Windows Analysis Report
https://google.com.mx//url?ob=pglnk4shsljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ==

Overview

General Information

Sample URL:	https://google.com.mx//url?ob=pglnk4shsljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/Kcxz0m
Analysis ID:	1579098
Infos:

Detection

Fake Captcha, HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Suricata IDS alerts for network traffic

Yara detected Fake Captcha

Yara detected HtmlPhish54

AI detected suspicious Javascript

Detected hidden input values containing email addresses (often used in phishing pages)

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

AI detected phishing page

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL '0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au' does not match the legitimate domain for Microsoft., The URL contains repeated segments and uses '0' instead of 'o', which is a common phishing tactic to mimic legitimate words., The domain 'acmgs.com.au' is not associated with Microsoft, raising suspicion., The presence of a password input field on a non-legitimate domain increases the risk of phishing. DOM: 3.6.pages.csv
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL '0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au' does not match the legitimate domain for Microsoft., The URL contains repeated words and unusual patterns, which are common indicators of phishing., The domain 'acmgs.com.au' is not associated with Microsoft., The use of '0nlineactivations' with a zero instead of an 'o' is a common phishing tactic to mimic legitimate words., The presence of an input field for 'Enter password' suggests an attempt to capture sensitive information. DOM: 3.7.pages.csv
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL '0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au' does not match the legitimate domain for Microsoft., The URL contains repeated words and unusual patterns, which are common indicators of phishing., The use of '0nlineactivations' instead of 'onlineactivations' suggests intentional misspelling to deceive users., The domain extension '.com.au' is not typically associated with Microsoft's global operations., The presence of an input field for 'Enter password' on a suspicious domain increases the risk of phishing. DOM: 4.8.pages.csv

Yara detected Fake Captcha

Source: Yara match

File source: 2.1.pages.csv, type: HTML

Yara detected HtmlPhish54

Source: Yara match	File source: 1.10.id.script.csv, type: HTML
Source: Yara match	File source: 1.3.id.script.csv, type: HTML
Source: Yara match	File source: 1.22.id.script.csv, type: HTML
Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 4.8.pages.csv, type: HTML
Source: Yara match	File source: 3.3.pages.csv, type: HTML
Source: Yara match	File source: 3.5.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 1.0.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://0nlineactivations-0nlineactivations-0nline... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. While some of the behaviors may be related to legitimate functionality like analytics or error reporting, the overall level of risk is high due to the presence of multiple suspicious activities.

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true

HTTP Parser: cshannon@skorburgcompany.com

HTML body contains low number of good links

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 120px; height: 40px; overflow: hidden; position: relative;"]

HTML title does not match URL

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: Iframe src: https://8a95b52b-7fd541d7.acmgs.com.au/Prefetch/Prefetch.aspx
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: Iframe src: https://8a95b52b-7fd541d7.acmgs.com.au/Prefetch/Prefetch.aspx
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: Iframe src: https://8a95b52b-7fd541d7.acmgs.com.au/Prefetch/Prefetch.aspx
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	HTTP Parser: Iframe src: https://8a95b52b-7fd541d7.acmgs.com.au/Prefetch/Prefetch.aspx

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: <input type="password" .../> found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	HTTP Parser: <input type="password" .../> found

Source: http://braverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ==	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	HTTP Parser: No favicon

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	HTTP Parser: No <meta name="author".. found

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	HTTP Parser: No <meta name="copyright".. found

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 159.89.96.140:443 -> 192.168.2.5:49754
Source: Network traffic	Suricata IDS: 2832046 - Severity 1 - ETPRO PHISHING Successful Office 365 Phish 2018-08-01 : 192.168.2.5:49897 -> 159.89.96.140:443
Source: Network traffic	Suricata IDS: 2832180 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2018-08-15 : 192.168.2.5:49897 -> 159.89.96.140:443
Source: Network traffic	Suricata IDS: 2840426 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2020-01-14 : 192.168.2.5:49897 -> 159.89.96.140:443
Source: Network traffic	Suricata IDS: 2846045 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2020-12-15 : 192.168.2.5:49897 -> 159.89.96.140:443

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: www.google.com.mx to http://braverygray.com/.dd/kcxz0m1ane-suredann-y3noyw5ub25ac2tvcmj1cmdjb21wyw55lmnvbq==

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /url?ob=pglnk4shsljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ== HTTP/1.1Host: www.google.com.mxConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /amp/braverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ== HTTP/1.1Host: www.google.com.mxConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=520=P_X2Weg8C8F0yImoWzfwMaOI3miogMnS-uUYfalso-iE5x4o1rdfbrmDp3X-53E9D1UAGbssPaGzUceBmhdsPWQmDdVw2S7L2TZnobsVPJblbc7P5eSV0Rrt8QOAs09abptWztnEqLU4y7LZAaTvisttCVD6iH9UJVPrtqHce-qccUlmFPY8PinE8MNH1w3LwdTr
Source: global traffic	HTTP traffic detected: GET /emoji/48/check-mark-emoji.png HTTP/1.1Host: img.icons8.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://braverygray.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /emoji/48/check-mark-emoji.png HTTP/1.1Host: img.icons8.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?777=cshannon%40skorburgcompany.com HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://braverygray.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?777=cshannon%40skorburgcompany.com HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.ausec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="Sec-WebSocket-Key: GXWshBbU4REVjVLNpKosZA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?777=cshannon%40skorburgcompany.com&sso_reload=true HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.ausec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.ausec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.ausec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: 006gzWN6RNCrAPUxU2ihWQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 8a95b52b-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=c59dd98b-26dd-4aa5-a2fe-5fb02e3ad399; brcap=0Sec-WebSocket-Key: RM048COJ80ZZ/4rj/MVXrg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_b6632c4da67c72da7b92.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_b6632c4da67c72da7b92.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=c59dd98b-26dd-4aa5-a2fe-5fb02e3ad399; brcap=0Sec-WebSocket-Key: 1UujSNz5LxDK8vGBwAB5WA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=c59dd98b-26dd-4aa5-a2fe-5fb02e3ad399; brcap=0Sec-WebSocket-Key: JgHp4RtlYz948A0O8ervAA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=c59dd98b-26dd-4aa5-a2fe-5fb02e3ad399; brcap=0; ai_session=fz4pBGWtVS6N2nwCNSFfeJ\|1734722554420\|1734722554420Sec-WebSocket-Key: PKC7cRL11Hprr9bcMTTuKg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 8a95b52b-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=c59dd98b-26dd-4aa5-a2fe-5fb02e3ad399; brcap=0; ai_session=fz4pBGWtVS6N2nwCNSFfeJ\|1734722554420\|1734722554420; MC1="GUID=9bbc1ea7359f4ac795e451a9be3680a3&HASH=9bbc&LV=202412&V=4&LU=1734722557998"; MS0=d887729d07ae4c6e9990de2fe6dcd88dSec-WebSocket-Key: ESQisb2FhczKgZVsjYrPSA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ== HTTP/1.1Host: braverygray.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: braverygray.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://braverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ==Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: google.com.mx
Source: global traffic	DNS traffic detected: DNS query: www.google.com.mx
Source: global traffic	DNS traffic detected: DNS query: braverygray.com
Source: global traffic	DNS traffic detected: DNS query: img.icons8.com
Source: global traffic	DNS traffic detected: DNS query: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au
Source: global traffic	DNS traffic detected: DNS query: 0a9d60c7-7fd541d7.acmgs.com.au
Source: global traffic	DNS traffic detected: DNS query: 80b0d227-7fd541d7.acmgs.com.au
Source: global traffic	DNS traffic detected: DNS query: fd33ba4f-7fd541d7.acmgs.com.au
Source: global traffic	DNS traffic detected: DNS query: l1ve.acmgs.com.au
Source: global traffic	DNS traffic detected: DNS query: 8a95b52b-7fd541d7.acmgs.com.au
Source: global traffic	DNS traffic detected: DNS query: 3d381eb0-7fd541d7.acmgs.com.au

Source: unknown

HTTP traffic detected: POST /?777=cshannon%40skorburgcompany.com HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: keep-aliveContent-Length: 4243Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 4dc94a0d-8d7d-4ce9-82da-5907caf85200x-ms-ests-server: 2.1.19683.3 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: e24789ac-c66f-4d43-b3bc-f4eed7ddab00x-ms-ests-server: 2.1.19683.3 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 368d39ec-83b0-4fd8-a607-9aaf8d7e0600x-ms-ests-server: 2.1.19683.3 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: fc2ffade-31d0-46d3-965e-93ac91e16860x-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 3F2E5DD2053449FAA053FCD1CD4F28CD Ref B: AMS231032604047 Ref C: 2024-12-20T19:22:14Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: a569ac41-8b45-4e70-8f0a-ccbe13970900x-ms-ests-server: 2.1.19683.3 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 8d47578a-3e12-4f31-b755-dc3d91a28000x-ms-ests-server: 2.1.19683.3 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: fccd8f0f-586c-47a8-94cb-76cc0eb9c800x-ms-ests-server: 2.1.19683.3 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: 051b4bc0-e173-45da-9577-790074149729x-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: D582B17D73E9488898E73D6B4EF9F39F Ref B: AMS231032604035 Ref C: 2024-12-20T19:22:38Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: ca288a16-6eea-4fe8-8355-e9ef3f132b00x-ms-ests-server: 2.1.19683.6 - WUS3 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: a943da2d-5b4b-4c7c-9901-2c72b9971400x-ms-ests-server: 2.1.19683.3 - EUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 20 Dec 2024 19:21:38 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Source: chromecache_91.2.dr

String found in binary or memory: https://img.icons8.com/emoji/48/check-mark-emoji.png

Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867

Source: classification engine

Classification label: mal76.phis.win@18/52@30/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2020,i,11667800042035244623,12492529446862282351,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://google.com.mx//url?ob=pglnk4shsljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ=="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2020,i,11667800042035244623,12492529446862282351,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.181.132	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
159.89.96.140	80b0d227-7fd541d7.acmgs.com.au	United States	14061	DIGITALOCEAN-ASNUS	true
142.250.181.67	www.google.com.mx	United States	15169	GOOGLEUS	false
37.19.194.80	1004834818.rsc.cdn77.org	Ukraine	31343	INTERTELECOMUA	false
162.241.114.35	braverygray.com	United States	46606	UNIFIEDLAYER-AS-1US	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
80b0d227-7fd541d7.acmgs.com.au	159.89.96.140	true
1004834818.rsc.cdn77.org	37.19.194.80	true
l1ve.acmgs.com.au	159.89.96.140	true
www.google.com.mx	142.250.181.67	true
0a9d60c7-7fd541d7.acmgs.com.au	159.89.96.140	true
www.google.com	142.250.181.132	true
fd33ba4f-7fd541d7.acmgs.com.au	159.89.96.140	true
google.com.mx	216.58.208.227	true
braverygray.com	162.241.114.35	true
0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au	159.89.96.140	true
3d381eb0-7fd541d7.acmgs.com.au	159.89.96.140	true
8a95b52b-7fd541d7.acmgs.com.au	159.89.96.140	true
img.icons8.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://img.icons8.com/emoji/48/check-mark-emoji.png	false	high
https://0a9d60c7-7fd541d7.acmgs.com.au/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	true	unknown
https://0a9d60c7-7fd541d7.acmgs.com.au/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js	true	unknown
https://0a9d60c7-7fd541d7.acmgs.com.au/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js	true	unknown
https://0a9d60c7-7fd541d7.acmgs.com.au/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js	true	unknown
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/7fd541d7502147ce9bcdf37900bf1488/	true	unknown
https://0a9d60c7-7fd541d7.acmgs.com.au/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif	true	unknown
https://3d381eb0-7fd541d7.acmgs.com.au/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1734722554431&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true	true	unknown
https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC	true	unknown
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/favicon.ico	true	unknown
https://0a9d60c7-7fd541d7.acmgs.com.au/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	true	unknown
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	true	unknown
https://l1ve.acmgs.com.au/Me.htm?v=3	true	unknown
https://0a9d60c7-7fd541d7.acmgs.com.au/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_b6632c4da67c72da7b92.js	true	unknown
https://0a9d60c7-7fd541d7.acmgs.com.au/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	true	unknown
https://www.google.com.mx/url?ob=pglnk4shsljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ==	false	high
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com	false	unknown
https://0a9d60c7-7fd541d7.acmgs.com.au/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js	true	unknown
http://braverygray.com/favicon.ico	false	unknown
https://www.google.com.mx/amp/braverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ==	false	high
https://0a9d60c7-7fd541d7.acmgs.com.au/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css	true	unknown
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	true	unknown
https://0a9d60c7-7fd541d7.acmgs.com.au/shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js	true	unknown
https://8a95b52b-7fd541d7.acmgs.com.au/Prefetch/Prefetch.aspx	true	unknown
http://braverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ==	false	unknown
https://0a9d60c7-7fd541d7.acmgs.com.au/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif	true	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:21:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B66836D2F4DFC0166C44DDDA9745469E	5FCF5223D05855632833CBD06BABA4D6F0A94EB3	E3F27CDED5CB002D17A7193579022FE45A3FE9AFC7DC7267B868D460A6C918DC
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:21:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	00A5C5486D9B6667158A465A9C118528	2178F59C17FDC7C1100D792B78A025D1B2DBC7FD	8E9278A2665DFA315AF59456751662BDB6A383EBC0DAAAA0BE6C8E2DF6F84246
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7336F8EAEB15358E542D26F3B3B59C98	52287116167936C8E5DBCF9FC6BE4F8ED2E26F42	266DE97DAC4D8F30C44EAD38B57D26917C60D3685A0BD488E68B1D2DCE8C3689
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:21:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	47D865FE2FD03ECDB2ADCD2519ACC9D0	560CF33BBC64B28FB1DADA8F3C015A0C81D6790B	8D2565EDB716ABA521EB40F518F7BCC1FEF29B705F6E0F5E6BBE0F477D125BC5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:21:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D247B1AB4F16914E69EB0BAA7F054196	37C49074D5CFC8429473630D5966DAFD85C6C914	5F4F222DF4AF18B2FBFCDE4F7774D03865D178E3DC1AC7084F266F4CFDA33EC7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:21:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	705EA8CA1C629051A17F7E4833BD0764	DA17A33E36D70EC20DE319253C1913DB3ADD860F	81841A98F97CAEB0EC29A9798F7E11EAEA7D91D7F4D03ECAFC1B0AF160A2DA66
Chrome Cache Entry: 100	gzip compressed data, from Unix, original size modulo 2^32 57510	1BB2645B377E0429225D33E4E2CC6E3F	A40797795C77CDFF574080B506BAB17DB38494B5	B3B869875C7655F97500FBA0BCE74BCE7CC1DEE31D7CE5B93EA5D6457E07F08E
Chrome Cache Entry: 101	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 102	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
Chrome Cache Entry: 103	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 104	gzip compressed data, from Unix, original size modulo 2^32 190247	389258B089F0D217764CBBDFC87659F5	1CCBD40BD9E25E46D53DB849B1F60C8E7F8C2EA0	0A9FA51832902ADB93F8F7BBF21AAABA7CDD2F22385ECA32091C9AA5EDF5ADE4
Chrome Cache Entry: 105	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 106	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 78	gzip compressed data, from Unix, original size modulo 2^32 450747	8E6CCF8A96D27CE68AC1940A8206C449	3D93F2A9BFB20CD3A2D98F1DFCEE58B0C7AF0B14	E524159B1EEB449AA1A774D458F850CC60BE3A8D7847FCF4D6CFBE88D605C86A
Chrome Cache Entry: 79	gzip compressed data, from Unix, original size modulo 2^32 407071	6F6EB05F78597A70B462CF2D356778D7	47D90A87D4E387ADC1F6FD342382A291A28DCADD	57121E04A04280630FA453C8818754069F29DCDE31BCAE43B0A4C4AECB56E232
Chrome Cache Entry: 80	gzip compressed data, from Unix, original size modulo 2^32 3556	CC9C3290F095AECEF8122C1F799F12D8	7D8FA3A0C67CFB1DD49259899D76B2A4CD45912B	D8627117858EF0B87851153D67C482D1617C32E7BDC89E6F29229C14CEE9100F
Chrome Cache Entry: 81	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 82	gzip compressed data, from Unix, original size modulo 2^32 190247	389258B089F0D217764CBBDFC87659F5	1CCBD40BD9E25E46D53DB849B1F60C8E7F8C2EA0	0A9FA51832902ADB93F8F7BBF21AAABA7CDD2F22385ECA32091C9AA5EDF5ADE4
Chrome Cache Entry: 83	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 84	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 85	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EB3AE4074D724A8A564173B2894A4F2B	21B8D9360555EE90B16CC4F70DEC8B652F643C8C	3E35566DD05C266A577E5DB23F903458D297463E95FC6F7E4CE2D044FAB20885
Chrome Cache Entry: 86	gzip compressed data, from Unix, original size modulo 2^32 142353	5A88B29D0A2C65D8BB326127C8E917F9	73E00332C38816AE8DA32B7CCF493F6C7A91723B	84EBEBF710DC9BD87511F3F4BA5AC5297E3BBA60F7EFA9E2D50A666B23B413B2
Chrome Cache Entry: 87	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
Chrome Cache Entry: 88	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 89	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 90	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EB3AE4074D724A8A564173B2894A4F2B	21B8D9360555EE90B16CC4F70DEC8B652F643C8C	3E35566DD05C266A577E5DB23F903458D297463E95FC6F7E4CE2D044FAB20885
Chrome Cache Entry: 91	ASCII text, with CRLF line terminators	ABAD45001799DA6A457B4903D1CC13D0	152707D5F31E75B959AC37F6799D12281B1702A7	4016D62F71F8C2EB1FEA341895EFC94BB020BC1F5A6C58972B440E977D5390A0
Chrome Cache Entry: 92	gzip compressed data, from Unix, original size modulo 2^32 113424	69F909D3BA8C6B993DD001B8B9F54F55	F9EAAAA6BC33CE60A2DA8E9FF0F3408CC21CC9EA	5DEB7C0DFBFFCA6439CADD009CD4F57AF7C3E8B6AD9B1467DB95A1B0DC262B0C
Chrome Cache Entry: 93	gzip compressed data, from Unix, original size modulo 2^32 407071	CC92FE0F40BB3ABB47B29FB112E58773	4BB80A9846053340E2BBD54EBBB3D623FBA6A116	C18DEE6F13D3CAD2E0901F65DDE62FDCB9846FFCAD3CFCBCE68585637F074EBA
Chrome Cache Entry: 94	gzip compressed data, from Unix, original size modulo 2^32 57510	1BB2645B377E0429225D33E4E2CC6E3F	A40797795C77CDFF574080B506BAB17DB38494B5	B3B869875C7655F97500FBA0BCE74BCE7CC1DEE31D7CE5B93EA5D6457E07F08E
Chrome Cache Entry: 95	gzip compressed data, from Unix, original size modulo 2^32 450747	015E2C3880535EA154E19EF047BE231D	2237C0E5838AF8FDB685FEC625AD12EE3AB64930	EF9CA47639C2F97CC65E554EBF832388945CCC7F28CFB300D47F593AB3717AED
Chrome Cache Entry: 96	gzip compressed data, from Unix, original size modulo 2^32 26677	C94522CB4B4F00AC8B245E9C8E1493C7	611B3D8F548A79F9335A3758EB02858A2333CC68	F6E99224DB77432B577F3B9130662851411A83626B857CCD387D8381BA22056B
Chrome Cache Entry: 97	gzip compressed data, from Unix, original size modulo 2^32 26677	C94522CB4B4F00AC8B245E9C8E1493C7	611B3D8F548A79F9335A3758EB02858A2333CC68	F6E99224DB77432B577F3B9130662851411A83626B857CCD387D8381BA22056B
Chrome Cache Entry: 98	ASCII text, with no line terminators	17C4BD96DCB397D1D62D24921BC4FEBA	2C0F2AFF858069D582A97867B183EBD5DC8A9FCB	3549DBC06BDD994A38C9A29AECD7E8F9577E2150D15F8D6B0533B4D250666514
Chrome Cache Entry: 99	gzip compressed data, from Unix, original size modulo 2^32 142353	5A88B29D0A2C65D8BB326127C8E917F9	73E00332C38816AE8DA32B7CCF493F6C7A91723B	84EBEBF710DC9BD87511F3F4BA5AC5297E3BBA60F7EFA9E2D50A666B23B413B2

Phishing

AI detected phishing page

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL '0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au' does not match the legitimate domain for Microsoft., The URL contains repeated segments and uses '0' instead of 'o', which is a common phishing tactic to mimic legitimate words., The domain 'acmgs.com.au' is not associated with Microsoft, raising suspicion., The presence of a password input field on a non-legitimate domain increases the risk of phishing. DOM: 3.6.pages.csv
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL '0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au' does not match the legitimate domain for Microsoft., The URL contains repeated words and unusual patterns, which are common indicators of phishing., The domain 'acmgs.com.au' is not associated with Microsoft., The use of '0nlineactivations' with a zero instead of an 'o' is a common phishing tactic to mimic legitimate words., The presence of an input field for 'Enter password' suggests an attempt to capture sensitive information. DOM: 3.7.pages.csv
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL '0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au' does not match the legitimate domain for Microsoft., The URL contains repeated words and unusual patterns, which are common indicators of phishing., The use of '0nlineactivations' instead of 'onlineactivations' suggests intentional misspelling to deceive users., The domain extension '.com.au' is not typically associated with Microsoft's global operations., The presence of an input field for 'Enter password' on a suspicious domain increases the risk of phishing. DOM: 4.8.pages.csv

Yara detected Fake Captcha

Source: Yara match

File source: 2.1.pages.csv, type: HTML

Yara detected HtmlPhish54

Source: Yara match	File source: 1.10.id.script.csv, type: HTML
Source: Yara match	File source: 1.3.id.script.csv, type: HTML
Source: Yara match	File source: 1.22.id.script.csv, type: HTML
Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 4.8.pages.csv, type: HTML
Source: Yara match	File source: 3.3.pages.csv, type: HTML
Source: Yara match	File source: 3.5.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 1.0.id.script.csv

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true

HTTP Parser: cshannon@skorburgcompany.com

HTML body contains low number of good links

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 120px; height: 40px; overflow: hidden; position: relative;"]

HTML title does not match URL

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: Iframe src: https://8a95b52b-7fd541d7.acmgs.com.au/Prefetch/Prefetch.aspx
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: Iframe src: https://8a95b52b-7fd541d7.acmgs.com.au/Prefetch/Prefetch.aspx
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: Iframe src: https://8a95b52b-7fd541d7.acmgs.com.au/Prefetch/Prefetch.aspx
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	HTTP Parser: Iframe src: https://8a95b52b-7fd541d7.acmgs.com.au/Prefetch/Prefetch.aspx

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: <input type="password" .../> found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	HTTP Parser: <input type="password" .../> found

Source: http://braverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ==	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No favicon
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	HTTP Parser: No favicon

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	HTTP Parser: No <meta name="author".. found

Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login	HTTP Parser: No <meta name="copyright".. found

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 159.89.96.140:443 -> 192.168.2.5:49754
Source: Network traffic	Suricata IDS: 2832046 - Severity 1 - ETPRO PHISHING Successful Office 365 Phish 2018-08-01 : 192.168.2.5:49897 -> 159.89.96.140:443
Source: Network traffic	Suricata IDS: 2832180 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2018-08-15 : 192.168.2.5:49897 -> 159.89.96.140:443
Source: Network traffic	Suricata IDS: 2840426 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2020-01-14 : 192.168.2.5:49897 -> 159.89.96.140:443
Source: Network traffic	Suricata IDS: 2846045 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2020-12-15 : 192.168.2.5:49897 -> 159.89.96.140:443

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: www.google.com.mx to http://braverygray.com/.dd/kcxz0m1ane-suredann-y3noyw5ub25ac2tvcmj1cmdjb21wyw55lmnvbq==

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /url?ob=pglnk4shsljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ== HTTP/1.1Host: www.google.com.mxConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /amp/braverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ== HTTP/1.1Host: www.google.com.mxConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=520=P_X2Weg8C8F0yImoWzfwMaOI3miogMnS-uUYfalso-iE5x4o1rdfbrmDp3X-53E9D1UAGbssPaGzUceBmhdsPWQmDdVw2S7L2TZnobsVPJblbc7P5eSV0Rrt8QOAs09abptWztnEqLU4y7LZAaTvisttCVD6iH9UJVPrtqHce-qccUlmFPY8PinE8MNH1w3LwdTr
Source: global traffic	HTTP traffic detected: GET /emoji/48/check-mark-emoji.png HTTP/1.1Host: img.icons8.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://braverygray.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /emoji/48/check-mark-emoji.png HTTP/1.1Host: img.icons8.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?777=cshannon%40skorburgcompany.com HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://braverygray.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?777=cshannon%40skorburgcompany.com HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.ausec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="Sec-WebSocket-Key: GXWshBbU4REVjVLNpKosZA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?777=cshannon%40skorburgcompany.com&sso_reload=true HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=cshannon%40skorburgcompany.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.ausec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.ausec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.ausec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: 006gzWN6RNCrAPUxU2ihWQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 8a95b52b-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=c59dd98b-26dd-4aa5-a2fe-5fb02e3ad399; brcap=0Sec-WebSocket-Key: RM048COJ80ZZ/4rj/MVXrg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_b6632c4da67c72da7b92.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_b6632c4da67c72da7b92.js HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 0a9d60c7-7fd541d7.acmgs.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=c59dd98b-26dd-4aa5-a2fe-5fb02e3ad399; brcap=0Sec-WebSocket-Key: 1UujSNz5LxDK8vGBwAB5WA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=c59dd98b-26dd-4aa5-a2fe-5fb02e3ad399; brcap=0Sec-WebSocket-Key: JgHp4RtlYz948A0O8ervAA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=c59dd98b-26dd-4aa5-a2fe-5fb02e3ad399; brcap=0; ai_session=fz4pBGWtVS6N2nwCNSFfeJ\|1734722554420\|1734722554420Sec-WebSocket-Key: PKC7cRL11Hprr9bcMTTuKg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 8a95b52b-7fd541d7.acmgs.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="
Source: global traffic	HTTP traffic detected: GET /7fd541d7502147ce9bcdf37900bf1488/ HTTP/1.1Host: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.auSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6wDB08="N2ZkNTQxZDctNTAyMS00N2NlLTliY2QtZjM3OTAwYmYxNDg4OjljYzUwYzg1LTNlZTctNDdhMy04M2QyLTM0YjE2NmNmMDE0Zg=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=c59dd98b-26dd-4aa5-a2fe-5fb02e3ad399; brcap=0; ai_session=fz4pBGWtVS6N2nwCNSFfeJ\|1734722554420\|1734722554420; MC1="GUID=9bbc1ea7359f4ac795e451a9be3680a3&HASH=9bbc&LV=202412&V=4&LU=1734722557998"; MS0=d887729d07ae4c6e9990de2fe6dcd88dSec-WebSocket-Key: ESQisb2FhczKgZVsjYrPSA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ== HTTP/1.1Host: braverygray.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: braverygray.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://braverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ==Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: google.com.mx
Source: global traffic	DNS traffic detected: DNS query: www.google.com.mx
Source: global traffic	DNS traffic detected: DNS query: braverygray.com
Source: global traffic	DNS traffic detected: DNS query: img.icons8.com
Source: global traffic	DNS traffic detected: DNS query: 0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au
Source: global traffic	DNS traffic detected: DNS query: 0a9d60c7-7fd541d7.acmgs.com.au
Source: global traffic	DNS traffic detected: DNS query: 80b0d227-7fd541d7.acmgs.com.au
Source: global traffic	DNS traffic detected: DNS query: fd33ba4f-7fd541d7.acmgs.com.au
Source: global traffic	DNS traffic detected: DNS query: l1ve.acmgs.com.au
Source: global traffic	DNS traffic detected: DNS query: 8a95b52b-7fd541d7.acmgs.com.au
Source: global traffic	DNS traffic detected: DNS query: 3d381eb0-7fd541d7.acmgs.com.au

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 4dc94a0d-8d7d-4ce9-82da-5907caf85200x-ms-ests-server: 2.1.19683.3 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: e24789ac-c66f-4d43-b3bc-f4eed7ddab00x-ms-ests-server: 2.1.19683.3 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 368d39ec-83b0-4fd8-a607-9aaf8d7e0600x-ms-ests-server: 2.1.19683.3 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: fc2ffade-31d0-46d3-965e-93ac91e16860x-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 3F2E5DD2053449FAA053FCD1CD4F28CD Ref B: AMS231032604047 Ref C: 2024-12-20T19:22:14Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: a569ac41-8b45-4e70-8f0a-ccbe13970900x-ms-ests-server: 2.1.19683.3 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 8d47578a-3e12-4f31-b755-dc3d91a28000x-ms-ests-server: 2.1.19683.3 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: fccd8f0f-586c-47a8-94cb-76cc0eb9c800x-ms-ests-server: 2.1.19683.3 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: 051b4bc0-e173-45da-9577-790074149729x-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: D582B17D73E9488898E73D6B4EF9F39F Ref B: AMS231032604035 Ref C: 2024-12-20T19:22:38Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: ca288a16-6eea-4fe8-8355-e9ef3f132b00x-ms-ests-server: 2.1.19683.6 - WUS3 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 20 Dec 2024 19:22:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: a943da2d-5b4b-4c7c-9901-2c72b9971400x-ms-ests-server: 2.1.19683.3 - EUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://80b0d227-7fd541d7.acmgs.com.au/api/report?catId=GW+estsfd+SEC"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 20 Dec 2024 19:21:38 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Source: chromecache_91.2.dr

String found in binary or memory: https://img.icons8.com/emoji/48/check-mark-emoji.png

Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867

Source: classification engine

Classification label: mal76.phis.win@18/52@30/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2020,i,11667800042035244623,12492529446862282351,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://google.com.mx//url?ob=pglnk4shsljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ=="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2020,i,11667800042035244623,12492529446862282351,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1579098
Product:	CloudBasic
Start time:	20:20:24
Start date:	20.12.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://google.com.mx//url?ob=pglnk4shsljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ==

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://google.com.mx//url?ob=pglnk4shsljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ==

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://google.com.mx//url?ob=pglnk4shsljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ==