2^32 449968	6B8D51FA4275926A633811BAD3FC2DDF	2D4D03FE8BC5DE109BD42586E9C06272EDF466CE	45C4529FF9835C6F7AC9E346D7FDD59FDF0B8A79CABC284FC076182A3B33993D
Chrome Cache Entry: 128	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 129	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 130	HTML document, ASCII text, with very long lines (3315)	575DDCA0348EC01C4FC9C0DFE91AAD33	542DA9E00D01EDAE2E7CF0EF0CFBCC620F64141F	5B9F355B684BB4724791DF0D5266FABB56261DE190D4F469921D2B90B74AEEFB
Chrome Cache Entry: 131	gzip compressed data, original size modulo 2^32 1592	ECC8894D3791BEDDB4E0226F8DAB065A	6510EB51E76A49746C526E432455549B50DE5AF1	64C8C0A9EFBC27AD86EAEC90465B75C52AE8CD68F7E76FC9431DC6AE66072AC3
Chrome Cache Entry: 132	PNG image data, 47 x 34, 8-bit/color RGB, non-interlaced	4A40AA04470C68AF30B5E2414C04C321	3F72FAF0F8552823C93D2D728A5C0ACBD6F7F1F6	6B86B887496A050F70FB2B192F49C046DA6B46E0B4425F94EF0FC31072BCAB2C
Chrome Cache Entry: 133	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
Chrome Cache Entry: 134	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 135	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 136	gzip compressed data, from Unix, original size modulo 2^32 57510	1BB2645B377E0429225D33E4E2CC6E3F	A40797795C77CDFF574080B506BAB17DB38494B5	B3B869875C7655F97500FBA0BCE74BCE7CC1DEE31D7CE5B93EA5D6457E07F08E
Chrome Cache Entry: 137	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 138	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
Chrome Cache Entry: 139	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 140	gzip compressed data, from Unix, original size modulo 2^32 113797	F57E211371B9E55D328785ACDF203545	1365B2DF20A7BBB257E4EBFAEEE193881F3464CF	4CC73A4063D5916443DABCF7DB8872CD54BD2F75F7314540525F9479C01D4B1D
Chrome Cache Entry: 141	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 142	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 143	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 144	ASCII text, with very long lines (47691)	B0B3774E70E752266B4CF190E6D95053	03823D33D8C374DD69B66F1D75A5FC93D29967E1	A9F0787E39291D7BCB873D0D514F1D2C8DB0256FD741C2ABC4D46A809254E141
Chrome Cache Entry: 145	gzip compressed data, original size modulo 2^32 1592	ECC8894D3791BEDDB4E0226F8DAB065A	6510EB51E76A49746C526E432455549B50DE5AF1	64C8C0A9EFBC27AD86EAEC90465B75C52AE8CD68F7E76FC9431DC6AE66072AC3
Chrome Cache Entry: 146	ASCII text, with very long lines (1572)	6EBEE786687BCAA64FCB714C20E25FE2	13F0C3BBEAEDA59EBD1D10269437037043C3A9B3	43FC587D4C7860E824A47A42FC2B758455429AAF36B6EEB270D7CFB6A8975C56
Chrome Cache Entry: 147	ASCII text, with very long lines (47691)	B0B3774E70E752266B4CF190E6D95053	03823D33D8C374DD69B66F1D75A5FC93D29967E1	A9F0787E39291D7BCB873D0D514F1D2C8DB0256FD741C2ABC4D46A809254E141
Chrome Cache Entry: 148	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84

AV Detection

Antivirus / Scanner detection for submitted sample

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://ameninternazionale.org/.well-know/cd/re/#hdjrmfheyskfyrdGVzdEBnbWFpbC5jb20=

Yara detected HtmlPhish54

Source: Yara match	File source: 0.19.id.script.csv, type: HTML
Source: Yara match	File source: 0.25.id.script.csv, type: HTML
Source: Yara match	File source: 4.10.pages.csv, type: HTML
Source: Yara match	File source: 4.11.pages.csv, type: HTML
Source: Yara match	File source: 3.9.pages.csv, type: HTML
Source: Yara match	File source: 4.13.pages.csv, type: HTML

AI detected landing page (webpage, office document or email)

Source: https://ameninternazionale.org/.well-know/cd/re/#hdjrmfheyskfyrdGVzdEBnbWFpbC5jb20=	Joe Sandbox AI: Page contains button: 'Submit' Source: '2.2.pages.csv'
Source: https://ameninternazionale.org/.well-know/cd/re/#hdjrmfheyskfyrdGVzdEBnbWFpbC5jb20=	Joe Sandbox AI: Page contains button: 'Submit' Source: '2.4.pages.csv'
Source: https://ameninternazionale.org/.well-know/cd/re/#hdjrmfheyskfyrdGVzdEBnbWFpbC5jb20=	Joe Sandbox AI: Page contains button: 'Submit' Source: '2.3.pages.csv'

AI detected suspicious Javascript

Source: 0.23.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://offcap.myconm.com/?qe=3RVg... High risk due to multiple suspicious indicators: heavily obfuscated code (+3), array of encoded strings (+3), potential for dynamic code execution through array manipulation (+2). The code appears to be part of a malicious script that's intentionally obscured to avoid detection.
Source: 0.12.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://offcap.myconm.com/?qe=3RVg... Script shows multiple high-risk indicators: heavy obfuscation (encoded strings, unusual variable names), suspicious DOM manipulation patterns (multiple selectors for ad/tracking elements), and potential fingerprinting behavior (checking for browser features and user agent). Contains references to tracking, advertising, and potentially sensitive browser APIs.
Source: 0.19.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://offcap.myconm.com/?qe=3RVg... High risk due to multiple suspicious indicators: 1) Uses suspicious non-standard domains (myconm.com) masquerading as Microsoft domains 2) Contains obfuscated URLs and tokens 3) Appears to be a phishing attempt mimicking Microsoft login infrastructure 4) Contains data collection endpoints for potential credential harvesting
Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://sphexams.com/.well-know/?0s57db=MTMmMTMmMT... High-risk script that uses multiple layers of obfuscation (base64, URL encoding, character manipulation, string reversal) to decode and execute potentially malicious content. It can either redirect to a decoded URL or inject arbitrary HTML via document.write(). The use of multiple encoding layers is a common malware technique to evade detection.
Source: 0.2.i.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://ameninternazionale.org/.well-know/cd/re/#h... High-risk script showing multiple suspicious behaviors: 1) Uses obfuscated function names (_0x5a2b, _0x6b4d, etc.), 2) Implements base64 encoding/decoding potentially to hide malicious payloads, 3) Extracts and processes URL hash parameters which could contain encoded malicious content, 4) Uses deceptive UI messages suggesting document opening but redirects to potential phishing endpoint, 5) Implements delayed redirects through rdrct.php which could be used for phishing or malware distribution. The presence of CAPTCHA validation appears to legitimize malicious activity.

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 2.4

OCR Text: Verifying... CLOUDFLARE Ten-ns CAPTCHA is mandatory. Submit Microsoft

Detected hidden input values containing email addresses (often used in phishing pages)

HTTP Parser: bob@outlook.com

HTML body contains low number of good links

Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden javascript code

Source: https://offcap.myconm.com/?qe=3RVg

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

HTML title does not match URL

Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://l1ve.myconm.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com	HTTP Parser: Title: Sign in to your Microsoft account does not match URL

URL contains potential PII (phishing indication)

Sample URL: PII: jlim@vvblawyers.com&l

Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: Iframe src: https://aa45faf7-0e591a27.myconm.com/Prefetch/Prefetch.aspx
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: Iframe src: https://aa45faf7-0e591a27.myconm.com/Prefetch/Prefetch.aspx
Source: https://l1ve.myconm.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com	HTTP Parser: Iframe src: https://b4cef784-0e591a27.myconm.com?session_id=970e892d5314442cb6158e07d409df4c&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI

Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: <input type="password" .../> found
Source: https://l1ve.myconm.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com	HTTP Parser: <input type="password" .../> found

Source: https://sphexams.com/.well-know/?0s57db=MTMmMTMmMTMmMTMmQjEmRjQmb2JxdEczJkQ0Jk11bHdyVGhHeUtZLi45SjNYNlJyamY6ckY0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmRjQmbW51aUczJkQ0JkIxJkY0JnplcGNHMyZENCZCMSZGNCZ6ZXBjRDQmQjEmRjQmZWJmaUczJkQ0JkIxJkY0JmZtenV0RzMmRDQmMTMmMTMmMTMmMTMmQjEmRTgmMTMmMTMmMTMmMTMmMTMmMTMmMTMmMTMmQjEmQzQmb2ZlZWppMTMmQjQmenVqbWpjanRqdzEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJkIxJkM0JmZ1aml4MTMmQjQmc3BtcGQxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZDOCYxMyZ1eWZ1Lm9mZWVqaS8xMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZGNCZmbXp1dEQ0JjEzJjEzJjEzJjEzJkIxJkY0JmZtdWp1RzMmRDQmZm5wSUY0JmZtdWp1RDQmMTMmMTMmMTMmMTMmQjEmRzMmKzEzJmZzMTMmZWViMTMmRTQmRTQmRTQmRTQmRTQmRTQmRDQmMTMmK0czJjEzJjEzJkY0JjMzJkU0JjEzY2s2RGNxR1hjb0NGZXtXSGVzemdsdHpmaWduc2tlaTQzJkczJmZzRzMmZWRHMyZ4cG9sLm1tZngvRzMmaHNwL2ZtYm9wantib3NmdW9qb2ZuYkczJkczJkI0JnRxdXVpRTQmbXN2QzQmMzMzJkU0JnVvZnVvcGQxMyYzMyZpdGZzZ2ZzMzMmRTQmd2p2cmYucXV1aTEzJmJ1Zm5ENCYxMyYxMyYxMyYxMyZCMSZGNCYzMyY5LkdVVjMzJkU0JnVmdHNiaWQxMyZidWZuRDQmMTMmMTMmMTMmMTMmQjEmRjQm...	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No favicon
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No favicon

Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://l1ve.myconm.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com	HTTP Parser: No <meta name="author".. found

Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://offcap.myconm.com/?qe=3RVg&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://l1ve.myconm.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com	HTTP Parser: No <meta name="copyright".. found

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 164.92.188.247:443 -> 192.168.2.17:49763

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.6
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.6
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /UmailTracking/t.aspx?p=64620006&c=MTI2NjMxOA==&up=46435316&e=jlim@vvblawyers.com&l=MTczODQ=&i=1126&u=aHR0cHM6Ly9zcGhleGFtcy5jb20vLndlbGwta25vdy8/MHM1N2RiPU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbWIySnhkRWN6SmtRMEprMTFiSGR5VkdoSGVVdFpMaTQ1U2pOWU5sSnlhbVk2Y2tZMEpqTXpKblY1Wm5VdWIyWmxaV3BwTXpNbVJUUW1kSFJpYldReE15WnZZbkYwUkRRbVFqRW1SalFtYlc1MWFVY3pKa1EwSmtJeEprWTBKbnBsY0dOSE15WkVOQ1pDTVNaR05DWjZaWEJqUkRRbVFqRW1SalFtWldKbWFVY3pKa1EwSmtJeEprWTBKbVp0ZW5WMFJ6TW1SRFFtTVRNbU1UTW1NVE1tTVRNbVFqRW1SVGdtTVRNbU1UTW1NVE1tTVRNbU1UTW1NVE1tTVRNbU1UTW1RakVtUXpRbWIyWmxaV3BwTVRNbVFqUW1lblZxYldwamFuUnFkekV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKa0l4SmtNMEptWjFhbWw0TVRNbVFqUW1jM0J0Y0dReE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkRPQ1l4TXlaMWVXWjFMbTltWldWcWFTOHhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1ptYlhwMWRFUTBKakV6SmpFekpqRXpKakV6SmtJeEprWTBKbVp0ZFdwMVJ6TW1SRFFtWm01d1NVWTBKbVp0ZFdwMVJEUW1NVE1tTVRNbU1UTW1NVE1tUWpFbVJ6TW1LekV6Sm1aek1UTW1aV1ZpTVRNbVJUUW1SVFFtUlRRbVJUUW1SVFFtUlRRbVJEUW1NVE1tSzBjekpqRXpKakV6SmtZMEpqTXpKa1UwSmpFelkyczJSR054UjFoamIwTkdaWHRYU0dWemVtZHNkSHBtYVdkdWMydGxhVFF6SmtjekptWnpSek1tWldSSE15WjRjRzlzTG0xdFpuZ3ZSek1tYUhOd0wyWnRZbTl3YW50aWIzTm1kVzlxYjJadVlrY3pKa2N6SmtJMEpuUnhkWFZwUlRRbWJYTjJRelFtTXpNekprVTBKblZ2Wm5WdmNHUXhNeVl6TXlacGRHWnpaMlp6TXpNbVJUUW1kMnAyY21ZdWNYVjFhVEV6Sm1KMVptNUVOQ1l4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1l6TXlZNUxrZFZWak16SmtVMEpuVm1kSE5pYVdReE15WmlkV1p1UkRRbU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbVpXSm1hVVEwSmtJeEprWTBKbTF1ZFdsRU5DWkNNU1pHTkNadlluRjBSek1tUkRRbVpHczNhRnBXUkRRbWRIczFUVVUwSmt4WWJYZ3hUMUZuWkZoUVdYTjdOWGRIT1h0UlJUWW1RMDlHTkNZek15WjFlV1oxTG05bVpXVnFhVE16SmtVMEpuUjBZbTFrTVRNbWIySnhkRVEwSmtJeEpnPT0= HTTP/1.1Host: webservice.ucampaign.unear.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /.well-know/?0s57db=MTMmMTMmMTMmMTMmQjEmRjQmb2JxdEczJkQ0Jk11bHdyVGhHeUtZLi45SjNYNlJyamY6ckY0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmRjQmbW51aUczJkQ0JkIxJkY0JnplcGNHMyZENCZCMSZGNCZ6ZXBjRDQmQjEmRjQmZWJmaUczJkQ0JkIxJkY0JmZtenV0RzMmRDQmMTMmMTMmMTMmMTMmQjEmRTgmMTMmMTMmMTMmMTMmMTMmMTMmMTMmMTMmQjEmQzQmb2ZlZWppMTMmQjQmenVqbWpjanRqdzEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJkIxJkM0JmZ1aml4MTMmQjQmc3BtcGQxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZDOCYxMyZ1eWZ1Lm9mZWVqaS8xMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZGNCZmbXp1dEQ0JjEzJjEzJjEzJjEzJkIxJkY0JmZtdWp1RzMmRDQmZm5wSUY0JmZtdWp1RDQmMTMmMTMmMTMmMTMmQjEmRzMmKzEzJmZzMTMmZWViMTMmRTQmRTQmRTQmRTQmRTQmRTQmRDQmMTMmK0czJjEzJjEzJkY0JjMzJkU0JjEzY2s2RGNxR1hjb0NGZXtXSGVzemdsdHpmaWduc2tlaTQzJkczJmZzRzMmZWRHMyZ4cG9sLm1tZngvRzMmaHNwL2ZtYm9wantib3NmdW9qb2ZuYkczJkczJkI0JnRxdXVpRTQmbXN2QzQmMzMzJkU0JnVvZnVvcGQxMyYzMyZpdGZzZ2ZzMzMmRTQmd2p2cmYucXV1aTEzJmJ1Zm5ENCYxMyYxMyYxMyYxMyZCMSZGNCYzMyY5LkdVVjMzJkU0JnVmdHNiaWQxMyZidWZuRDQmMTMmMTMmMTMmMTMmQjEmRjQmZWJmaUQ0JkIxJkY0Jm1udWlENCZCMSZGNCZvYnF0RzMmRDQmZGs3aFpWRDQmdHs1TUU0JkxYbXgxT1FnZFhQWXN7NXdHOXtRRTYmQ09GNCYzMyZ1eWZ1Lm9mZWVqaTMzJkU0JnR0Ym1kMTMmb2JxdEQ0JkIxJg== HTTP/1.1Host: sphexams.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sphexams.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sphexams.com/.well-know/?0s57db=MTMmMTMmMTMmMTMmQjEmRjQmb2JxdEczJkQ0Jk11bHdyVGhHeUtZLi45SjNYNlJyamY6ckY0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmRjQmbW51aUczJkQ0JkIxJkY0JnplcGNHMyZENCZCMSZGNCZ6ZXBjRDQmQjEmRjQmZWJmaUczJkQ0JkIxJkY0JmZtenV0RzMmRDQmMTMmMTMmMTMmMTMmQjEmRTgmMTMmMTMmMTMmMTMmMTMmMTMmMTMmMTMmQjEmQzQmb2ZlZWppMTMmQjQmenVqbWpjanRqdzEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJkIxJkM0JmZ1aml4MTMmQjQmc3BtcGQxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZDOCYxMyZ1eWZ1Lm9mZWVqaS8xMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZGNCZmbXp1dEQ0JjEzJjEzJjEzJjEzJkIxJkY0JmZtdWp1RzMmRDQmZm5wSUY0JmZtdWp1RDQmMTMmMTMmMTMmMTMmQjEmRzMmKzEzJmZzMTMmZWViMTMmRTQmRTQmRTQmRTQmRTQmRTQmRDQmMTMmK0czJjEzJjEzJkY0JjMzJkU0JjEzY2s2RGNxR1hjb0NGZXtXSGVzemdsdHpmaWduc2tlaTQzJkczJmZzRzMmZWRHMyZ4cG9sLm1tZngvRzMmaHNwL2ZtYm9wantib3NmdW9qb2ZuYkczJkczJkI0JnRxdXVpRTQmbXN2QzQmMzMzJkU0JnVvZnVvcGQxMyYzMyZpdGZzZ2ZzMzMmRTQmd2p2cmYucXV1aTEzJmJ1Zm5ENCYxMyYxMyYxMyYxMyZCMSZGNCYzMyY5LkdVVjMzJkU0JnVmdHNiaWQxMyZidWZuRDQmMTMmMTMmMTMmMTMmQjEmRjQmZWJmaUQ0JkIxJkY0Jm1udWlENCZCMSZGNCZvYnF0RzMmRDQmZGs3aFpWRDQmdHs1TUU0JkxYbXgxT1FnZFhQWXN7NXdHOXtRRTYmQ09GNCYzMyZ1eWZ1Lm9mZWVqaTMzJkU0JnR0Ym1kMTMmb2JxdEQ0JkIxJg==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /.well-know/cd/re/ HTTP/1.1Host: ameninternazionale.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sphexams.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sphexams.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ameninternazionale.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ameninternazionale.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?compat=recaptcha HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ameninternazionale.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f9063374b04d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ameninternazionale.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f9063374b04d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ameninternazionale.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6c96199b00fa1&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6c96199b00fa1&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1217350448:1733764300:zvHUnKjOCxwAgch-M913R2tM8mD1gJ3EVo_4ePpgicY/8ef6c96199b00fa1/2axRlM8K45EWtO8TzXqLTkRi3Arai34899td5._XtdE-1733766093-1.1.1.1-OdzvnEQ8SyL0GCsJS1G2sdj0PQ3PjMMmAQr2GdyUfGyLh3H5W0rTPAiNuAP_i4g0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8ef6c96199b00fa1/1733766097531/3c1556456805cec06261fea5cd49ae21a31f255a700692ea9b772b9bb1cf13d6/hRGKLkag-0o1Umn HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://ameninternazionale.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6c997a86442ad&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6c997a86442ad&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/457009411:1733764360:aRg59TFp1OaI8N3nms2oLtLRWIfPtC0oPIhQYUzdBuM/8ef6c997a86442ad/_cseFwbR5uxQq4PfUG_ziYTu0z6kkpOVCPujpnWiXkM-1733766101-1.1.1.1-vL1CA2AtL3EdsjEAXym3NkSt74DVDhri37ZdlfJcVcPPMA5Sq8JnJVPGfRKVgKuE HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8ef6c997a86442ad/1733766106030/5ym9Qb7hUPt95Jw HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8ef6c997a86442ad/1733766106030/5ym9Qb7hUPt95Jw HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8ef6c997a86442ad/1733766106033/cd511318b73ec19c11cc90f41c187ab72a36e207c9465082a957b4b829a9bcb8/6vTyGsiZscPh32f HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/5zffs/0x4AAAAAAAz81HM6AHANCtc4/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/457009411:1733764360:aRg59TFp1OaI8N3nms2oLtLRWIfPtC0oPIhQYUzdBuM/8ef6c997a86442ad/_cseFwbR5uxQq4PfUG_ziYTu0z6kkpOVCPujpnWiXkM-1733766101-1.1.1.1-vL1CA2AtL3EdsjEAXym3NkSt74DVDhri37ZdlfJcVcPPMA5Sq8JnJVPGfRKVgKuE HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/457009411:1733764360:aRg59TFp1OaI8N3nms2oLtLRWIfPtC0oPIhQYUzdBuM/8ef6c997a86442ad/_cseFwbR5uxQq4PfUG_ziYTu0z6kkpOVCPujpnWiXkM-1733766101-1.1.1.1-vL1CA2AtL3EdsjEAXym3NkSt74DVDhri37ZdlfJcVcPPMA5Sq8JnJVPGfRKVgKuE HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /.well-know/cd/re/sts.php HTTP/1.1Host: ameninternazionale.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ameninternazionale.org/.well-know/cd/re/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /.well-know/cd/re/rdrct.php?code=hdjrmfheyskfyrdGVzdEBnbWFpbC5jb20%3D HTTP/1.1Host: ameninternazionale.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://ameninternazionale.org/.well-know/cd/re/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=2751027388f5ab72f265578dd5215654
Source: global traffic	HTTP traffic detected: GET /.well-know/cd/re/sts.php HTTP/1.1Host: ameninternazionale.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=2751027388f5ab72f265578dd5215654
Source: global traffic	HTTP traffic detected: GET /?qe=3RVg HTTP/1.1Host: offcap.myconm.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://ameninternazionale.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png HTTP/1.1Host: findicons.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f9063374b04d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xb30u/0x4AAAAAAAz81HM6AHANCtc4/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons HTTP/1.1Host: images.freeimages.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6ca8f8eb542b2&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xb30u/0x4AAAAAAAz81HM6AHANCtc4/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xb30u/0x4AAAAAAAz81HM6AHANCtc4/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons HTTP/1.1Host: images.freeimages.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ef6ca8f8eb542b2&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: offcap.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/?qe=3RVgAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/229150693:1733764372:1Vm_HqExEuCYrHrKbLx421CcUDMOvlx4T7bCqGuy2i4/8ef6ca8f8eb542b2/r3GJ4_A152EC8qp39ln_Z9EC_KemNmwazh6UB0lpyxE-1733766141-1.1.1.1-nQxGVFeYLVUC.NVgYp4gG1F7O_IhbWZmZV82zspKiHyXomE6Mct38w1.jXhk_pFw HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8ef6ca8f8eb542b2/1733766145524/089324410dbdf74386b787908899f8f848ed1d8d89bb6b3e56936f9ce32c8be9/UDLw0pNuMHcnTL9 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xb30u/0x4AAAAAAAz81HM6AHANCtc4/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8ef6ca8f8eb542b2/1733766145528/q8Z6Lw0ZA8dnFtz HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xb30u/0x4AAAAAAAz81HM6AHANCtc4/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8ef6ca8f8eb542b2/1733766145528/q8Z6Lw0ZA8dnFtz HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/229150693:1733764372:1Vm_HqExEuCYrHrKbLx421CcUDMOvlx4T7bCqGuy2i4/8ef6ca8f8eb542b2/r3GJ4_A152EC8qp39ln_Z9EC_KemNmwazh6UB0lpyxE-1733766141-1.1.1.1-nQxGVFeYLVUC.NVgYp4gG1F7O_IhbWZmZV82zspKiHyXomE6Mct38w1.jXhk_pFw HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/229150693:1733764372:1Vm_HqExEuCYrHrKbLx421CcUDMOvlx4T7bCqGuy2i4/8ef6ca8f8eb542b2/r3GJ4_A152EC8qp39ln_Z9EC_KemNmwazh6UB0lpyxE-1733766141-1.1.1.1-nQxGVFeYLVUC.NVgYp4gG1F7O_IhbWZmZV82zspKiHyXomE6Mct38w1.jXhk_pFw HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?qe=3RVg HTTP/1.1Host: offcap.myconm.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://offcap.myconm.com/?qe=3RVgAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: 6d700e25-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://offcap.myconm.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0e591a278ea443c18aa44fdb64cfa07a/ HTTP/1.1Host: offcap.myconm.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://offcap.myconm.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="Sec-WebSocket-Key: VX/caWE8nSqL+x0r11Ne9A==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?qe=3RVg&sso_reload=true HTTP/1.1Host: offcap.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://offcap.myconm.com/?qe=3RVgAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: 6d700e25-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://offcap.myconm.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_i5YupurhQAo9inu_OetqHw2.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://offcap.myconm.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://offcap.myconm.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_i5YupurhQAo9inu_OetqHw2.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /0e591a278ea443c18aa44fdb64cfa07a/ HTTP/1.1Host: offcap.myconm.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://offcap.myconm.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: SNdymVN/YoAfMqPrBKkluw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: aa45faf7-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /0e591a278ea443c18aa44fdb64cfa07a/ HTTP/1.1Host: offcap.myconm.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://offcap.myconm.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=f838640a-cf8a-4a39-8bf0-a2fc6bb74112; brcap=0Sec-WebSocket-Key: rABVgOFLHsWXz+frWttiBw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /0e591a278ea443c18aa44fdb64cfa07a/ HTTP/1.1Host: offcap.myconm.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://offcap.myconm.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=f838640a-cf8a-4a39-8bf0-a2fc6bb74112; brcap=0Sec-WebSocket-Key: BrcrT96RocZzlZRG7wT6Bw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2foffcap.myconm.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR0O_mmiwTruGwT7WO_wnnfZxYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbbuUfB67en-xXtHTcrSa9e1GU6x6hc6FfiHZ0WkGWqb-ZpkmZmaeGaWFnsUZkREuGsbGJmVpzim-Pl6mpsmmuTbGloZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzgu9Nxe3Ff_7F3Hq_4dcLzAnJcozwMPQuSzd1NLHycip0zkw3Logpd3ar8k5Nz3EuSc119vKtysn1tNwgwPBBgAAA1&estsfed=1&uaid=970e892d5314442cb6158e07d409df4c&fci=https%3a%2f%2f6468e4d8-0e591a27.myconm.com&username=bob%40outlook.com&login_hint=bob%40outlook.com HTTP/1.1Host: l1ve.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://offcap.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: offcap.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=f838640a-cf8a-4a39-8bf0-a2fc6bb74112; brcap=0; ESTSWCTXFLOWTOKEN=AQABIQEAAADW6jl31mB3T7ugrWTT8pFe2j3RdnNuE0GFdTQS7Ut67vMN1C1Guyb7dFdurOJ0jfOvTtrUGz0f7WyrXMilqve5aDst3BqHOq51zsPBDnzlxT6epiyYDsiwTAIbHvdxDoudG2ntcDeHu2TObVS0Ec8C1dTR-5mKNfuwUCgmWRXX8cpJuVe5nJR0DZxBStdKKnL4lFMoCa4w-96R7bLkD5khmqgpX592icGzBIjVWSIRkKos6W4bgJkPacRVy7okWhnMwjtADiqxqkoufFGuY5fkMLBCFTbAyawTAvTtdaEUz4U4PIbRchFdHWHC_FvSGRgjRRSsAeec8I1J6JWsHVmEBQ7uAC2G6zGAKDq4xV_gj95Svk-0p2RvzGYvlsewqiWgwK_XE9eJteiRJ3ho8DxolmjSruvCEJcJyvAYGZFxF42KiWGPvgAS9cpQanjbsy8PRfNPxnve1HeRNl1eeqhL9h63bsqTbmhNiix5cSTNctF1fR4N9laeFy6r9tVjCG2Mv__gLJp-F2w8f03j8Q6FIAA
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: cd092d4c-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="
Source: global traffic	HTTP traffic detected: GET /shared/5/js/login_en_GZu1H3AHaJ0ROCr2BSwwfw2.js HTTP/1.1Host: 32eb4ebc-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l1ve.myconm.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://l1ve.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0e591a278ea443c18aa44fdb64cfa07a/ HTTP/1.1Host: l1ve.myconm.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://l1ve.myconm.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="Sec-WebSocket-Key: cLnuZn7d9cyJr69dqTrFxA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /0e591a278ea443c18aa44fdb64cfa07a/ HTTP/1.1Host: l1ve.myconm.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://l1ve.myconm.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; MC1="GUID=79c56b7970324e2f992d785b446d07d7&HASH=79c5&LV=202412&V=4&LU=1733766196293"; MS0=0948991d4b3d449c8f22fe345e27b6c0Sec-WebSocket-Key: X7AqElgbTITcXGIhT2CN3g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_077217740c853b5d4fe8.js HTTP/1.1Host: 32eb4ebc-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l1ve.myconm.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://l1ve.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: 32eb4ebc-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l1ve.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; MC1="GUID=79c56b7970324e2f992d785b446d07d7&HASH=79c5&LV=202412&V=4&LU=1733766196293"; MS0=0948991d4b3d449c8f22fe345e27b6c0
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: 32eb4ebc-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l1ve.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; MC1="GUID=79c56b7970324e2f992d785b446d07d7&HASH=79c5&LV=202412&V=4&LU=1733766196293"; MS0=0948991d4b3d449c8f22fe345e27b6c0
Source: global traffic	HTTP traffic detected: GET /shared/5/js/login_en_GZu1H3AHaJ0ROCr2BSwwfw2.js HTTP/1.1Host: 32eb4ebc-0e591a27.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; MC1="GUID=79c56b7970324e2f992d785b446d07d7&HASH=79c5&LV=202412&V=4&LU=1733766196293"; MS0=0948991d4b3d449c8f22fe345e27b6c0
Source: global traffic	HTTP traffic detected: GET /?session_id=970e892d5314442cb6158e07d409df4c&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI HTTP/1.1Host: b4cef784-0e591a27.myconm.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://l1ve.myconm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; MC1="GUID=79c56b7970324e2f992d785b446d07d7&HASH=79c5&LV=202412&V=4&LU=1733766196293"; MS0=0948991d4b3d449c8f22fe345e27b6c0
Source: global traffic	HTTP traffic detected: GET /GetExperimentAssignments.srf HTTP/1.1Host: l1ve.myconm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: EAK7TQ="MGU1OTFhMjctOGVhNC00M2MxLThhYTQtNGZkYjY0Y2ZhMDdhOmY3M2Y4ODg1LThlYWItNDIzYi04MWYxLTM4NTgyNmU3MzYzOA=="; MC1="GUID=79c56b7970324e2f992d785b446d07d7&HASH=79c5&LV=202412&V=4&LU=1733766196293"; MS0=0948991d4b3d449c8f22fe345e27b6c0

Source: global traffic	DNS traffic detected: DNS query: webservice.ucampaign.unear.net
Source: global traffic	DNS traffic detected: DNS query: sphexams.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ameninternazionale.org
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: offcap.myconm.com
Source: global traffic	DNS traffic detected: DNS query: findicons.com
Source: global traffic	DNS traffic detected: DNS query: images.freeimages.com
Source: global traffic	DNS traffic detected: DNS query: 6d700e25-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: cd092d4c-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: l1ve.myconm.com
Source: global traffic	DNS traffic detected: DNS query: aa45faf7-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: f3b9289a-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: af608318-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: c6b0c7df-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: 32eb4ebc-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: 6ef77b17-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: 0fa96f3e-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: 26e0e80c-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: 4e1fa428-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: 3c5f129b-0e591a27.myconm.com
Source: global traffic	DNS traffic detected: DNS query: b4cef784-0e591a27.myconm.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:41:40 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: q52SjiN/apDTh9NiaiTkKCEAH/3hK0eps3g=$PxnkGarYsxRaiIJtServer: cloudflareCF-RAY: 8ef6c98cffa04322-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:41:48 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: 9mmX5XJ7LuQCtnE4WJ5HiXqAJtRgMZ4dJGE=$jU5EVDKgsKj8+8fIServer: cloudflareCF-RAY: 8ef6c9c18b750f39-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:41:54 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: pf9LmYck1j3M9tygGwrJ9SClFK/JCNOWx5M=$vTJuWXuzNr0ptnp4Server: cloudflareCF-RAY: 8ef6c9e91b5f42dd-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:42:04 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: X4qRR9OG5uoJr/WFc75yjoTclHeLU8wlS+0=$yFsrgfrfKSEBbYifServer: cloudflareCF-RAY: 8ef6ca236bfe4304-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:42:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encoding
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:42:28 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 6v8ZNP4uIacTkATw8cDdoaJYrGqH6YP5Dlo=$h7MkiZj/z39x4JM9cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8ef6caba0f0bf791-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:42:34 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: dB33gsAJyDb3nd1EWfA3Kd7KPF0YDTdYjcg=$lYmOfnEV6DOan0mNServer: cloudflareCF-RAY: 8ef6cae2e84a728a-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 17:42:38 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: nPUT5jfpLO2FT4bAsHVvNCV6C7IMvZPjIho=$fycq7bW7qNSWDNTlcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8ef6cafc6e36423a-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:42:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 0441a297-3ebe-496c-a692-1f747e950901x-ms-ests-server: 2.1.19492.3 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://d31a483e-0e591a27.myconm.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:42:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 392a303a-a797-40f2-8e9c-b7bfbe312300x-ms-ests-server: 2.1.19568.3 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://d31a483e-0e591a27.myconm.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:42:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: 2086b97e-21fb-4359-ad84-15ff54ea7044x-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 80F7F6DDF0E542C0AD2281AB24283C00 Ref B: AMS231032610049 Ref C: 2024-12-09T17:42:56Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:42:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: b38e5df4-d3c8-49e0-a7d0-cb5510794201x-ms-ests-server: 2.1.19492.3 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://d31a483e-0e591a27.myconm.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:43:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 7ef7cbe9-9e70-4fdb-97b1-8e7f006c6101x-ms-ests-server: 2.1.19492.3 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://d31a483e-0e591a27.myconm.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:43:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingppserver: PPV: 30 H: BL02EPF0001DA3A V: 0access-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 09 Dec 2024 17:43:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingppserver: PPV: 30 H: SN1PEPF0002FA29 V: 0access-control-allow-origin: access-control-allow-headers:

Source: chromecache_130.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: chromecache_130.1.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?compat=recaptcha
Source: chromecache_130.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_130.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_146.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufA5qW54A.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufB5qW54A.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufC5qW54A.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufD5qW54A.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufJ5qW54A.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2)
Source: chromecache_121.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufO5qW54A.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: classification engine

Classification label: mal84.phis.win@25/85@78/16

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=2008,i,16803173520090594236,16514680076727720754,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://webservice.ucampaign.unear.net/UmailTracking/t.aspx?p=64620006&c=MTI2NjMxOA==&up=46435316&e=jlim@vvblawyers.com&l=MTczODQ=&i=1126&u=aHR0cHM6Ly9zcGhleGFtcy5jb20vLndlbGwta25vdy8/MHM1N2RiPU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbWIySnhkRWN6SmtRMEprMTFiSGR5VkdoSGVVdFpMaTQ1U2pOWU5sSnlhbVk2Y2tZMEpqTXpKblY1Wm5VdWIyWmxaV3BwTXpNbVJUUW1kSFJpYldReE15WnZZbkYwUkRRbVFqRW1SalFtYlc1MWFVY3pKa1EwSmtJeEprWTBKbnBsY0dOSE15WkVOQ1pDTVNaR05DWjZaWEJqUkRRbVFqRW1SalFtWldKbWFVY3pKa1EwSmtJeEprWTBKbVp0ZW5WMFJ6TW1SRFFtTVRNbU1UTW1NVE1tTVRNbVFqRW1SVGdtTVRNbU1UTW1NVE1tTVRNbU1UTW1NVE1tTVRNbU1UTW1RakVtUXpRbWIyWmxaV3BwTVRNbVFqUW1lblZxYldwamFuUnFkekV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKa0l4SmtNMEptWjFhbWw0TVRNbVFqUW1jM0J0Y0dReE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkRPQ1l4TXlaMWVXWjFMbTltWldWcWFTOHhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1ptYlhwMWRFUTBKakV6SmpFekpqRXpKakV6SmtJeEprWTBKbVp0ZFdwMVJ6TW1SRFFtWm01d1NVWTBKbVp0ZFdwMVJEUW1NVE1tTVRNbU1UTW1NVE1tUWpFbVJ6TW1LekV6Sm1aek1UTW1aV1ZpTVRNbVJUUW1SVFFtUlRRbVJUUW1SVFFtUlRRbVJEUW1NVE1tSzBjekpqRXpKakV6SmtZMEpqTXpKa1UwSmpFelkyczJSR054UjFoamIwTkdaWHRYU0dWemVtZHNkSHBtYVdkdWMydGxhVFF6SmtjekptWnpSek1tWldSSE15WjRjRzlzTG0xdFpuZ3ZSek1tYUhOd0wyWnRZbTl3YW50aWIzTm1kVzlxYjJadVlrY3pKa2N6SmtJMEpuUnhkWFZwUlRRbWJYTjJRelFtTXpNekprVTBKblZ2Wm5WdmNHUXhNeVl6TXlacGRHWnpaMlp6TXpNbVJUUW1kMnAyY21ZdWNYVjFhVEV6Sm1KMVptNUVOQ1l4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1l6TXlZNUxrZFZWak16SmtVMEpuVm1kSE5pYVdReE15WmlkV1p1UkRRbU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbVpXSm1hVVEwSmtJeEprWTBKbTF1ZFdsRU5DWkNNU1pHTkNadlluRjBSek1tUkRRbVpHczNhRnBXUkRRbWRIczFUVVUwSmt4WWJYZ3hUMUZuWkZoUVdYTjdOWGRIT1h0UlJUWW1RMDlHTkNZek15WjFlV1oxTG05bVpXVnFhVE16SmtVMEpuUjBZbTFrTVRNbWIySnhkRVEwSmtJeEpnPT0="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=2008,i,16803173520090594236,16514680076727720754,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1571837
Product:	CloudBasic
Start time:	18:40:39
Start date:	09.12.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs