Edit tour

Windows Analysis Report
https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32

Overview

General Information

Sample URL:	https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32
Analysis ID:	1590104
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish46

Yara detected HtmlPhish54

AI detected suspicious Javascript

Detected non-DNS traffic on DNS port

Drops files with a non-matching file extension (content does not match file extension)

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5832 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=2252,i,14136314091735512277,7748461438341982796,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.49.id.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
0.55.id.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.3.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
3.4.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
3.6.pages.csv	JoeSecurity_HtmlPhish_46	Yara detected HtmlPhish_46	Joe Security
3.6.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
3.7.pages.csv	JoeSecurity_HtmlPhish_46	Yara detected HtmlPhish_46	Joe Security
3.7.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
Click to see the 3 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'login.hrmails.online' does not match the legitimate domain for Microsoft., The domain 'hrmails.online' is not associated with Microsoft and appears suspicious., The use of a generic domain extension '.online' is often used in phishing attempts., The URL structure does not include any direct reference to Microsoft, which is a red flag. DOM: 3.6.pages.csv
Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'login.hrmails.online' does not match the legitimate domain for Microsoft., The domain 'hrmails.online' is not associated with Microsoft and appears suspicious., The use of a generic domain extension '.online' and the presence of 'hrmails' in the domain name are unusual and could indicate phishing., The email domain 'tez.org' in the input fields does not provide any additional legitimacy to the Microsoft brand association. DOM: 3.7.pages.csv

Yara detected HtmlPhish46

Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML

Yara detected HtmlPhish54

Source: Yara match	File source: 0.49.id.script.csv, type: HTML
Source: Yara match	File source: 0.55.id.script.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML
Source: Yara match	File source: 3.4.pages.csv, type: HTML
Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.60.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://login.hrmails.online/common/oauth2/v2.0/au... This script demonstrates several high-risk behaviors, including redirecting the user to an unknown domain and potentially collecting sensitive information (session ID) without transparency. While the script may have a legitimate purpose, such as preventing unauthorized framing, the lack of context and the use of obfuscated code raise significant security concerns.

Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: Number of links: 0
Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: Number of links: 0

Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0

HTTP Parser: Base64 decoded: 0042db8e-4fff-4349-909b-69b5e4b5ec6f0d576b8b-08e6-440c-b3fa-37b663ebba85

Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="author".. found
Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 36MB

Source: global traffic

TCP traffic: 192.168.2.5:50046 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/it1hhxczqyf0qxif41bma48tat7sqs32 HTTP/1.1Host: app.box.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /app-api/enduserapp/current-user/features/secondary HTTP/1.1Host: app.box.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /X-Box-Client-Version: 23.25.1X-Box-Client-Name: enduserappsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /app-api/split-proxy/api/mySegments/-1 HTTP/1.1Host: app.box.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0SplitSDKVersion: javascript-10.28.0Authorization: Bearer 3sd5ltupa3cq5t3ovm1r2kear6i4kvmeb42aUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: application/jsonsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /app-api/split-proxy/api/splitChanges?s=1.1&since=-1 HTTP/1.1Host: app.box.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0SplitSDKVersion: javascript-10.28.0Authorization: Bearer 3sd5ltupa3cq5t3ovm1r2kear6i4kvmeb42aUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: application/jsonsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /app-api/enduserapp/current-user/features/secondary HTTP/1.1Host: app.box.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /app-api/split-proxy/api/mySegments/-1 HTTP/1.1Host: app.box.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /app-api/split-proxy/api/mySegments/2 HTTP/1.1Host: app.box.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0SplitSDKVersion: javascript-10.28.0Authorization: Bearer 3sd5ltupa3cq5t3ovm1r2kear6i4kvmeb42aUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: application/jsonsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /app-api/split-proxy/api/mySegments/678526c81f7108.44421725 HTTP/1.1Host: app.box.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0SplitSDKVersion: javascript-10.28.0Authorization: Bearer 3sd5ltupa3cq5t3ovm1r2kear6i4kvmeb42aUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: application/jsonsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /data/ptm.gif/123e0628-cb29-41d1-466c-c592c7ddcd06?v=2.238.2_prod&ct=1736779470112&jzb=eJy9UcGOmzAU_BefCdgY1pDbSj206lbVthu1UlUhAyaxBJjYj2xolH_P8yZFSFXb065PZsZvZpj340RgGhRZE12rHnQzkYCU1jw7ZQvQHTJM8Dsh8kRQmqcBOWinwdhC1zgU42tZVWbs4QqsGCKjbfG6AxjcOorkMISlOYaV6SIXaWC73bH6tZ8auj_qJmFlJ5MMJAi3d9wLDtYMjqxPxLR1sbTrx7YNXtCl5xX9b6wzCkuL__gkyw_zGFw_yOOX6fPjRyHY5ttT39ADCjRWduqF_JQn99_fPYtqk48PvOG-ogkUZuSMnoO5wk6B_Gd9d29a383KX1HgQfbbUW59TtWvNl_x5ZyhXXIFcljWLZef_qPC-5lDqJbgBxmPKItiGqcoeFDWadN7-TDmWRgXmKpGwqm2eW8cKJQEO6rX2UrOF1tpjfTOf9-KeNOt-Di3EGma0JDlv08Wp69SR5xm558XE8c9vw HTTP/1.1Host: pendo-data-prod.box.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.box.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: box_visitor_id=678526c81f7108.44421725; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /app-api/split-proxy/api/splitChanges?s=1.1&since=-1 HTTP/1.1Host: app.box.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /app-api/split-proxy/api/mySegments/2 HTTP/1.1Host: app.box.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /app-api/split-proxy/api/mySegments/678526c81f7108.44421725 HTTP/1.1Host: app.box.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /data/ptm.gif/123e0628-cb29-41d1-466c-c592c7ddcd06?v=2.238.2_prod&ct=1736779470112&jzb=eJy9UcGOmzAU_BefCdgY1pDbSj206lbVthu1UlUhAyaxBJjYj2xolH_P8yZFSFXb065PZsZvZpj340RgGhRZE12rHnQzkYCU1jw7ZQvQHTJM8Dsh8kRQmqcBOWinwdhC1zgU42tZVWbs4QqsGCKjbfG6AxjcOorkMISlOYaV6SIXaWC73bH6tZ8auj_qJmFlJ5MMJAi3d9wLDtYMjqxPxLR1sbTrx7YNXtCl5xX9b6wzCkuL__gkyw_zGFw_yOOX6fPjRyHY5ttT39ADCjRWduqF_JQn99_fPYtqk48PvOG-ogkUZuSMnoO5wk6B_Gd9d29a383KX1HgQfbbUW59TtWvNl_x5ZyhXXIFcljWLZef_qPC-5lDqJbgBxmPKItiGqcoeFDWadN7-TDmWRgXmKpGwqm2eW8cKJQEO6rX2UrOF1tpjfTOf9-KeNOt-Di3EGma0JDlv08Wp69SR5xm558XE8c9vw HTTP/1.1Host: pendo-data-prod.box.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: box_visitor_id=678526c81f7108.44421725; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /app-api/end-user-web/sign-settings?typedIDs=f_1748539458374 HTTP/1.1Host: app.box.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /X-Box-Client-Version: 23.25.1X-Box-Client-Name: enduserappsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen
Source: global traffic	HTTP traffic detected: GET /app-api/enduserapp/elements/tokens HTTP/1.1Host: app.box.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen
Source: global traffic	HTTP traffic detected: GET /api/2.0/files/1748539458374?fields=watermark_info HTTP/1.1Host: app.box.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-Box-Client-Version: 23.25.1X-Box-Client-Name: enduserappsec-ch-ua-mobile: ?0Authorization: Bearer 1!9ST5Psku8hjcb_vS4VRBtgYHnnC7-akWDXZlyEp9SDfDVpkVFbYx19AEm9qMP4EXMcOh3-D_eLABOO_8mWNHz6Zyku112Omyk-rRRxrVrFJB0LmWzIPkDeldw2AAzowQv1zr9msA1aRMlRByppAj2txsYOuGNRWq0QzAUSqiV3j1V07WguM6aG3PVX6EZyP0nMfsuN-U8eOkY0C57x0DcWa3OsyIpjrX8zQZWuHw8Ly-Om3SPt3F7SiZqem6lNxg1X0f4bHawQX9WYA-ZBALMVTC3kTarwFcsM6MEjDtMro5z2ZK58Qzq2Pvop3xBhrFEXdbiLmdOMMNZbm5i0ohsBpVN4HL1K3utvT22pcjFN1mbuYy_VCD38tDY3kNtQEGtOthyMafn8XJZ-viX3UnQwwjxZBby7FsuNY1rdRawcoAgkLQ94e6oVq6HhVrAVVoaZHr_k8WUwYBNqlJBaXcZ8ygx3oeblt8Hvb8zw74ePG7i4c_Qt6lW3hSofSwvnDHvqoSoxAAMtD59OhmLfMroAj9RuDLj52CDrtXl-YyN8Y3cWF3QeQ2TdFO7t5sNvr48-iJEZQTzybD0OoStT8Jlok1Vfc11DuVhksvqiO-User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/json, text/plain, /sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen
Source: global traffic	HTTP traffic detected: GET /api/2.0/files/1748539458374/metadata/global/boxSign HTTP/1.1Host: app.box.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-Box-Client-Version: 23.25.1X-Box-Client-Name: enduserappsec-ch-ua-mobile: ?0Authorization: Bearer 1!tkKmSz8uCftqGz-Sz4T4tVmQfC9ZyUr4opNS5sxq7g6dcvp78rR4IyQlXk3XCpVS9sdRd_mHFF35ltv0Gc1ECckcZonshZmRIR8l43ViwYUzOM5Dae01CmLI91VCy7nfku9G8X1B-WDJRgvQGQ03OMkjx0gXbaIckBFOZ22FQMhnir9hAEUh5PPCCRj58WlInAQsBJR0ZWse8gs2UvzQ55wFtzJy81KC2aA5bwbUVrxvl9byV3HHl_zbdQvs8HUOX_g9kR7Nhizf8Tqaj4P3pPFu3zC_oumzZ_Wf-3X985XRUEbXuwUEeii8RdDUzK7krFC3pXGxGigoznn52eHM6GEbQsVyTIm6CqxAbcPAUKM7v9b6zHnvFDMMtljExJeo2qDhGyJBlEAa3xwm0akjtzb3_vfBsayH8ImqPwvmmNqDEkZBFAcQqOzG3qIHCfb2IaUChgphSsE2KCV0YanGp_ZU7a4fBnIq7InX-S9CffxmzQeZ3VhxEIGgOI2NWsUjc1-0YNs-mqbaHmWSl7T4Mf0TnJD76hXEVEFCxzHTuz-jDQzbWSd7mIAn93vKZqQSU2CbQRbp-sIhJEQ1hFHugSQ1RFUr3LHL9I4wemN-User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/json, text/plain, /sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen
Source: global traffic	HTTP traffic detected: GET /app-api/enduserapp/elements/tokens HTTP/1.1Host: app.box.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen
Source: global traffic	HTTP traffic detected: GET /api/2.0/files/1748539458374?fields=watermark_info HTTP/1.1Host: app.box.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen; csrf-token=fag2EmRuoXgR3F6jxcT3dekpzEMHhJXwg_v2ACjI54C
Source: global traffic	HTTP traffic detected: GET /2.0/files/1748539458374?fields=permissions,shared_link,sha1,file_version,name,size,extension,representations,watermark_info,authenticated_download_url,is_download_available HTTP/1.1Host: api.box.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Language: en-USX-Box-Client-Name: ContentPreviewsec-ch-ua-mobile: ?0X-Rep-Hints: [3d][pdf][text][mp3][json][jpg?dimensions=1024x1024&paged=false][jpg?dimensions=2048x2048,png?dimensions=2048x2048][dash,mp4][filmstrip]Authorization: Bearer 1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/jsonBoxApi: shared_link=https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32sec-ch-ua-platform: "Windows"Origin: https://app.box.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.box.com/Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /app-api/enduserapp/elements/tokens HTTP/1.1Host: app.box.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen
Source: global traffic	HTTP traffic detected: GET /api/2.0/internal_files/1748539458374/versions/1925739332568/representations/jpg_1024x1024/content/?access_token=1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6&shared_link=https%3A%2F%2Fapp.box.com%2Fs%2Fit1hhxczqyf0qxif41bma48tat7sqs32&box_client_name=box-content-preview&box_client_version=3.0.0 HTTP/1.1Host: public.boxcloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://app.box.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.box.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /2.0/files/1748539458374?fields=permissions,shared_link,sha1,file_version,name,size,extension,representations,watermark_info,authenticated_download_url,is_download_available HTTP/1.1Host: api.box.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: box_visitor_id=678526c81f7108.44421725; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /api/2.0/internal_files/1748539458374/versions/1925739332568/representations/jpg_1024x1024/content/?access_token=1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6&shared_link=https%3A%2F%2Fapp.box.com%2Fs%2Fit1hhxczqyf0qxif41bma48tat7sqs32&box_client_name=box-content-preview&box_client_version=3.0.0 HTTP/1.1Host: public.boxcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /2.0/files/1748539458374?fields=content_created_at,content_modified_at,created_at,created_by,modified_at,modified_by,owned_by,description,metadata.global.boxSkillsCards,expires_at,version_limit,version_number,is_externally_owned,restored_from,uploader_display_name HTTP/1.1Host: api.box.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Language: en-USX-Box-Client-Name: ContentSidebarsec-ch-ua-mobile: ?0X-Rep-Hints: [3d][pdf][text][mp3][json][jpg?dimensions=1024x1024&paged=false][jpg?dimensions=2048x2048,png?dimensions=2048x2048][dash,mp4][filmstrip]Authorization: Bearer 1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/jsonBoxApi: shared_link=https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32sec-ch-ua-platform: "Windows"Origin: https://app.box.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.box.com/Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /2.0/files/1748539458374?fields=content_created_at,content_modified_at,created_at,created_by,modified_at,modified_by,owned_by,description,metadata.global.boxSkillsCards,expires_at,version_limit,version_number,is_externally_owned,restored_from,uploader_display_name HTTP/1.1Host: api.box.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: box_visitor_id=678526c81f7108.44421725; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /api/2.0/internal_files/1748539458374/versions/1925739332568/representations/pdf/content/?access_token=1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6&shared_link=https%3A%2F%2Fapp.box.com%2Fs%2Fit1hhxczqyf0qxif41bma48tat7sqs32&box_client_name=box-content-preview&box_client_version=3.0.0 HTTP/1.1Host: public.boxcloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://app.box.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.box.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/2.0/internal_files/1748539458374/versions/1925739332568/representations/pdf/content/?access_token=1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6&shared_link=https%3A%2F%2Fapp.box.com%2Fs%2Fit1hhxczqyf0qxif41bma48tat7sqs32&box_client_name=box-content-preview&box_client_version=3.0.0 HTTP/1.1Host: public.boxcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /verify/bfdocs HTTP/1.1Host: login.hrmails.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: login.hrmails.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: www.hrmails.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1Host: login.hrmails.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268; fpc=AolF6eVn-iFHkPxlSDdBW2I; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEToeyaz1ZboNC9V5pLDapDpuDoQfvOKjtf4tG6DrDMQ4BCEK1mSKXtJ6yXo-C8jcH4SeogayNrUaVGw0rUPiEXDSn8KFZrcdHBHOKStGiW4PLvFr5UD1lG7Aj2NK803llgs-TNNzGyJ35XDuh9XJ06kOTKBGFYSFhNUyDhUdqGoIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /s/80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268.js HTTP/1.1Host: login.hrmails.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268; fpc=AolF6eVn-iFHkPxlSDdBW2I; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEToeyaz1ZboNC9V5pLDapDpuDoQfvOKjtf4tG6DrDMQ4BCEK1mSKXtJ6yXo-C8jcH4SeogayNrUaVGw0rUPiEXDSn8KFZrcdHBHOKStGiW4PLvFr5UD1lG7Aj2NK803llgs-TNNzGyJ35XDuh9XJ06kOTKBGFYSFhNUyDhUdqGoIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-bKK5owcYuE=AQABCQEAAABVrSpeuWamRam2jAF1XRQEfzKCURlqeAq9c6fDpgwJVA5yTH-5kdKh8YSifixGX0JDo-UDAHuE0Slv2u0gZ4q40pVzFTzgtkgmAPsTajrXy2V_3OZTnHi3evKPu8UwVZnTTFc9wGOFN5ZyPg4300UCthDIlVCAIjUW0v3MuaY1TiAA
Source: global traffic	HTTP traffic detected: GET /s/80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268.js HTTP/1.1Host: login.hrmails.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268; fpc=AolF6eVn-iFHkPxlSDdBW2I; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEToeyaz1ZboNC9V5pLDapDpuDoQfvOKjtf4tG6DrDMQ4BCEK1mSKXtJ6yXo-C8jcH4SeogayNrUaVGw0rUPiEXDSn8KFZrcdHBHOKStGiW4PLvFr5UD1lG7Aj2NK803llgs-TNNzGyJ35XDuh9XJ06kOTKBGFYSFhNUyDhUdqGoIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-bKK5owcYuE=AQABCQEAAABVrSpeuWamRam2jAF1XRQEfzKCURlqeAq9c6fDpgwJVA5yTH-5kdKh8YSifixGX0JDo-UDAHuE0Slv2u0gZ4q40pVzFTzgtkgmAPsTajrXy2V_3OZTnHi3evKPu8UwVZnTTFc9wGOFN5ZyPg4300UCthDIlVCAIjUW0v3MuaY1TiAA
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP/1.1Host: login.hrmails.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268; fpc=AolF6eVn-iFHkPxlSDdBW2I; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEToeyaz1ZboNC9V5pLDapDpuDoQfvOKjtf4tG6DrDMQ4BCEK1mSKXtJ6yXo-C8jcH4SeogayNrUaVGw0rUPiEXDSn8KFZrcdHBHOKStGiW4PLvFr5UD1lG7Aj2NK803llgs-TNNzGyJ35XDuh9XJ06kOTKBGFYSFhNUyDhUdqGoIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-bKK5owcYuE=AQABCQEAAABVrSpeuWamRam2jAF1XRQEfzKCURlqeAq9c6fDpgwJVA5yTH-5kdKh8YSifixGX0JDo-UDAHuE0Slv2u0gZ4q40pVzFTzgtkgmAPsTajrXy2V_3OZTnHi3evKPu8UwVZnTTFc9wGOFN5ZyPg4300UCthDIlVCAIjUW0v3MuaY1TiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /s/80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268 HTTP/1.1Host: login.hrmails.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268; fpc=AolF6eVn-iFHkPxlSDdBW2I; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEToeyaz1ZboNC9V5pLDapDpuDoQfvOKjtf4tG6DrDMQ4BCEK1mSKXtJ6yXo-C8jcH4SeogayNrUaVGw0rUPiEXDSn8KFZrcdHBHOKStGiW4PLvFr5UD1lG7Aj2NK803llgs-TNNzGyJ35XDuh9XJ06kOTKBGFYSFhNUyDhUdqGoIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-bKK5owcYuE=AQABCQEAAABVrSpeuWamRam2jAF1XRQEfzKCURlqeAq9c6fDpgwJVA5yTH-5kdKh8YSifixGX0JDo-UDAHuE0Slv2u0gZ4q40pVzFTzgtkgmAPsTajrXy2V_3OZTnHi3evKPu8UwVZnTTFc9wGOFN5ZyPg4300UCthDIlVCAIjUW0v3MuaY1TiAA
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.hrmails.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268; fpc=AolF6eVn-iFHkPxlSDdBW2I; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEToeyaz1ZboNC9V5pLDapDpuDoQfvOKjtf4tG6DrDMQ4BCEK1mSKXtJ6yXo-C8jcH4SeogayNrUaVGw0rUPiEXDSn8KFZrcdHBHOKStGiW4PLvFr5UD1lG7Aj2NK803llgs-TNNzGyJ35XDuh9XJ06kOTKBGFYSFhNUyDhUdqGoIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-bKK5owcYuE=AQABCQEAAABVrSpeuWamRam2jAF1XRQEfzKCURlqeAq9c6fDpgwJVA5yTH-5kdKh8YSifixGX0JDo-UDAHuE0Slv2u0gZ4q40pVzFTzgtkgmAPsTajrXy2V_3OZTnHi3evKPu8UwVZnTTFc9wGOFN5ZyPg4300UCthDIlVCAIjUW0v3MuaY1TiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /s/80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268.js HTTP/1.1Host: login.hrmails.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-bKK5owcYuE=AQABCQEAAABVrSpeuWamRam2jAF1XRQEfzKCURlqeAq9c6fDpgwJVA5yTH-5kdKh8YSifixGX0JDo-UDAHuE0Slv2u0gZ4q40pVzFTzgtkgmAPsTajrXy2V_3OZTnHi3evKPu8UwVZnTTFc9wGOFN5ZyPg4300UCthDIlVCAIjUW0v3MuaY1TiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AXgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAB4AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEGGjKNP_kOiyFADFkYw_AvKa2OwKJwRNSGXZ5LXMzt8qDGufGd4v5hR9RJw-PdIvmOg8xZX3pOELVYcuuMxWRiwSKbh8t9_kUWQcBDJBiQfwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEJeffWAy9Z35GJvkOdv3A9QtgNjwOQNm08_kQuYa9MxBeoy8vm9yA9vhvC56c7u57ccqL0bIbPno-_vWLkd4jta9U2-pBkb70ql-na91NjcOCQabFj4lqPJvzayyp4E4rjffOguAccxzYe_PzdN3JlvCEh-9fefXXUw1A8qfmWDIgAA; esctx-JfkPigKBUvQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEnRXIPT7-1ew4ZSePPQ0AVdzsMmuAXzxZtOgAbu2x1Lj6my8AD35pVhi0_whfXtPFOrk2agz_1sU_IXpdwmOAKL5FW-VT7LEilFV4jRgpIYlmgyt-ccffFrvp6WPSNGfmyhTOZPcA5c14o4rwpz0pwCAA; fpc=AolF6eVn-iFHkPxlSDdBW2K8Ae7AAQAAAOgdF98OAAAA
Source: global traffic	HTTP traffic detected: GET /s/80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268.js HTTP/1.1Host: login.hrmails.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-bKK5owcYuE=AQABCQEAAABVrSpeuWamRam2jAF1XRQEfzKCURlqeAq9c6fDpgwJVA5yTH-5kdKh8YSifixGX0JDo-UDAHuE0Slv2u0gZ4q40pVzFTzgtkgmAPsTajrXy2V_3OZTnHi3evKPu8UwVZnTTFc9wGOFN5ZyPg4300UCthDIlVCAIjUW0v3MuaY1TiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AXgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAB4AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEGGjKNP_kOiyFADFkYw_AvKa2OwKJwRNSGXZ5LXMzt8qDGufGd4v5hR9RJw-PdIvmOg8xZX3pOELVYcuuMxWRiwSKbh8t9_kUWQcBDJBiQfwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEJeffWAy9Z35GJvkOdv3A9QtgNjwOQNm08_kQuYa9MxBeoy8vm9yA9vhvC56c7u57ccqL0bIbPno-_vWLkd4jta9U2-pBkb70ql-na91NjcOCQabFj4lqPJvzayyp4E4rjffOguAccxzYe_PzdN3JlvCEh-9fefXXUw1A8qfmWDIgAA; esctx-JfkPigKBUvQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEnRXIPT7-1ew4ZSePPQ0AVdzsMmuAXzxZtOgAbu2x1Lj6my8AD35pVhi0_whfXtPFOrk2agz_1sU_IXpdwmOAKL5FW-VT7LEilFV4jRgpIYlmgyt-ccffFrvp6WPSNGfmyhTOZPcA5c14o4rwpz0pwCAA; fpc=AolF6eVn-iFHkPxlSDdBW2K8Ae7AAQAAAOgdF98OAAAA
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: live.hrmails.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://login.hrmails.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268
Source: global traffic	HTTP traffic detected: GET /s/80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268 HTTP/1.1Host: login.hrmails.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-bKK5owcYuE=AQABCQEAAABVrSpeuWamRam2jAF1XRQEfzKCURlqeAq9c6fDpgwJVA5yTH-5kdKh8YSifixGX0JDo-UDAHuE0Slv2u0gZ4q40pVzFTzgtkgmAPsTajrXy2V_3OZTnHi3evKPu8UwVZnTTFc9wGOFN5ZyPg4300UCthDIlVCAIjUW0v3MuaY1TiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AXgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAB4AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEGGjKNP_kOiyFADFkYw_AvKa2OwKJwRNSGXZ5LXMzt8qDGufGd4v5hR9RJw-PdIvmOg8xZX3pOELVYcuuMxWRiwSKbh8t9_kUWQcBDJBiQfwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEJeffWAy9Z35GJvkOdv3A9QtgNjwOQNm08_kQuYa9MxBeoy8vm9yA9vhvC56c7u57ccqL0bIbPno-_vWLkd4jta9U2-pBkb70ql-na91NjcOCQabFj4lqPJvzayyp4E4rjffOguAccxzYe_PzdN3JlvCEh-9fefXXUw1A8qfmWDIgAA; esctx-JfkPigKBUvQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEnRXIPT7-1ew4ZSePPQ0AVdzsMmuAXzxZtOgAbu2x1Lj6my8AD35pVhi0_whfXtPFOrk2agz_1sU_IXpdwmOAKL5FW-VT7LEilFV4jRgpIYlmgyt-ccffFrvp6WPSNGfmyhTOZPcA5c14o4rwpz0pwCAA; fpc=AolF6eVn-iFHkPxlSDdBW2K8Ae7AAQAAAOgdF98OAAAA
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: live.hrmails.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://login.hrmails.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268; uaid=3279301942844ede9634da481c2d482e; MSPRequ=id=N&lt=1736779498&co=1
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.hrmails.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-bKK5owcYuE=AQABCQEAAABVrSpeuWamRam2jAF1XRQEfzKCURlqeAq9c6fDpgwJVA5yTH-5kdKh8YSifixGX0JDo-UDAHuE0Slv2u0gZ4q40pVzFTzgtkgmAPsTajrXy2V_3OZTnHi3evKPu8UwVZnTTFc9wGOFN5ZyPg4300UCthDIlVCAIjUW0v3MuaY1TiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AXgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAB4AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEGGjKNP_kOiyFADFkYw_AvKa2OwKJwRNSGXZ5LXMzt8qDGufGd4v5hR9RJw-PdIvmOg8xZX3pOELVYcuuMxWRiwSKbh8t9_kUWQcBDJBiQfwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEJeffWAy9Z35GJvkOdv3A9QtgNjwOQNm08_kQuYa9MxBeoy8vm9yA9vhvC56c7u57ccqL0bIbPno-_vWLkd4jta9U2-pBkb70ql-na91NjcOCQabFj4lqPJvzayyp4E4rjffOguAccxzYe_PzdN3JlvCEh-9fefXXUw1A8qfmWDIgAA; esctx-JfkPigKBUvQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEnRXIPT7-1ew4ZSePPQ0AVdzsMmuAXzxZtOgAbu2x1Lj6my8AD35pVhi0_whfXtPFOrk2agz_1sU_IXpdwmOAKL5FW-VT7LEilFV4jRgpIYlmgyt-ccffFrvp6WPSNGfmyhTOZPcA5c14o4rwpz0pwCAA; fpc=AolF6eVn-iFHkPxlSDdBW2K8Ae7AAQAAAOgdF98OAAAA; MicrosoftApplicationsTelemetryDeviceId=b18fc65f-08d9-4709-8e31-7d444da9fd74; brcap=0; ai_session=fUyt2XzfjMbIr9dSTQaF9d\|1736779498916\|1736779498916; MSFPC=GUID=a68abac9a1104e87a2158fa19f003145&HASH=a68a&LV=202501&V=4&LU=1736779500270
Source: global traffic	HTTP traffic detected: GET /s/80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268 HTTP/1.1Host: login.hrmails.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-bKK5owcYuE=AQABCQEAAABVrSpeuWamRam2jAF1XRQEfzKCURlqeAq9c6fDpgwJVA5yTH-5kdKh8YSifixGX0JDo-UDAHuE0Slv2u0gZ4q40pVzFTzgtkgmAPsTajrXy2V_3OZTnHi3evKPu8UwVZnTTFc9wGOFN5ZyPg4300UCthDIlVCAIjUW0v3MuaY1TiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AXgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAB4AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEGGjKNP_kOiyFADFkYw_AvKa2OwKJwRNSGXZ5LXMzt8qDGufGd4v5hR9RJw-PdIvmOg8xZX3pOELVYcuuMxWRiwSKbh8t9_kUWQcBDJBiQfwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEJeffWAy9Z35GJvkOdv3A9QtgNjwOQNm08_kQuYa9MxBeoy8vm9yA9vhvC56c7u57ccqL0bIbPno-_vWLkd4jta9U2-pBkb70ql-na91NjcOCQabFj4lqPJvzayyp4E4rjffOguAccxzYe_PzdN3JlvCEh-9fefXXUw1A8qfmWDIgAA; esctx-JfkPigKBUvQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEnRXIPT7-1ew4ZSePPQ0AVdzsMmuAXzxZtOgAbu2x1Lj6my8AD35pVhi0_whfXtPFOrk2agz_1sU_IXpdwmOAKL5FW-VT7LEilFV4jRgpIYlmgyt-ccffFrvp6WPSNGfmyhTOZPcA5c14o4rwpz0pwCAA; fpc=AolF6eVn-iFHkPxlSDdBW2K8Ae7AAQAAAOgdF98OAAAA; MicrosoftApplicationsTelemetryDeviceId=b18fc65f-08d9-4709-8e31-7d444da9fd74; brcap=0; ai_session=fUyt2XzfjMbIr9dSTQaF9d\|1736779498916\|1736779498916; MSFPC=GUID=a68abac9a1104e87a2158fa19f003145&HASH=a68a&LV=202501&V=4&LU=1736779500270

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: app.box.com
Source: global traffic	DNS traffic detected: DNS query: cdn01.boxcdn.net
Source: global traffic	DNS traffic detected: DNS query: pendo-data-prod.box.com
Source: global traffic	DNS traffic detected: DNS query: api.box.com
Source: global traffic	DNS traffic detected: DNS query: public.boxcloud.com
Source: global traffic	DNS traffic detected: DNS query: login.hrmails.online
Source: global traffic	DNS traffic detected: DNS query: www.hrmails.online
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: live.hrmails.online

Source: unknown

HTTP traffic detected: POST /gen204 HTTP/1.1Host: app.box.comConnection: keep-aliveContent-Length: 433sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-Box-Client-Version: 23.25.1X-Box-Client-Name: enduserappsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: application/jsonX-Request-Token: 308ea14a8c7f41ad3c80a6de28ec4648c6a91ebe030a7ee1845003d2e7612518Request-Token: 308ea14a8c7f41ad3c80a6de28ec4648c6a91ebe030a7ee1845003d2e7612518sec-ch-ua-platform: "Windows"Origin: https://app.box.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 13 Jan 2025 14:44:35 GMTcontent-type: application/json; charset=utf-8x-envoy-upstream-service-time: 78x-frame-options: SAMEORIGINx-download-options: noopenstrict-transport-security: max-age=31536000access-control-expose-headers: Server-Timingset-cookie: csrf-token=fag2EmRuoXgR3F6jxcT3dekpzEMHhJXwg_v2ACjI54C; Secure; SameSite=None; Path=/x-xss-protection: 0x-content-type-options: nosniffbox-request-id: 06a6dfab384d3dd860096dc20b7b9742dserver-timing: traceparent;desc="00-57b8c4b57acb2d59a199983de3ef24f0-0836b4892da01b71-00"cache-control: no-cachevia: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 13 Jan 2025 14:44:36 GMTcontent-type: text/html; charset=UTF-8strict-transport-security: max-age=31536000via: 1.1 googleContent-Length: 0Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 13 Jan 2025 14:44:36 GMTcontent-type: text/html; charset=UTF-8strict-transport-security: max-age=31536000via: 1.1 googleContent-Length: 0Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 13 Jan 2025 14:44:37 GMTcontent-type: text/html; charset=UTF-8strict-transport-security: max-age=31536000via: 1.1 googleContent-Length: 0Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Found

Source: chromecache_193.2.dr, chromecache_308.2.dr	String found in binary or memory: http://blog.stevenlevithan.com/archives/parseuri
Source: chromecache_193.2.dr, chromecache_308.2.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_228.2.dr, chromecache_193.2.dr, chromecache_308.2.dr	String found in binary or memory: http://www.box.com)
Source: chromecache_193.2.dr, chromecache_308.2.dr	String found in binary or memory: https://github.com/derek-watson/jsUri
Source: chromecache_303.2.dr, chromecache_211.2.dr	String found in binary or memory: https://login.hrmails.online/verify/bfdocs)
Source: chromecache_193.2.dr, chromecache_308.2.dr	String found in binary or memory: https://support.box.com
Source: chromecache_275.2.dr	String found in binary or memory: https://www.jsdelivr.com/using-sri-with-dynamic-files

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: classification engine

Classification label: mal68.phis.win@17/253@34/7

Source: chromecache_211.2.dr

Initial sample: https://login.hrmails.online/verify/bfdocs

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=2252,i,14136314091735512277,7748461438341982796,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=2252,i,14136314091735512277,7748461438341982796,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 303	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 211
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 211	Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://login.hrmails.online/s/80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268	0%	Avira URL Cloud	safe
https://login.hrmails.online/	0%	Avira URL Cloud	safe
https://login.hrmails.online/favicon.ico	0%	Avira URL Cloud	safe
https://live.hrmails.online/Me.htm?v=3	0%	Avira URL Cloud	safe
http://blog.stevenlevithan.com/archives/parseuri	0%	Avira URL Cloud	safe
https://login.hrmails.online/s/80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268.js	0%	Avira URL Cloud	safe
https://login.hrmails.online/verify/bfdocs	0%	Avira URL Cloud	safe
https://login.hrmails.online/verify/bfdocs)	0%	Avira URL Cloud	safe
https://login.hrmails.online/common/GetCredentialType?mkt=en-US	0%	Avira URL Cloud	safe
http://www.box.com)	0%	Avira URL Cloud	safe
https://www.hrmails.online/login	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pendo-data-prod.box.com	74.112.186.159	true	false	high
api.box.com	74.112.186.157	true	false	high
public.boxcloud.com	74.112.186.164	true	false	high
www.hrmails.online	157.230.52.149	true	false	unknown
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true	false	high
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false	high
live.hrmails.online	157.230.52.149	true	false	unknown
www.google.com	172.217.23.100	true	false	high
app.box.com	74.112.186.157	true	false	high
login.hrmails.online	157.230.52.149	true	true	unknown
identity.nel.measure.office.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high
cdn01.boxcdn.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://app.box.com/app-api/split-proxy/api/mySegments/678526c81f7108.44421725	false		high
https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32	false		high
https://app.box.com/app-api/split-proxy/api/mySegments/-1	false		high
https://app.box.com/app-api/split-proxy/api/mySegments/2	false		high
https://app.box.com/app-api/end-user-web/sign-settings?typedIDs=f_1748539458374	false		high
https://login.hrmails.online/s/80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268	false	Avira URL Cloud: safe	unknown
https://app.box.com/gen204	false		high
https://login.hrmails.online/	true	Avira URL Cloud: safe	unknown
https://app.box.com/index.php?rm=box_gen204_batch_record	false		high
https://app.box.com/app-api/split-proxy/api/testImpressions/beacon	false		high
https://app.box.com/api/2.0/files/1748539458374?fields=watermark_info	false		high
https://login.hrmails.online/s/80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268.js	false	Avira URL Cloud: safe	unknown
https://live.hrmails.online/Me.htm?v=3	false	Avira URL Cloud: safe	unknown
https://api.box.com/2.0/files/1748539458374?fields=permissions,shared_link,sha1,file_version,name,size,extension,representations,watermark_info,authenticated_download_url,is_download_available	false		high
https://login.hrmails.online/favicon.ico	false	Avira URL Cloud: safe	unknown
https://login.hrmails.online/common/GetCredentialType?mkt=en-US	false	Avira URL Cloud: safe	unknown
https://app.box.com/app-api/split-proxy/api/splitChanges?s=1.1&since=-1	false		high
https://app.box.com/app-api/split-proxy/api/testImpressions/count/beacon	false		high
https://app.box.com/app-api/enduserapp/elements/tokens	false		high
https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	false		unknown
https://app.box.com/app-api/enduserapp/current-user/features/secondary	false		high
https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1&ui_locales=en-US&mkt=en-US&client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f&state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	true		unknown
https://app.box.com/api/2.0/files/1748539458374/metadata/global/boxSign	false		high
https://api.box.com/2.0/events	false		high
https://public.boxcloud.com/api/2.0/internal_files/1748539458374/versions/1925739332568/representations/jpg_1024x1024/content/?access_token=1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6&shared_link=https%3A%2F%2Fapp.box.com%2Fs%2Fit1hhxczqyf0qxif41bma48tat7sqs32&box_client_name=box-content-preview&box_client_version=3.0.0	false		high
https://public.boxcloud.com/api/2.0/internal_files/1748539458374/versions/1925739332568/representations/pdf/content/?access_token=1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6&shared_link=https%3A%2F%2Fapp.box.com%2Fs%2Fit1hhxczqyf0qxif41bma48tat7sqs32&box_client_name=box-content-preview&box_client_version=3.0.0	false		high
https://login.hrmails.online/verify/bfdocs	false	Avira URL Cloud: safe	unknown
https://www.hrmails.online/login	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.jsdelivr.com/using-sri-with-dynamic-files	chromecache_275.2.dr	false		high
http://blog.stevenlevithan.com/archives/parseuri	chromecache_193.2.dr, chromecache_308.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/derek-watson/jsUri	chromecache_193.2.dr, chromecache_308.2.dr	false		high
https://support.box.com	chromecache_193.2.dr, chromecache_308.2.dr	false		high
https://login.hrmails.online/verify/bfdocs)	chromecache_303.2.dr, chromecache_211.2.dr	false	Avira URL Cloud: safe	unknown
http://www.box.com)	chromecache_228.2.dr, chromecache_193.2.dr, chromecache_308.2.dr	false	Avira URL Cloud: safe	unknown
http://jedwatson.github.io/classnames	chromecache_193.2.dr, chromecache_308.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.112.186.157	api.box.com	United States	33011	BOXNETUS	false
74.112.186.164	public.boxcloud.com	United States	33011	BOXNETUS	false
74.112.186.159	pendo-data-prod.box.com	United States	33011	BOXNETUS	false
157.230.52.149	www.hrmails.online	United States	14061	DIGITALOCEAN-ASNUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.23.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1590104
Start date and time:	2025-01-13 15:43:24 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@17/253@34/7

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.99, 142.250.185.206, 64.233.166.84, 142.250.185.110, 142.250.186.46, 142.250.186.174, 104.16.144.15, 104.16.145.15, 199.232.214.172, 192.229.221.95, 142.250.185.174, 142.250.181.234, 142.250.186.170, 216.58.212.170, 142.250.185.170, 142.250.186.42, 142.250.185.234, 172.217.16.138, 216.58.206.42, 142.250.74.202, 216.58.212.138, 172.217.18.106, 142.250.186.74, 142.250.186.106, 142.250.184.202, 142.250.185.202, 142.250.186.138, 172.217.23.110, 142.250.185.142, 23.40.179.12, 23.40.179.27, 20.189.173.24, 172.217.18.10, 142.250.185.138, 104.46.162.225, 142.250.185.163, 142.250.184.206, 142.250.186.78, 2.23.242.162, 20.109.210.53, 13.107.246.45, 13.107.253.45, 4.175.87.197
Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, clientservices.googleapis.com, browser.events.data.trafficmanager.net, a1894.dscb.akamai.net, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, update.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, aadcdn.msauth.net, onedscolprdaus01.australiasoutheast.cloudapp.azure.com, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, browser.events.data.microsoft.com, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, aadcdnoriginwus2.afd.azureedge.net, onedscolprdwus23.westus.cloudapp.azure.com, clients.l.google.com, cdn01.boxcdn.net.cdn.cloudflare.net
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32

Input	Output
URL: https://app.box.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://app.box.com
URL: https://login.hrmails.online/common/oauth2/v2.0/au... Model: Joe Sandbox AI	{ "risk_score": 7, "reasoning": "This script demonstrates several high-risk behaviors, including redirecting the user to an unknown domain and potentially collecting sensitive information (session ID) without transparency. While the script may have a legitimate purpose, such as preventing unauthorized framing, the lack of context and the use of obfuscated code raise significant security concerns." }
//<![CDATA[ !function(){var e=window,s=e.document,i=e.$Config\|\|{};if(e.self===e.top){s&&s.body&&(s.body.style.display="block")}else if(!i.allowFrame){var o,t,r,f,n,d;if(i.fAddTryCatchForIFrameRedirects){try{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f\|\|r&&f>t?"?":"&",o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}catch(e){}}else{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f\|\|r&&f>t?"?":"&", o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}}}(); //
URL: https://live.hrmails.online/Me.htm?v=3... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script appears to be handling user authentication and session management, which is a common and legitimate functionality. However, it uses some practices that raise moderate concerns, such as sending user data to external domains and using legacy APIs like XDomainRequest. Further review may be needed to ensure the script is not misusing the data or engaging in any suspicious activities." }
!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s(\w+)\s=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p\|\|s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("\|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.isSignedIn=h===g.SignedInToRP\|\|h===g.SignedInToIDP)}if(l>=6){var m=parseInt(S[5],16);m&&(c.isWindowsSso=0!==(m&u.IsWindowsSso))}if(l>=7){var v=parseInt(S[6],16);v&&(c.remoteIdpFlags=v)}l>=8&&(c.sessionId=S[7]),c&&(e.push(c),s[c.signInName]=!0)}}function a(t){if(t&&s(t.origin)&&t.data)try{var e=JSON.parse(t.data);if("startStaticMe"!==e.messageType)return;r(t.origin,e)}catch(n){return}}function o(t,e){return 1===t?e:t>=2?decodeURIComponent(e):null}function r(t,e){var s=n("JSH"),a=n("JSHP"),o=!0,r={transientState:"",persistentState:"",hasStorageAccess:0},S={messageType:"msaMeCached",version:2,userList:[],tilesState:r};try{var l={};i(s,S.userList,l),i(a,S.userList,l),console.log(e.useMsaSessionState),e.useMsaSessionState===!0&&(0!=S.userList.length?(S.tilesState.hasStorageAccess=2,S.tilesState.transientState=s,S.tilesState.persistentState=a):"function"==typeof document.hasStorageAccess?(o=!1,document.hasStorageAccess().then(function(n){console.log("Storage access:",n),n?(S.tilesState.hasStorageAccess=2,S.tilesState.transientState=s,S.tilesState.persistentState=a):e.sessionState&&(S.tilesState.hasStorageAccess=1,e.sessionState.transientState&&(S.tilesState.transientState=e.sessionState.transientState,i(e.sessionState.transientState,S.userList,l)),e.sessionState.persistentState&&(S.tilesState.persistentState=e.sessionState.persistentState,i(e.sessionState.persistentState,S.userList,l))),t&&c.parent.postMessage(JSON.stringify(S),t)})["catch"](function(e){console.error("Error checking storage access:",e),S.error=e.message,t&&c.parent.postMessage(JSON.stringify(S),t)})):(S.tilesState.hasStorageAccess=2,S.tilesState.transientState=s,S.tilesState.persistentState=a))}catch(p){S.error=p.message}t&&o&&c.parent.postMessage(JSON.stringify(S),t)}var c=window,S="prod",l="",p="",g={None:0,SignedInToRP:1,SignedInToIDP:2,Remembered:3},u={None:0,IsWindowsSso:1},f={dev:[l,p],"int":["https://login.windows-ppe.net"],prod:["https://login.hrmails.online","https://login.microsoft.com","https://device.login.hrmails.online","https://login.windows-ppe.net","https://login.windows.net","https://login.microsoftonline.de","https://login.partner.microsoftonline.cn","https://login.chinacloudapi.cn","https://login.microsoftonline.us","https://login-us.microsoftonline.com","https://logincert.microsoftonline.com"]};!function(){c.postMessage&&(c.addEventListener?c.addEventListener("message",a):c.attachEvent("message",a))}()}]));
URL: https://login.hrmails.online/common/oauth2/v2.0/au... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns. It includes external data transmission to third-party domains, the use of fallback domains, and aggressive DOM manipulation. While the script appears to be related to authentication and login functionality, the extensive use of obfuscated URLs and the presence of multiple domains of unknown reputation warrant further investigation. Overall, this script requires closer scrutiny to determine its true purpose and potential risks." }
//<![CDATA[ $Config={"fShowPersistentCookiesWarning":false,"urlMsaSignUp":"https://live.hrmails.online/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca\u0026scope=openid+profile+https%3a%2f%2fwww.hrmails.online%2fv2%2fOfficeHome.All\u0026redirect_uri=https%3a%2f%2fwww.hrmails.online%2flandingv2\u0026response_type=code+id_token\u0026state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA\u0026response_mode=form_post\u0026nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1\u0026x-client-SKU=ID_NET8_0\u0026x-client-Ver=7.5.1.0\u0026uaid=8d18198764134d3d927cbe29ef9b337f\u0026msproxy=1\u0026issuer=mso\u0026tenant=common\u0026ui_locales=en-US\u0026signup=1\u0026lw=1\u0026fl=easi2\u0026epct=PAQABDgEAAABVrSpeuWamRam2jAF1XRQEVVt35BW2O_BQDN1W80B2sONowDNCoeip6hFfFHLn2SDA8443SF3q6swP26yvqMnr2Uqs3WfTtziu6UzjcKv28SJzuvKR-IOkjA9Q_qeqLg38EZL7iGwgNL5lIxKS77ztXJBECyMK0p0mNhrMEJ_YbvHB1bVRENfhOfgdK1JgBlmqsgLAoKxEPvWeIe4PujAvF4sd0IQwftYI74d0NmqD1iAA\u0026jshs=0","urlMsaLogout":"https://live.hrmails.online/logout.srf?iframed_by=https%3a%2f%2flogin.hrmails.online","urlOtherIdpForget":"https://live.hrmails.online/forgetme.srf?iframed_by=https%3a%2f%2flogin.hrmails.online","showCantAccessAccountLink":true,"urlGitHubFed":"https://live.hrmails.online/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca\u0026scope=openid+profile+https%3a%2f%2fwww.hrmails.online%2fv2%2fOfficeHome.All\u0026redirect_uri=https%3a%2f%2fwww.hrmails.online%2flandingv2\u0026response_type=code+id_token\u0026state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA\u0026response_mode=form_post\u0026nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1\u0026x-client-SKU=ID_NET8_0\u0026x-client-Ver=7.5.1.0\u0026uaid=8d18198764134d3d927cbe29ef9b337f\u0026msproxy=1\u0026issuer=mso\u0026tenant=common\u0026ui_locales=en-US\u0026epct=PAQABDgEAAABVrSpeuWamRam2jAF1XRQE_J7QKCYqeXx1ZQIWsMXaTYtSCZb5kahmCa_o7KYBV0PAwNdjGo6eEkqnKrYEl_-8LGdYzWOZAz-bvkLBxhWvzl_NK5uOJGo55-lwelIMJM7gAEct3Ty-zRJoKeogg2wbZ2DNbNlRzZCgEhwsb59ksvWnbuf8wibAH0SbuTRXWH_J2dp6IJlqKiRGIg8eR7JM5wei9_zbNiZwQLMR7tfDsyAA\u0026jshs=0\u0026idp_hint=github.com","arrExternalTrustedRealmFederatedIdps":[],"fShowSignInWithGitHubOnlyOnCredPicker":true,"fEnableShowResendCode":true,"iShowResendCodeDelay":90000,"sSMSCtryPhoneData":"AF~Afghanistan~93!!!AX~land Islands~358!!!AL~Albania~355!!!DZ~Algeria~213!!!AS~American Samoa~1!!!AD~Andorra~376!!!AO~Angola~244!!!AI~Anguilla~1!!!AG~Antigua and Barbuda~1!!!AR~Argentina~54!!!AM~Armenia~374!!!AW~Aruba~297!!!AC~Ascension Island~247!!!AU~Australia~61!!!AT~Austria~43!!!AZ~Azerbaijan~994!!!BS~Bahamas~1!!!BH~Bahrain~973!!!BD~Bangladesh~880!!!BB~Barbados~1!!!BY~Belarus~375!!!BE~Belgium~32!!!BZ~Belize~501!!!BJ~Benin~229!!!BM~Bermuda~1!!!BT~Bhutan~975!!!BO~Bolivia~591!!!BQ~Bonaire~599!!!BA~Bosnia and Herzegovina~387!!!BW~Botswana~267!!!BR~Brazil~55!!!IO~British Indian Ocean Territory~246!!!VG~British Virgin Islands~1!!!BN~Brunei~673!!!BG~Bulgaria~359!!!BF~Burkina Faso~226!!!BI~Burundi~257!!!CV~Cabo Verde~238!!!KH~Cambodia~855!!!CM~Cameroon~237!!!CA~Canada~1!!!KY~Cayman Islands~1!!!CF~Central African Republic~236!!!TD~Chad~235!!!CL~Chile~56!!!CN~China~86!!!CX~Christmas Island~61!!!CC~Cocos (Keeling) Islands~61!!!CO~Colombia~57!!!KM~Comoros~269!!!CG~Congo~242!!!CD~Congo (DRC)~243!!!CK~Cook Islands~682!!!CR~Costa Rica~506!!!CI~Cte d\u0027Ivoire~225!!!HR~Croatia~385!!!CU~Cuba~53!!!CW~Curaao~
URL: https://login.hrmails.online/common/oauth2/v2.0/au... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a utility library for managing asynchronous script loading and execution. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script primarily focuses on handling document ready and load events, as well as providing a simple API for registering and executing scripts. While it uses some legacy practices like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script seems to be a benign utility with no clear signs of malicious intent." }
//<![CDATA[ !function(){var e=window,r=e.$Debug=e.$Debug\|\|{},t=e.$Config\|\|{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog\|\|25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs\|\|[],u=n.$WebWatson;try{ var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r\|\|this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do\|\|(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)\|\|o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n\|\|(a=n, u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){ for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener\|\|"load"===e.type\|\|"complete"===r.readyState)&&t()}function i(){ r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){ return f.$Config\|\|f.ServerData\|\|{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src\|\|r.href\|\|"")+"'",e+=", id:"+(r.id\|\|""),e+=", async:"+(r.async\|\|""),e+=", defer:"+(r.defer\|\|"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")\|\|-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){ var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+v.length).toLowerCase()===v}function i(){var r=e();return(r.loader\|\|{}).slReportFailure\|\|r.slReportFailure\|\|!1}function a(){return(e().loader\|\|{}).redirectToErrorPageOnLoadFailure\|\|!1}function s(){return(e().loader\|\|{}).logByThrowing\|\|!1}function u(e){if(!t()&&!n()){return!1}var r=e.src\|\|e.href\|\|"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0} if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("integrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){ var r=g.createElement("script"),t=g.querySelector("s
URL: https://login.hrmails.online/common/oauth2/v2.0/au... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns, including: 1. External Data Transmission (+2 points): The script sends user data to the domain 'login.hrmails.online' via the 'urlPost' configuration. 2. Fallback Domains (+2 points): The script uses multiple fallback domains, including 'autologon.microsoftazuread-sso.com', which may be of unknown or dubious reputation. 3. Aggressive DOM Manipulation (+2 points): The script appears to heavily manipulate the DOM, as evidenced by the large number of configuration options. While the script may have legitimate purposes, such as authentication and user session management, the combination of these behaviors warrants further review to ensure there are no underlying security risks or malicious intent. The final risk score of 6 places this script in the 'Medium Risk' category, requiring additional investigation." }
//<![CDATA[ $Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://aadcdn.msauth.net/shared/1.0/","urlDefaultFavicon":"https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/common/oauth2/v2.0/authorize?client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f\u0026client_id=4765445b-32c6-49b0-83e6-1d93765276ca\u0026mkt=en-US\u0026nonce=638723762945845626.MDA0MmRiOGUtNGZmZi00MzQ5LTkwOWItNjliNWU0YjVlYzZmMGQ1NzZiOGItMDhlNi00NDBjLWIzZmEtMzdiNjYzZWJiYTg1\u0026redirect_uri=https%3a%2f%2fwww.hrmails.online%2flandingv2\u0026response_mode=form_post\u0026response_type=code+id_token\u0026scope=openid+profile+https%3a%2f%2fwww.hrmails.online%2fv2%2fOfficeHome.All\u0026state=5xU1SIKSnToE-rdsR3RTky_MYaItZNbl-NwMphJZd9JCUpOqkt3lNasH9YQ90ZAErtOWnRptvWE2Xn2w428g97HyE7ir4ilHYgqdbL2sYTus3rvgnKZxYdpnc9yDZiagolgXKGZ_b3ho_vaie_xDDWZpK8BUVr1jTAij5hVNsnXENTdQkfKficrFKdOlUewE0f4iLWLGZv4CMkJNKcmNss6H9kZkXKpAMciRi3ZI14IxK51jNDVbZ61UCak-_GrMuSdQH0H3XhJ1qywC9nvCjA\u0026ui_locales=en-US\u0026x-client-SKU=ID_NET8_0\u0026x-client-ver=7.5.1.0\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://login.hrmails.online/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/sso?client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f","iwaSsoProbeUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/ssoprobe?client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f","iwaIFrameUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/iframe?client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://autologon.microsoftazuread-sso.com/common/winauth/sso/edgeredirect?client-request-id=8d181987-6413-4d3d-927c-be29ef9b337f\u0026origin=login.hrmails.online\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fIsCiamUserFlowUxNewLogicEnabled":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fUseHighContrastDetectionMode":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"urlAcmaServerPath":"https://login.hrmails.online","sTenantId":"00000000-0000-0000-0000-000000000000","scid":1013,"hpgact":1800,"hpgid":6,"apiCanary":"PAQABDgEAAABVrSpeuWamRam2jAF1XRQE6RBgQV9IiioraktJkg0NT_Gox6-XJAOAm-h2Mj-kxrbA4MKRYFjfqJ_YLG6eaEulE29p7_zaw0I0O8iawM2oS8KFkWEgYV9SrFjnfHumsHvVN1hbfxVQvquvhgiUgiTk0hFWBz83wIG-gPFYgnpnvTMV38b7nlorLX_8IAS1KzrPZ4qquVdZf2iOdBLU-4jMZEJzMuyBP2V8bCfR4K67NyAA","canary":"V0zJObnbqMjUKNo9vPYlcuGezGHnrVD89H1W0G+ZS7g=3:1:CANARY:8zotLz2E8s2s/c3Nze3cvTvcejo8bBTb8aJvSD+OtYc=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"8d181987-6413-4d3d-927c-be29ef9b337f","sessionId":"b0a9058b-095d-4894-8c46-8e4b3a062700","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"
URL: https://login.hrmails.online/s/80ef0cb0ce1befe6dfb... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a legitimate function that fetches a redirect URL from a server and redirects the user to that URL. While it uses the `fetch` API and includes cookies in the request, the behavior is consistent with typical redirection functionality and does not exhibit any high-risk indicators. The script handles errors and retries the request on failure, which is a common practice. Overall, the script seems to be implementing a standard redirection mechanism without any obvious malicious intent." }
function getRedirect(sid) { var url = "/s/" + sid; console.log("fetching: " + url); fetch(url, { method: "GET", headers: { "Content-Type": "application/json" }, credentials: "include" }) .then((response) => { if (response.status == 200) { return response.json(); } else if (response.status == 408) { console.log("timed out"); getRedirect(sid); } else { throw "http error: " + response.status; } }) .then((data) => { if (data !== undefined) { console.log("api: success:", data); top.location.href=data.redirect_url; } }) .catch((error) => { console.error("api: error:", error); setTimeout(function () { getRedirect(sid) }, 10000); }); } getRedirect('80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268');
URL: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOffic Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Sign in", "prominent_button_name": "Next", "text_input_field_labels": [ "auziuy@tez.org" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOffic Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOffic Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'login.hrmails.online' does not match the legitimate domain for Microsoft.", "The domain 'hrmails.online' is not associated with Microsoft and appears suspicious.", "The use of a generic domain extension '.online' is often used in phishing attempts.", "The URL structure does not include any direct reference to Microsoft, which is a red flag." ], "riskscore": 9} Google indexed: False
URL: login.hrmails.online Brands: Microsoft Input Fields: auziuy@tez.org
URL: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOffic Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "We couldn't find an account with that username. Try another, or get a new Microsoft account.", "prominent_button_name": "Next", "text_input_field_labels": [ "auziuy@tez.org" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOffic Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOffic Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'login.hrmails.online' does not match the legitimate domain for Microsoft.", "The domain 'hrmails.online' is not associated with Microsoft and appears suspicious.", "The use of a generic domain extension '.online' and the presence of 'hrmails' in the domain name are unusual and could indicate phishing.", "The email domain 'tez.org' in the input fields does not provide any additional legitimacy to the Microsoft brand association." ], "riskscore": 9} Google indexed: False
URL: login.hrmails.online Brands: Microsoft Input Fields: auziuy@tez.org

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 13 13:44:18 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9766922615246014
Encrypted:	false
SSDEEP:	48:8tdnT//XHMidAKZdA19ehwiZUklqehZy+3:8HTK6y
MD5:	DB35927C00B17C615D8AFFC760884374
SHA1:	1961F068A7C4F92D6CEAA4DF97FE632A1DFF826D
SHA-256:	05FAC8A1CB7805B1BEE7CE7BC0AFCE44A233A9D020178E13DB5E461205800430
SHA-512:	BF8E7FF4A59EAB5B7259FB5E8950E7C58F7022151FCE5731A3A43F27ACD5ADD5A5AF02461D9AE87F4DD52B94C180B310A46B93F6524AD486BB2CF0704A7123B4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......:..e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I-Z.u....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V-Z.u....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V-Z.u....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V-Z.u..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V-Z.u...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............!E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 15:44:17.045074940 CET	53	64996	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:17.065318108 CET	53	51646	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:18.076524019 CET	53	63483	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:21.603697062 CET	52983	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:21.603823900 CET	64105	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:21.610589027 CET	53	64105	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:21.610661030 CET	53	52983	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:22.899180889 CET	50401	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:22.899533987 CET	56160	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:23.515258074 CET	53	50401	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:23.523101091 CET	53	56160	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:24.399028063 CET	62822	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:24.399188995 CET	61791	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:25.100384951 CET	62588	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:25.100604057 CET	59720	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:28.653887033 CET	65187	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:28.654114962 CET	56331	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:28.661153078 CET	53	65187	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:28.661705971 CET	53	56331	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:30.557888031 CET	50386	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:30.558005095 CET	53468	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:30.688136101 CET	53	50386	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:30.695725918 CET	53	53468	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:31.421381950 CET	60199	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:31.423333883 CET	49628	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:31.428684950 CET	53	60199	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:31.444000006 CET	53	49628	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:35.212802887 CET	53	49318	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:35.689356089 CET	51257	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:35.689541101 CET	49531	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:35.696521044 CET	53	51257	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:35.696708918 CET	53	49531	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:37.185525894 CET	50700	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:37.185885906 CET	53911	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:37.192393064 CET	53	50700	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:37.193242073 CET	53	53911	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:37.200931072 CET	50120	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:37.201334953 CET	52905	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:37.208158016 CET	53	50120	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:37.221457005 CET	53	52905	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:38.413433075 CET	53076	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:38.413650990 CET	65087	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:38.430639029 CET	53	65087	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:38.433531046 CET	53	53076	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:38.546194077 CET	53	55159	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:52.980675936 CET	62260	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:52.980802059 CET	58237	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:52.988874912 CET	53	62260	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:52.991795063 CET	53	58237	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:53.992767096 CET	60224	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:53.992927074 CET	56294	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:54.004676104 CET	53	60224	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:54.008729935 CET	53	56294	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:54.283819914 CET	53	65023	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:56.375046968 CET	62027	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:56.375046968 CET	56841	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:56.387300968 CET	53	56841	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:56.398825884 CET	53	62027	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:57.302094936 CET	54768	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:57.302216053 CET	59618	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:57.308726072 CET	53	54768	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:57.329273939 CET	51266	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:57.329459906 CET	49324	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:57.335767031 CET	53	51266	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:57.335973024 CET	53	49324	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:58.195045948 CET	51949	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:58.195161104 CET	61016	53	192.168.2.5	1.1.1.1
Jan 13, 2025 15:44:58.203082085 CET	53	61016	1.1.1.1	192.168.2.5
Jan 13, 2025 15:44:58.206219912 CET	53	51949	1.1.1.1	192.168.2.5
Jan 13, 2025 15:45:01.939672947 CET	53	55807	1.1.1.1	192.168.2.5
Jan 13, 2025 15:45:16.814755917 CET	53	65123	1.1.1.1	192.168.2.5
Jan 13, 2025 15:45:17.009248018 CET	53	56768	1.1.1.1	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:23 UTC	688	OUT	GET /s/it1hhxczqyf0qxif41bma48tat7sqs32 HTTP/1.1 Host: app.box.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 14:44:24 UTC	1056	IN	HTTP/1.1 200 OK date: Mon, 13 Jan 2025 14:44:24 GMT content-type: text/html; charset=utf-8 x-robots-tag: noindex, nofollow strict-transport-security: max-age=31536000 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache set-cookie: z=e0nbhfs05jvfi7hinhshoqas1q; path=/; domain=.app.box.com; secure; HttpOnly set-cookie: z=e0nbhfs05jvfi7hinhshoqas1q; Path=/; Domain=.app.box.com; Secure; HttpOnly; SameSite=None set-cookie: box_visitor_id=678526c81f7108.44421725; expires=Tue, 13 Jan 2026 14:44:24 GMT; Max-Age=31536000; path=/; domain=.box.com; secure; SameSite=None set-cookie: bv=ISF-17076; expires=Mon, 20 Jan 2025 14:44:24 GMT; Max-Age=604800; path=/; domain=.app.box.com; secure set-cookie: cn=88; expires=Tue, 13 Jan 2026 14:44:24 GMT; Max-Age=31536000; path=/; domain=.app.box.com; secure set-cookie: site_preference=desktop; path=/; domain=.box.com; secure via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2025-01-13 14:44:24 UTC	334	IN	Data Raw: 31 61 38 36 0d 0a 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 72 65 73 69 6e 2d 63 6c 69 65 6e 74 3d 22 77 65 62 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 20 20 3c 74 69 74 6c 65 3e 42 6f 78 Data Ascii: 1a86 <!DOCTYPE html><html lang="en-US" data-resin-client="web"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <title>Box
2025-01-13 14:44:24 UTC	1390	IN	Data Raw: 3d 22 73 75 6d 6d 61 72 79 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 73 69 74 65 22 20 63 6f 6e 74 65 6e 74 3d 22 40 42 6f 78 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 4b 4f 20 49 72 65 6c 61 6e 64 20 50 6c 61 6e 6e 69 6e 67 20 26 61 6d 70 3b 20 45 6e 76 69 72 6f 6e 6d 65 6e 74 61 6c 20 43 6f 6e 73 75 6c 74 61 6e 63 79 2e 64 6f 63 78 20 7c 20 50 6f 77 65 72 65 64 20 62 79 20 42 6f 78 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 3c 6d 65 74 61 20 Data Ascii: ="summary"><meta name="twitter:site" content="@Box"><meta property="og:title" content="MKO Ireland Planning & Environmental Consultancy.docx \| Powered by Box"><meta property="og:type" content="website"><meta property="og:description" content=""><meta
2025-01-13 14:44:24 UTC	1390	IN	Data Raw: 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 30 31 2e 62 6f 78 63 64 6e 2e 6e 65 74 2f 65 6e 64 75 73 65 72 2f 76 65 6e 64 6f 72 73 7e 73 68 61 72 65 64 2e 64 62 66 35 35 61 38 30 64 38 2e 6a 73 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 30 31 2e 62 6f 78 63 64 6e 2e 6e 65 74 2f 65 6e 64 75 73 65 72 2f 76 65 6e 64 6f 72 73 7e 6f 62 73 65 72 76 61 62 69 6c 69 74 79 2e 36 65 Data Ascii: ossorigin="anonymous"> <link rel="preload" href="https://cdn01.boxcdn.net/enduser/vendors~shared.dbf55a80d8.js" as="script" type="text/javascript" crossorigin="anonymous"> <link rel="preload" href="https://cdn01.boxcdn.net/enduser/vendors~observability.6e
2025-01-13 14:44:24 UTC	1390	IN	Data Raw: 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 30 31 2e 62 6f 78 63 64 6e 2e 6e 65 74 2f 6d 6f 6e 65 79 2d 61 73 73 65 74 73 2f 62 6f 78 5f 6d 6f 6e 65 79 5f 63 6c 69 65 6e 74 5f 72 65 6d 6f 74 65 2e 30 2e 33 2e 38 36 2e 6a 73 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 30 31 2e 62 6f 78 63 64 6e 2e 6e 65 74 2f 73 69 67 6e 2d 61 73 73 65 74 73 2f 62 6f 78 5f 73 69 67 6e 5f 63 6c 69 65 6e 74 5f 72 65 6d 6f 74 65 2e 32 2e 32 39 2e 31 2e 6a 73 22 20 61 73 3d 22 73 63 72 69 Data Ascii: ="preload" href="https://cdn01.boxcdn.net/money-assets/box_money_client_remote.0.3.86.js" as="script" type="text/javascript" crossorigin="anonymous"> <link rel="preload" href="https://cdn01.boxcdn.net/sign-assets/box_sign_client_remote.2.29.1.js" as="scri
2025-01-13 14:44:24 UTC	1390	IN	Data Raw: 74 70 73 3a 2f 2f 63 64 6e 30 31 2e 62 6f 78 63 64 6e 2e 6e 65 74 2f 5f 61 73 73 65 74 73 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 73 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2d 31 31 34 78 31 31 34 2d 62 75 73 71 2d 44 2e 70 6e 67 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 32 30 78 31 32 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 30 31 2e 62 6f 78 63 64 6e 2e 6e 65 74 2f 5f 61 73 73 65 74 73 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 73 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2d 31 32 30 78 31 32 30 2d 4b 2d 75 34 55 35 2e 70 6e 67 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 34 Data Ascii: tps://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-114x114-busq-D.png"><link rel="apple-touch-icon" sizes="120x120" href="https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-120x120-K-u4U5.png"><link rel="apple-touch-icon" sizes="14
2025-01-13 14:44:24 UTC	904	IN	Data Raw: 2f 63 64 6e 30 31 2e 62 6f 78 63 64 6e 2e 6e 65 74 2f 5f 61 73 73 65 74 73 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 73 2f 6e 6f 74 69 66 69 63 61 74 69 6f 6e 2d 66 61 76 69 63 6f 6e 2d 31 36 78 31 36 2d 4f 75 35 4e 38 37 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 6d 61 6e 69 66 65 73 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 30 31 2e 62 6f 78 63 64 6e 2e 6e 65 74 2f 5f 61 73 73 65 74 73 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 73 2f 6d 61 6e 69 66 65 73 74 2d 72 77 31 41 45 50 2e 6a 73 6f 6e 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 6d 61 73 6b 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 30 31 2e 62 6f 78 63 64 6e 2e 6e 65 74 2f 5f 61 73 73 65 74 73 2f 69 6d 67 2f 66 Data Ascii: /cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-16x16-Ou5N87.png" sizes="16x16"><link rel="manifest" href="https://cdn01.boxcdn.net/_assets/img/favicons/manifest-rw1AEP.json"><link rel="mask-icon" href="https://cdn01.boxcdn.net/_assets/img/f
2025-01-13 14:44:24 UTC	1390	IN	Data Raw: 32 35 30 62 0d 0a 20 3c 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 73 63 72 69 70 74 2d 77 61 72 6e 69 6e 67 22 3e 20 4a 61 76 61 53 63 72 69 70 74 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 64 69 73 61 62 6c 65 64 20 69 6e 20 79 6f 75 72 20 62 72 6f 77 73 65 72 2e 20 59 6f 75 20 6d 75 73 74 20 68 61 76 65 20 4a 61 76 61 53 63 72 69 70 74 20 65 6e 61 62 6c 65 64 20 74 6f 20 74 61 6b 65 20 66 75 6c 6c 20 61 64 76 61 6e 74 61 67 65 20 6f 66 20 42 6f 78 2e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 61 70 70 22 20 63 6c 61 73 73 3d 22 72 65 61 63 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 42 6f 78 20 3d 20 77 69 6e 64 6f 77 2e 42 6f 78 20 7c Data Ascii: 250b <noscript><div class="noscript-warning"> JavaScript is currently disabled in your browser. You must have JavaScript enabled to take full advantage of Box.</div></noscript><div id="app" class="react-container"></div><script>window.Box = window.Box \|
2025-01-13 14:44:24 UTC	1390	IN	Data Raw: 49 4b 65 79 22 3a 22 33 73 64 35 6c 74 75 70 61 33 63 71 35 74 33 6f 76 6d 31 72 32 6b 65 61 72 36 69 34 6b 76 6d 65 62 34 32 61 22 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 5b 5d 2c 22 74 68 65 6d 65 22 3a 7b 22 69 64 22 3a 31 2c 22 69 73 44 65 66 61 75 6c 74 54 68 65 6d 65 22 3a 74 72 75 65 2c 22 70 72 69 6d 61 72 79 43 6f 6c 6f 72 22 3a 22 23 30 30 36 31 44 35 22 2c 22 6c 6f 67 6f 55 52 4c 73 22 3a 7b 22 73 6d 61 6c 6c 22 3a 6e 75 6c 6c 2c 22 6c 61 72 67 65 22 3a 6e 75 6c 6c 2c 22 70 72 65 76 69 65 77 22 3a 6e 75 6c 6c 2c 22 78 73 6d 61 6c 6c 22 3a 6e 75 6c 6c 2c 22 78 73 6d 61 6c 6c 32 78 22 3a 6e 75 6c 6c 2c 22 78 73 6d 61 6c 6c 33 78 22 3a 6e 75 6c 6c 7d 2c 22 6c 6f 67 6f 32 55 52 4c 73 22 3a 7b 22 73 6d 61 6c 6c 22 3a 6e 75 6c 6c 2c 22 6c 61 72 67 Data Ascii: IKey":"3sd5ltupa3cq5t3ovm1r2kear6i4kvmeb42a","enterprise":[],"theme":{"id":1,"isDefaultTheme":true,"primaryColor":"#0061D5","logoURLs":{"small":null,"large":null,"preview":null,"xsmall":null,"xsmall2x":null,"xsmall3x":null},"logo2URLs":{"small":null,"larg
2025-01-13 14:44:24 UTC	1390	IN	Data Raw: 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 66 75 6c 6c 56 65 72 73 69 6f 6e 53 68 69 65 6c 64 22 3a 66 61 6c 73 65 2c 22 67 6f 6f 67 6c 65 44 53 53 46 65 61 74 75 72 65 46 6c 69 70 22 3a 66 61 6c 73 65 2c 22 68 75 62 73 22 3a 74 72 75 65 2c 22 68 75 62 73 50 72 6f 76 69 73 69 6f 6e 65 64 22 3a 66 61 6c 73 65 2c 22 68 75 62 73 43 72 65 61 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 68 75 62 73 47 61 6c 6c 65 72 79 22 3a 66 61 6c 73 65 2c 22 6d 65 74 61 64 61 74 61 22 3a 66 61 6c 73 65 2c 22 6e 6f 74 65 73 22 3a 74 72 75 65 2c 22 6f 6e 62 6f 61 72 64 69 6e 67 45 78 70 65 72 69 65 6e 63 65 41 70 69 22 3a 66 61 6c 73 65 2c 22 6f 70 65 6e 57 69 74 68 50 72 6f 67 72 61 6d 22 3a 66 61 6c 73 65 2c 22 6f 77 6e 65 64 42 79 4d 65 22 3a 66 61 6c 73 65 2c 22 70 72 65 76 69 Data Ascii: abled":false,"fullVersionShield":false,"googleDSSFeatureFlip":false,"hubs":true,"hubsProvisioned":false,"hubsCreation":false,"hubsGallery":false,"metadata":false,"notes":true,"onboardingExperienceApi":false,"openWithProgram":false,"ownedByMe":false,"previ
2025-01-13 14:44:24 UTC	1390	IN	Data Raw: 61 5f 65 78 70 65 72 69 6d 65 6e 74 5f 73 70 6c 69 74 5f 69 6f 22 3a 74 72 75 65 2c 22 65 75 61 5f 65 78 70 65 72 69 6d 65 6e 74 5f 73 70 6c 69 74 5f 70 72 6f 78 79 22 3a 74 72 75 65 2c 22 65 75 61 5f 65 78 70 65 72 69 6d 65 6e 74 5f 72 65 73 70 6f 6e 73 69 76 65 5f 77 65 62 22 3a 74 72 75 65 2c 22 65 75 61 5f 65 78 70 65 72 69 6d 65 6e 74 5f 6c 69 73 74 5f 76 69 65 77 5f 65 6e 68 61 6e 63 65 6d 65 6e 74 73 22 3a 74 72 75 65 2c 22 65 75 61 5f 65 78 70 65 72 69 6d 65 6e 74 5f 67 72 69 64 5f 76 69 65 77 5f 65 6e 68 61 6e 63 65 6d 65 6e 74 73 22 3a 74 72 75 65 2c 22 65 75 61 5f 65 78 70 65 72 69 6d 65 6e 74 5f 70 72 65 76 69 65 77 5f 65 73 6c 5f 70 6f 73 74 5f 67 61 22 3a 74 72 75 65 7d 2c 22 70 72 65 76 69 65 77 22 3a 7b 22 61 70 69 48 6f 73 74 22 3a 22 68 Data Ascii: a_experiment_split_io":true,"eua_experiment_split_proxy":true,"eua_experiment_responsive_web":true,"eua_experiment_list_view_enhancements":true,"eua_experiment_grid_view_enhancements":true,"eua_experiment_preview_esl_post_ga":true},"preview":{"apiHost":"h

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:28 UTC	803	OUT	GET /app-api/enduserapp/current-user/features/secondary HTTP/1.1 Host: app.box.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / X-Box-Client-Version: 23.25.1 X-Box-Client-Name: enduserapp sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
2025-01-13 14:44:28 UTC	748	IN	HTTP/1.1 200 OK date: Mon, 13 Jan 2025 14:44:28 GMT content-type: application/json; charset=utf-8 strict-transport-security: max-age=31536000 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache set-cookie: z=e0nbhfs05jvfi7hinhshoqas1q; Path=/; Domain=.app.box.com; Secure; HttpOnly; SameSite=None set-cookie: box_visitor_id=678526c81f7108.44421725; expires=Tue, 13 Jan 2026 14:44:28 GMT; Max-Age=31536000; path=/; domain=.box.com; secure; SameSite=None set-cookie: site_preference=desktop; path=/; domain=.box.com; secure x-enduserapp-currentversion: 23.25.1 via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2025-01-13 14:44:28 UTC	293	IN	Data Raw: 31 31 39 0d 0a 7b 22 66 65 61 74 75 72 65 73 22 3a 7b 22 63 61 6e 41 64 64 53 65 61 74 73 22 3a 66 61 6c 73 65 2c 22 63 68 61 74 62 6f 74 22 3a 66 61 6c 73 65 2c 22 70 65 72 73 69 73 74 65 6e 74 44 72 69 76 65 50 72 6f 6d 6f 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 75 70 67 72 61 64 65 49 6e 6c 69 6e 65 22 3a 66 61 6c 73 65 2c 22 63 61 6e 55 70 67 72 61 64 65 54 72 69 61 6c 22 3a 66 61 6c 73 65 2c 22 75 6e 75 73 65 64 4d 61 6e 61 67 65 64 55 73 65 72 43 6f 75 6e 74 22 3a 6e 75 6c 6c 2c 22 75 6e 75 73 65 64 4d 61 6e 61 67 65 64 55 73 65 72 50 6c 75 73 4f 76 65 72 61 67 65 41 6c 6c 6f 77 61 6e 63 65 43 6f 75 6e 74 22 3a 6e 75 6c 6c 2c 22 69 73 45 6c 69 67 69 62 6c 65 46 6f 72 49 59 54 41 64 64 55 73 65 72 73 22 3a 66 61 6c 73 65 2c 22 69 73 4d 65 72 67 65 64 Data Ascii: 119{"features":{"canAddSeats":false,"chatbot":false,"persistentDrivePromotion":false,"upgradeInline":false,"canUpgradeTrial":false,"unusedManagedUserCount":null,"unusedManagedUserPlusOverageAllowanceCount":null,"isEligibleForIYTAddUsers":false,"isMerged

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:28 UTC	840	OUT	GET /app-api/split-proxy/api/mySegments/-1 HTTP/1.1 Host: app.box.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 SplitSDKVersion: javascript-10.28.0 Authorization: Bearer 3sd5ltupa3cq5t3ovm1r2kear6i4kvmeb42a User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Accept: application/json sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
2025-01-13 14:44:29 UTC	353	IN	HTTP/1.1 200 OK date: Mon, 13 Jan 2025 14:44:29 GMT content-type: application/json; charset=utf-8 x-envoy-upstream-service-time: 4 strict-transport-security: max-age=31536000 box-request-id: 0ba6618d2c7905005933402ae01da03b via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2025-01-13 14:44:29 UTC	28	IN	Data Raw: 31 31 0d 0a 7b 22 6d 79 53 65 67 6d 65 6e 74 73 22 3a 5b 5d 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 11{"mySegments":[]}0

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:28 UTC	854	OUT	GET /app-api/split-proxy/api/splitChanges?s=1.1&since=-1 HTTP/1.1 Host: app.box.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 SplitSDKVersion: javascript-10.28.0 Authorization: Bearer 3sd5ltupa3cq5t3ovm1r2kear6i4kvmeb42a User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Accept: application/json sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
2025-01-13 14:44:29 UTC	355	IN	HTTP/1.1 200 OK date: Mon, 13 Jan 2025 14:44:29 GMT content-type: application/json; charset=utf-8 x-envoy-upstream-service-time: 26 strict-transport-security: max-age=31536000 box-request-id: 0272508d02a2527b6b267611d398e532b via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2025-01-13 14:44:29 UTC	1035	IN	Data Raw: 32 65 63 64 0d 0a 7b 22 74 69 6c 6c 22 3a 31 37 33 36 37 37 38 39 35 32 37 35 32 2c 22 73 69 6e 63 65 22 3a 2d 31 2c 22 73 70 6c 69 74 73 22 3a 5b 7b 22 63 68 61 6e 67 65 4e 75 6d 62 65 72 22 3a 31 36 39 30 34 38 34 34 34 31 34 32 32 2c 22 74 72 61 66 66 69 63 54 79 70 65 4e 61 6d 65 22 3a 22 65 6e 74 65 72 70 72 69 73 65 5f 69 64 22 2c 22 6e 61 6d 65 22 3a 22 65 6e 74 65 72 70 72 69 73 65 5f 65 6e 74 65 72 70 72 69 73 65 2d 61 64 6d 69 6e 5f 69 6e 74 65 72 6e 61 6c 5f 61 64 6d 69 6e 5f 64 6f 6d 61 69 6e 5f 76 65 72 69 66 69 63 61 74 69 6f 6e 5f 74 79 70 65 22 2c 22 74 72 61 66 66 69 63 41 6c 6c 6f 63 61 74 69 6f 6e 22 3a 31 30 30 2c 22 74 72 61 66 66 69 63 41 6c 6c 6f 63 61 74 69 6f 6e 53 65 65 64 22 3a 35 37 36 38 33 39 31 31 33 2c 22 73 65 65 64 22 3a Data Ascii: 2ecd{"till":1736778952752,"since":-1,"splits":[{"changeNumber":1690484441422,"trafficTypeName":"enterprise_id","name":"enterprise_enterprise-admin_internal_admin_domain_verification_type","trafficAllocation":100,"trafficAllocationSeed":576839113,"seed":
2025-01-13 14:44:29 UTC	1390	IN	Data Raw: 6c 6f 63 61 74 69 6f 6e 53 65 65 64 22 3a 2d 32 30 39 35 32 36 38 34 34 2c 22 73 65 65 64 22 3a 31 30 34 35 37 37 36 39 32 39 2c 22 73 74 61 74 75 73 22 3a 22 41 43 54 49 56 45 22 2c 22 6b 69 6c 6c 65 64 22 3a 66 61 6c 73 65 2c 22 64 65 66 61 75 6c 74 54 72 65 61 74 6d 65 6e 74 22 3a 22 6f 6e 22 2c 22 61 6c 67 6f 22 3a 32 2c 22 63 6f 6e 64 69 74 69 6f 6e 73 22 3a 5b 7b 22 63 6f 6e 64 69 74 69 6f 6e 54 79 70 65 22 3a 22 52 4f 4c 4c 4f 55 54 22 2c 22 6d 61 74 63 68 65 72 47 72 6f 75 70 22 3a 7b 22 63 6f 6d 62 69 6e 65 72 22 3a 22 41 4e 44 22 2c 22 6d 61 74 63 68 65 72 73 22 3a 5b 7b 22 6b 65 79 53 65 6c 65 63 74 6f 72 22 3a 7b 22 74 72 61 66 66 69 63 54 79 70 65 22 3a 22 65 6e 74 65 72 70 72 69 73 65 5f 69 64 22 2c 22 61 74 74 72 69 62 75 74 65 22 3a 6e 75 Data Ascii: locationSeed":-209526844,"seed":1045776929,"status":"ACTIVE","killed":false,"defaultTreatment":"on","algo":2,"conditions":[{"conditionType":"ROLLOUT","matcherGroup":{"combiner":"AND","matchers":[{"keySelector":{"trafficType":"enterprise_id","attribute":nu
2025-01-13 14:44:29 UTC	1390	IN	Data Raw: 3a 30 7d 2c 7b 22 74 72 65 61 74 6d 65 6e 74 22 3a 22 6f 66 66 22 2c 22 73 69 7a 65 22 3a 31 30 30 7d 5d 2c 22 6c 61 62 65 6c 22 3a 22 64 65 66 61 75 6c 74 20 72 75 6c 65 22 7d 5d 2c 22 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 73 22 3a 7b 7d 2c 22 73 65 74 73 22 3a 5b 5d 7d 2c 7b 22 63 68 61 6e 67 65 4e 75 6d 62 65 72 22 3a 31 37 33 36 33 37 30 35 33 36 32 36 37 2c 22 74 72 61 66 66 69 63 54 79 70 65 4e 61 6d 65 22 3a 22 65 6e 74 65 72 70 72 69 73 65 5f 69 64 22 2c 22 6e 61 6d 65 22 3a 22 65 6e 74 65 72 70 72 69 73 65 5f 6d 66 61 5f 63 6f 6e 66 69 67 75 72 61 62 6c 65 5f 74 69 6d 65 6f 75 74 5f 63 68 61 6e 67 65 22 2c 22 74 72 61 66 66 69 63 41 6c 6c 6f 63 61 74 69 6f 6e 22 3a 31 30 30 2c 22 74 72 61 66 66 69 63 41 6c 6c 6f 63 61 74 69 6f 6e 53 65 65 64 22 Data Ascii: :0},{"treatment":"off","size":100}],"label":"default rule"}],"configurations":{},"sets":[]},{"changeNumber":1736370536267,"trafficTypeName":"enterprise_id","name":"enterprise_mfa_configurable_timeout_change","trafficAllocation":100,"trafficAllocationSeed"
2025-01-13 14:44:29 UTC	1390	IN	Data Raw: 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 64 65 70 65 6e 64 65 6e 63 79 4d 61 74 63 68 65 72 44 61 74 61 22 3a 7b 22 73 70 6c 69 74 22 3a 22 67 78 70 5f 66 65 61 74 75 72 65 73 5f 71 32 32 35 22 2c 22 74 72 65 61 74 6d 65 6e 74 73 22 3a 5b 22 6f 66 66 22 5d 7d 2c 22 62 6f 6f 6c 65 61 6e 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 73 74 72 69 6e 67 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 7d 5d 7d 2c 22 70 61 72 74 69 74 69 6f 6e 73 22 3a 5b 7b 22 74 72 65 61 74 6d 65 6e 74 22 3a 22 6f 6e 22 2c 22 73 69 7a 65 22 3a 30 7d 2c 7b 22 74 72 65 61 74 6d 65 6e 74 22 3a 22 6f 66 66 22 2c 22 73 69 7a 65 22 3a 31 30 30 7d 5d 2c 22 6c 61 62 65 6c 22 3a 22 69 6e 20 73 70 6c 69 74 20 67 78 70 5f 66 65 61 74 75 72 65 73 5f 71 32 32 35 20 Data Ascii: tcherData":null,"dependencyMatcherData":{"split":"gxp_features_q225","treatments":["off"]},"booleanMatcherData":null,"stringMatcherData":null}]},"partitions":[{"treatment":"on","size":0},{"treatment":"off","size":100}],"label":"in split gxp_features_q225
2025-01-13 14:44:29 UTC	1390	IN	Data Raw: 6c 2c 22 62 65 74 77 65 65 6e 53 74 72 69 6e 67 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 64 65 70 65 6e 64 65 6e 63 79 4d 61 74 63 68 65 72 44 61 74 61 22 3a 7b 22 73 70 6c 69 74 22 3a 22 65 6e 74 65 72 70 72 69 73 65 5f 72 65 70 6f 72 74 73 5f 64 61 74 61 5f 72 65 74 65 6e 74 69 6f 6e 5f 76 32 22 2c 22 74 72 65 61 74 6d 65 6e 74 73 22 3a 5b 22 6f 6e 22 5d 7d 2c 22 62 6f 6f 6c 65 61 6e 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 73 74 72 69 6e 67 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 7d 5d 7d 2c 22 70 61 72 74 69 74 69 6f 6e 73 22 3a 5b 7b 22 74 72 65 61 74 6d 65 6e 74 22 3a 22 6f 6e 22 2c 22 73 69 7a 65 22 3a 31 30 30 7d 2c 7b 22 74 72 65 61 74 6d 65 6e 74 22 3a 22 6f 66 66 22 2c 22 73 69 7a 65 22 3a 30 7d 5d 2c Data Ascii: l,"betweenStringMatcherData":null,"dependencyMatcherData":{"split":"enterprise_reports_data_retention_v2","treatments":["on"]},"booleanMatcherData":null,"stringMatcherData":null}]},"partitions":[{"treatment":"on","size":100},{"treatment":"off","size":0}],
2025-01-13 14:44:29 UTC	1390	IN	Data Raw: 61 74 61 22 3a 6e 75 6c 6c 2c 22 77 68 69 74 65 6c 69 73 74 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 75 6e 61 72 79 4e 75 6d 65 72 69 63 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 62 65 74 77 65 65 6e 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 62 65 74 77 65 65 6e 53 74 72 69 6e 67 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 64 65 70 65 6e 64 65 6e 63 79 4d 61 74 63 68 65 72 44 61 74 61 22 3a 7b 22 73 70 6c 69 74 22 3a 22 67 78 70 5f 66 65 61 74 75 72 65 73 5f 71 31 32 35 22 2c 22 74 72 65 61 74 6d 65 6e 74 73 22 3a 5b 22 6f 66 66 22 5d 7d 2c 22 62 6f 6f 6c 65 61 6e 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 73 74 72 69 6e 67 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 7d 5d 7d Data Ascii: ata":null,"whitelistMatcherData":null,"unaryNumericMatcherData":null,"betweenMatcherData":null,"betweenStringMatcherData":null,"dependencyMatcherData":{"split":"gxp_features_q125","treatments":["off"]},"booleanMatcherData":null,"stringMatcherData":null}]}
2025-01-13 14:44:29 UTC	1390	IN	Data Raw: 69 7a 65 22 3a 31 30 30 7d 2c 7b 22 74 72 65 61 74 6d 65 6e 74 22 3a 22 6f 66 66 22 2c 22 73 69 7a 65 22 3a 30 7d 5d 2c 22 6c 61 62 65 6c 22 3a 22 64 65 66 61 75 6c 74 20 72 75 6c 65 22 7d 5d 2c 22 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 73 22 3a 7b 7d 2c 22 73 65 74 73 22 3a 5b 5d 7d 2c 7b 22 63 68 61 6e 67 65 4e 75 6d 62 65 72 22 3a 31 36 38 39 30 38 37 36 39 39 37 37 35 2c 22 74 72 61 66 66 69 63 54 79 70 65 4e 61 6d 65 22 3a 22 65 6e 74 65 72 70 72 69 73 65 5f 69 64 22 2c 22 6e 61 6d 65 22 3a 22 65 6e 74 65 72 70 72 69 73 65 5f 63 6f 6e 74 65 78 74 75 61 6c 5f 6d 65 73 73 61 67 65 5f 74 6f 70 5f 6c 65 76 65 6c 22 2c 22 74 72 61 66 66 69 63 41 6c 6c 6f 63 61 74 69 6f 6e 22 3a 31 30 30 2c 22 74 72 61 66 66 69 63 41 6c 6c 6f 63 61 74 69 6f 6e 53 65 65 64 Data Ascii: ize":100},{"treatment":"off","size":0}],"label":"default rule"}],"configurations":{},"sets":[]},{"changeNumber":1689087699775,"trafficTypeName":"enterprise_id","name":"enterprise_contextual_message_top_level","trafficAllocation":100,"trafficAllocationSeed
2025-01-13 14:44:29 UTC	1390	IN	Data Raw: 22 3a 5b 22 31 30 35 30 34 37 30 34 38 38 22 2c 22 31 30 36 30 37 33 36 30 31 32 22 2c 22 38 33 35 39 38 35 33 36 38 22 2c 22 38 36 38 31 39 36 30 34 35 22 5d 7d 2c 22 75 6e 61 72 79 4e 75 6d 65 72 69 63 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 62 65 74 77 65 65 6e 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 62 65 74 77 65 65 6e 53 74 72 69 6e 67 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 64 65 70 65 6e 64 65 6e 63 79 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 62 6f 6f 6c 65 61 6e 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 73 74 72 69 6e 67 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 7d 5d 7d 2c 22 70 61 72 74 69 74 69 6f 6e 73 22 3a 5b 7b 22 74 72 65 61 74 6d 65 6e 74 22 3a 22 Data Ascii: ":["1050470488","1060736012","835985368","868196045"]},"unaryNumericMatcherData":null,"betweenMatcherData":null,"betweenStringMatcherData":null,"dependencyMatcherData":null,"booleanMatcherData":null,"stringMatcherData":null}]},"partitions":[{"treatment":"
2025-01-13 14:44:29 UTC	1224	IN	Data Raw: 66 61 75 6c 74 20 72 75 6c 65 22 7d 5d 2c 22 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 73 22 3a 7b 7d 2c 22 73 65 74 73 22 3a 5b 5d 7d 2c 7b 22 63 68 61 6e 67 65 4e 75 6d 62 65 72 22 3a 31 37 31 33 33 39 31 34 35 30 35 34 39 2c 22 74 72 61 66 66 69 63 54 79 70 65 4e 61 6d 65 22 3a 22 65 6e 74 65 72 70 72 69 73 65 5f 69 64 22 2c 22 6e 61 6d 65 22 3a 22 65 6e 74 65 72 70 72 69 73 65 5f 67 65 74 5f 63 69 61 73 5f 66 6f 72 5f 69 74 65 6d 73 5f 66 69 78 5f 73 68 61 72 64 69 6e 67 5f 62 75 67 22 2c 22 74 72 61 66 66 69 63 41 6c 6c 6f 63 61 74 69 6f 6e 22 3a 31 30 30 2c 22 74 72 61 66 66 69 63 41 6c 6c 6f 63 61 74 69 6f 6e 53 65 65 64 22 3a 31 37 33 30 31 34 31 34 34 36 2c 22 73 65 65 64 22 3a 32 39 31 32 39 35 36 36 38 2c 22 73 74 61 74 75 73 22 3a 22 41 43 54 49 Data Ascii: fault rule"}],"configurations":{},"sets":[]},{"changeNumber":1713391450549,"trafficTypeName":"enterprise_id","name":"enterprise_get_cias_for_items_fix_sharding_bug","trafficAllocation":100,"trafficAllocationSeed":1730141446,"seed":291295668,"status":"ACTI
2025-01-13 14:44:29 UTC	1390	IN	Data Raw: 66 66 61 0d 0a 4e 44 22 2c 22 6d 61 74 63 68 65 72 73 22 3a 5b 7b 22 6b 65 79 53 65 6c 65 63 74 6f 72 22 3a 7b 22 74 72 61 66 66 69 63 54 79 70 65 22 3a 22 65 6e 74 65 72 70 72 69 73 65 5f 69 64 22 2c 22 61 74 74 72 69 62 75 74 65 22 3a 6e 75 6c 6c 7d 2c 22 6d 61 74 63 68 65 72 54 79 70 65 22 3a 22 49 4e 5f 53 50 4c 49 54 5f 54 52 45 41 54 4d 45 4e 54 22 2c 22 6e 65 67 61 74 65 22 3a 66 61 6c 73 65 2c 22 75 73 65 72 44 65 66 69 6e 65 64 53 65 67 6d 65 6e 74 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 77 68 69 74 65 6c 69 73 74 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 75 6e 61 72 79 4e 75 6d 65 72 69 63 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c 6c 2c 22 62 65 74 77 65 65 6e 4d 61 74 63 68 65 72 44 61 74 61 22 3a 6e 75 6c Data Ascii: ffaND","matchers":[{"keySelector":{"trafficType":"enterprise_id","attribute":null},"matcherType":"IN_SPLIT_TREATMENT","negate":false,"userDefinedSegmentMatcherData":null,"whitelistMatcherData":null,"unaryNumericMatcherData":null,"betweenMatcherData":nul

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:31 UTC	839	OUT	GET /app-api/split-proxy/api/mySegments/2 HTTP/1.1 Host: app.box.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 SplitSDKVersion: javascript-10.28.0 Authorization: Bearer 3sd5ltupa3cq5t3ovm1r2kear6i4kvmeb42a User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Accept: application/json sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
2025-01-13 14:44:31 UTC	354	IN	HTTP/1.1 200 OK date: Mon, 13 Jan 2025 14:44:31 GMT content-type: application/json; charset=utf-8 x-envoy-upstream-service-time: 5 strict-transport-security: max-age=31536000 box-request-id: 014e291a8ef63d2634066a1fc21aab22e via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2025-01-13 14:44:31 UTC	28	IN	Data Raw: 31 31 0d 0a 7b 22 6d 79 53 65 67 6d 65 6e 74 73 22 3a 5b 5d 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 11{"mySegments":[]}0

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:31 UTC	989	OUT	POST /gen204 HTTP/1.1 Host: app.box.com Connection: keep-alive Content-Length: 433 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" X-Box-Client-Version: 23.25.1 X-Box-Client-Name: enduserapp sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Accept: application/json X-Request-Token: 308ea14a8c7f41ad3c80a6de28ec4648c6a91ebe030a7ee1845003d2e7612518 Request-Token: 308ea14a8c7f41ad3c80a6de28ec4648c6a91ebe030a7ee1845003d2e7612518 sec-ch-ua-platform: "Windows" Origin: https://app.box.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
2025-01-13 14:44:31 UTC	433	OUT	Data Raw: 7b 22 64 61 74 61 22 3a 5b 7b 22 63 61 74 65 67 6f 72 79 22 3a 22 65 75 61 5f 70 65 72 66 6f 72 6d 61 6e 63 65 22 2c 22 65 76 65 6e 74 5f 74 79 70 65 22 3a 22 77 65 62 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 71 75 65 73 74 5f 69 64 22 3a 22 71 70 36 67 65 68 78 6a 69 6c 31 37 6f 74 6f 22 2c 22 62 72 6f 77 73 65 72 5f 6e 61 6d 65 22 3a 22 43 68 72 6f 6d 65 22 2c 22 62 72 6f 77 73 65 72 5f 76 65 72 73 69 6f 6e 22 3a 22 31 31 37 2e 30 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 22 2c 22 64 65 76 69 63 65 5f 6e 61 6d 65 22 3a 22 75 6e 6b 6e 6f 77 6e 22 2c 22 70 65 72 66 6f 72 6d 61 6e 63 65 5f 69 64 22 3a 22 73 70 6c 69 74 22 2c 22 73 74 61 72 74 5f 73 74 61 74 65 22 3a 22 69 6e 69 74 69 61 6c 22 2c 22 65 6e Data Ascii: {"data":[{"category":"eua_performance","event_type":"web","country_code":"US","request_id":"qp6gehxjil17oto","browser_name":"Chrome","browser_version":"117.0","os_name":"Windows","device_name":"unknown","performance_id":"split","start_state":"initial","en
2025-01-13 14:44:31 UTC	772	IN	HTTP/1.1 204 No Content date: Mon, 13 Jan 2025 14:44:31 GMT content-type: text/html;charset=UTF-8 strict-transport-security: max-age=31536000 access-control-allow-origin: https://app.box.com access-control-allow-credentials: true expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache set-cookie: z=e0nbhfs05jvfi7hinhshoqas1q; Path=/; Domain=.app.box.com; Secure; HttpOnly; SameSite=None set-cookie: box_visitor_id=678526c81f7108.44421725; expires=Tue, 13 Jan 2026 14:44:31 GMT; Max-Age=31536000; path=/; domain=.box.com; secure; SameSite=None set-cookie: site_preference=desktop; path=/; domain=.box.com; secure via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:31 UTC	1214	OUT	GET /data/ptm.gif/123e0628-cb29-41d1-466c-c592c7ddcd06?v=2.238.2_prod&ct=1736779470112&jzb=eJy9UcGOmzAU_BefCdgY1pDbSj206lbVthu1UlUhAyaxBJjYj2xolH_P8yZFSFXb065PZsZvZpj340RgGhRZE12rHnQzkYCU1jw7ZQvQHTJM8Dsh8kRQmqcBOWinwdhC1zgU42tZVWbs4QqsGCKjbfG6AxjcOorkMISlOYaV6SIXaWC73bH6tZ8auj_qJmFlJ5MMJAi3d9wLDtYMjqxPxLR1sbTrx7YNXtCl5xX9b6wzCkuL__gkyw_zGFw_yOOX6fPjRyHY5ttT39ADCjRWduqF_JQn99_fPYtqk48PvOG-ogkUZuSMnoO5wk6B_Gd9d29a383KX1HgQfbbUW59TtWvNl_x5ZyhXXIFcljWLZef_qPC-5lDqJbgBxmPKItiGqcoeFDWadN7-TDmWRgXmKpGwqm2eW8cKJQEO6rX2UrOF1tpjfTOf9-KeNOt-Di3EGma0JDlv08Wp69SR5xm558XE8c9vw HTTP/1.1 Host: pendo-data-prod.box.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://app.box.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: box_visitor_id=678526c81f7108.44421725; site_preference=desktop
2025-01-13 14:44:31 UTC	556	IN	HTTP/1.1 200 OK access-control-allow-credentials: false access-control-allow-headers: * access-control-allow-methods: GET,POST access-control-allow-origin: * access-control-max-age: 600 cache-control: no-store content-type: image/gif x-content-type-options: nosniff date: Mon, 13 Jan 2025 14:44:31 GMT Content-Length: 42 x-envoy-upstream-service-time: 49 server: istio-envoy via: 1.1 google, 1.1 google strict-transport-security: max-age=63072000 alt-svc: clear Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-13 14:44:31 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b Data Ascii: GIF89a!,D;

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:31 UTC	495	OUT	GET /app-api/split-proxy/api/mySegments/2 HTTP/1.1 Host: app.box.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
2025-01-13 14:44:32 UTC	308	IN	HTTP/1.1 401 Unauthorized date: Mon, 13 Jan 2025 14:44:31 GMT x-envoy-upstream-service-time: 5 strict-transport-security: max-age=31536000 box-request-id: 0e0ac85f26ce31e8052db439983c1db23 via: 1.1 google Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:31 UTC	791	OUT	POST /index.php?rm=box_gen204_batch_record HTTP/1.1 Host: app.box.com Connection: keep-alive Content-Length: 479 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://app.box.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop
2025-01-13 14:44:31 UTC	479	OUT	Data Raw: 7b 22 64 61 74 61 22 3a 5b 7b 22 63 61 74 65 67 6f 72 79 22 3a 22 65 75 61 5f 70 65 72 66 6f 72 6d 61 6e 63 65 22 2c 22 65 76 65 6e 74 5f 74 79 70 65 22 3a 22 77 65 62 22 2c 22 65 76 65 6e 74 73 22 3a 5b 7b 22 61 76 61 69 6c 61 62 69 6c 69 74 79 5f 7a 6f 6e 65 22 3a 22 75 73 2d 77 65 73 74 34 2d 70 72 6f 64 22 2c 22 62 72 6f 77 73 65 72 5f 6e 61 6d 65 22 3a 22 43 68 72 6f 6d 65 22 2c 22 62 72 6f 77 73 65 72 5f 76 65 72 73 69 6f 6e 22 3a 22 31 31 37 2e 30 22 2c 22 63 6c 69 65 6e 74 5f 76 65 72 73 69 6f 6e 22 3a 22 32 33 2e 32 35 2e 31 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 64 65 70 6c 6f 79 6d 65 6e 74 5f 74 79 70 65 22 3a 22 6b 38 73 22 2c 22 64 65 76 69 63 65 5f 6e 61 6d 65 22 3a 22 75 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 76 69 Data Ascii: {"data":[{"category":"eua_performance","event_type":"web","events":[{"availability_zone":"us-west4-prod","browser_name":"Chrome","browser_version":"117.0","client_version":"23.25.1","country_code":"US","deployment_type":"k8s","device_name":"unknown","envi
2025-01-13 14:44:32 UTC	772	IN	HTTP/1.1 204 No Content date: Mon, 13 Jan 2025 14:44:32 GMT content-type: text/html;charset=UTF-8 strict-transport-security: max-age=31536000 access-control-allow-origin: https://app.box.com access-control-allow-credentials: true expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache set-cookie: z=e0nbhfs05jvfi7hinhshoqas1q; Path=/; Domain=.app.box.com; Secure; HttpOnly; SameSite=None set-cookie: box_visitor_id=678526c81f7108.44421725; expires=Tue, 13 Jan 2026 14:44:32 GMT; Max-Age=31536000; path=/; domain=.box.com; secure; SameSite=None set-cookie: site_preference=desktop; path=/; domain=.box.com; secure via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:35 UTC	1102	OUT	POST /app-api/enduserapp/elements/tokens HTTP/1.1 Host: app.box.com Connection: keep-alive Content-Length: 29 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" X-Box-Client-Version: 23.25.1 X-Box-Client-Name: enduserapp sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 X-Box-EndUser-API: sharedName=it1hhxczqyf0qxif41bma48tat7sqs32 Content-Type: application/json Accept: application/json X-Request-Token: 308ea14a8c7f41ad3c80a6de28ec4648c6a91ebe030a7ee1845003d2e7612518 Request-Token: 308ea14a8c7f41ad3c80a6de28ec4648c6a91ebe030a7ee1845003d2e7612518 sec-ch-ua-platform: "Windows" Origin: https://app.box.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen
2025-01-13 14:44:35 UTC	29	OUT	Data Raw: 7b 22 66 69 6c 65 49 44 73 22 3a 5b 22 31 37 34 38 35 33 39 34 35 38 33 37 34 22 5d 7d Data Ascii: {"fileIDs":["1748539458374"]}
2025-01-13 14:44:35 UTC	748	IN	HTTP/1.1 200 OK date: Mon, 13 Jan 2025 14:44:35 GMT content-type: application/json; charset=utf-8 strict-transport-security: max-age=31536000 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache set-cookie: z=e0nbhfs05jvfi7hinhshoqas1q; Path=/; Domain=.app.box.com; Secure; HttpOnly; SameSite=None set-cookie: box_visitor_id=678526c81f7108.44421725; expires=Tue, 13 Jan 2026 14:44:35 GMT; Max-Age=31536000; path=/; domain=.box.com; secure; SameSite=None set-cookie: site_preference=desktop; path=/; domain=.box.com; secure x-enduserapp-currentversion: 23.25.1 via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2025-01-13 14:44:35 UTC	642	IN	Data Raw: 32 38 37 0d 0a 7b 22 31 37 34 38 35 33 39 34 35 38 33 37 34 22 3a 7b 22 72 65 61 64 22 3a 22 31 21 39 53 54 35 50 73 6b 75 38 68 6a 63 62 5f 76 53 34 56 52 42 74 67 59 48 6e 6e 43 37 2d 61 6b 57 44 58 5a 6c 79 45 70 39 53 44 66 44 56 70 6b 56 46 62 59 78 31 39 41 45 6d 39 71 4d 50 34 45 58 4d 63 4f 68 33 2d 44 5f 65 4c 41 42 4f 4f 5f 38 6d 57 4e 48 7a 36 5a 79 6b 75 31 31 32 4f 6d 79 6b 2d 72 52 52 78 72 56 72 46 4a 42 30 4c 6d 57 7a 49 50 6b 44 65 6c 64 77 32 41 41 7a 6f 77 51 76 31 7a 72 39 6d 73 41 31 61 52 4d 6c 52 42 79 70 70 41 6a 32 74 78 73 59 4f 75 47 4e 52 57 71 30 51 7a 41 55 53 71 69 56 33 6a 31 56 30 37 57 67 75 4d 36 61 47 33 50 56 58 36 45 5a 79 50 30 6e 4d 66 73 75 4e 2d 55 38 65 4f 6b 59 30 43 35 37 78 30 44 63 57 61 33 4f 73 79 49 70 6a Data Ascii: 287{"1748539458374":{"read":"1!9ST5Psku8hjcb_vS4VRBtgYHnnC7-akWDXZlyEp9SDfDVpkVFbYx19AEm9qMP4EXMcOh3-D_eLABOO_8mWNHz6Zyku112Omyk-rRRxrVrFJB0LmWzIPkDeldw2AAzowQv1zr9msA1aRMlRByppAj2txsYOuGNRWq0QzAUSqiV3j1V07WguM6aG3PVX6EZyP0nMfsuN-U8eOkY0C57x0DcWa3OsyIpj
2025-01-13 14:44:35 UTC	17	IN	Data Raw: 6b 73 76 71 69 4f 2d 22 7d 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: ksvqiO-"}}0

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:35 UTC	1012	OUT	POST /gen204 HTTP/1.1 Host: app.box.com Connection: keep-alive Content-Length: 1004 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" X-Box-Client-Version: 23.25.1 X-Box-Client-Name: enduserapp sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Accept: application/json X-Request-Token: 308ea14a8c7f41ad3c80a6de28ec4648c6a91ebe030a7ee1845003d2e7612518 Request-Token: 308ea14a8c7f41ad3c80a6de28ec4648c6a91ebe030a7ee1845003d2e7612518 sec-ch-ua-platform: "Windows" Origin: https://app.box.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen
2025-01-13 14:44:35 UTC	1004	OUT	Data Raw: 7b 22 64 61 74 61 22 3a 5b 7b 22 63 61 74 65 67 6f 72 79 22 3a 22 62 6f 6f 6d 65 72 61 6e 67 22 2c 22 65 76 65 6e 74 5f 74 79 70 65 22 3a 22 62 65 61 63 6f 6e 22 2c 22 61 76 61 69 6c 61 62 69 6c 69 74 79 5f 7a 6f 6e 65 22 3a 22 75 73 2d 77 65 73 74 34 2d 70 72 6f 64 22 2c 22 63 6c 69 65 6e 74 5f 6e 61 6d 65 22 3a 22 65 6e 64 75 73 65 72 61 70 70 22 2c 22 63 6c 69 65 6e 74 5f 76 65 72 73 69 6f 6e 22 3a 22 32 33 2e 32 35 2e 31 22 2c 22 63 75 72 72 65 6e 74 5f 72 6d 22 3a 22 65 6e 64 75 73 65 72 61 70 70 5f 73 68 61 72 65 64 5f 69 74 65 6d 5f 70 61 67 65 22 2c 22 64 61 74 61 63 65 6e 74 65 72 54 61 67 22 3a 22 75 73 2d 77 65 73 74 34 2d 70 72 6f 64 22 2c 22 64 65 70 6c 6f 79 6d 65 6e 74 5f 74 79 70 65 22 3a 22 6b 38 73 22 2c 22 65 6e 76 69 72 6f 6e 6d 65 6e Data Ascii: {"data":[{"category":"boomerang","event_type":"beacon","availability_zone":"us-west4-prod","client_name":"enduserapp","client_version":"23.25.1","current_rm":"enduserapp_shared_item_page","datacenterTag":"us-west4-prod","deployment_type":"k8s","environmen
2025-01-13 14:44:35 UTC	772	IN	HTTP/1.1 204 No Content date: Mon, 13 Jan 2025 14:44:35 GMT content-type: text/html;charset=UTF-8 strict-transport-security: max-age=31536000 access-control-allow-origin: https://app.box.com access-control-allow-credentials: true expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache set-cookie: z=e0nbhfs05jvfi7hinhshoqas1q; Path=/; Domain=.app.box.com; Secure; HttpOnly; SameSite=None set-cookie: box_visitor_id=678526c81f7108.44421725; expires=Tue, 13 Jan 2026 14:44:35 GMT; Max-Age=31536000; path=/; domain=.box.com; secure; SameSite=None set-cookie: site_preference=desktop; path=/; domain=.box.com; secure via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:35 UTC	834	OUT	GET /app-api/end-user-web/sign-settings?typedIDs=f_1748539458374 HTTP/1.1 Host: app.box.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / X-Box-Client-Version: 23.25.1 X-Box-Client-Name: enduserapp sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen
2025-01-13 14:44:35 UTC	734	IN	HTTP/1.1 404 Not Found date: Mon, 13 Jan 2025 14:44:35 GMT content-type: application/json; charset=utf-8 x-envoy-upstream-service-time: 78 x-frame-options: SAMEORIGIN x-download-options: noopen strict-transport-security: max-age=31536000 access-control-expose-headers: Server-Timing set-cookie: csrf-token=fag2EmRuoXgR3F6jxcT3dekpzEMHhJXwg_v2ACjI54C; Secure; SameSite=None; Path=/ x-xss-protection: 0 x-content-type-options: nosniff box-request-id: 06a6dfab384d3dd860096dc20b7b9742d server-timing: traceparent;desc="00-57b8c4b57acb2d59a199983de3ef24f0-0836b4892da01b71-00" cache-control: no-cache via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2025-01-13 14:44:35 UTC	106	IN	Data Raw: 35 66 0d 0a 7b 22 73 74 61 74 75 73 43 6f 64 65 22 3a 34 30 34 2c 22 65 72 72 6f 72 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 43 6f 75 6c 64 20 6e 6f 74 20 73 69 67 6e 20 73 65 74 74 69 6e 67 73 20 66 6f 72 3a 20 66 5f 31 37 34 38 35 33 39 34 35 38 33 37 34 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 5f{"statusCode":404,"error":"Not Found","message":"Could not sign settings for: f_1748539458374"}0

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:36 UTC	515	OUT	GET /app-api/enduserapp/elements/tokens HTTP/1.1 Host: app.box.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen
2025-01-13 14:44:36 UTC	260	IN	HTTP/1.1 404 Not Found date: Mon, 13 Jan 2025 14:44:36 GMT content-type: text/html; charset=UTF-8 strict-transport-security: max-age=31536000 via: 1.1 google Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:36 UTC	1466	OUT	GET /api/2.0/files/1748539458374?fields=watermark_info HTTP/1.1 Host: app.box.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" X-Box-Client-Version: 23.25.1 X-Box-Client-Name: enduserapp sec-ch-ua-mobile: ?0 Authorization: Bearer 1!9ST5Psku8hjcb_vS4VRBtgYHnnC7-akWDXZlyEp9SDfDVpkVFbYx19AEm9qMP4EXMcOh3-D_eLABOO_8mWNHz6Zyku112Omyk-rRRxrVrFJB0LmWzIPkDeldw2AAzowQv1zr9msA1aRMlRByppAj2txsYOuGNRWq0QzAUSqiV3j1V07WguM6aG3PVX6EZyP0nMfsuN-U8eOkY0C57x0DcWa3OsyIpjrX8zQZWuHw8Ly-Om3SPt3F7SiZqem6lNxg1X0f4bHawQX9WYA-ZBALMVTC3kTarwFcsM6MEjDtMro5z2ZK58Qzq2Pvop3xBhrFEXdbiLmdOMMNZbm5i0ohsBpVN4HL1K3utvT22pcjFN1mbuYy_VCD38tDY3kNtQEGtOthyMafn8XJZ-viX3UnQwwjxZBby7FsuNY1rdRawcoAgkLQ94e6oVq6HhVrAVVoaZHr_k8WUwYBNqlJBaXcZ8ygx3oeblt8Hvb8zw74ePG7i4c_Qt6lW3hSofSwvnDHvqoSoxAAMtD59OhmLfMroAj9RuDLj52CDrtXl-YyN8Y3cWF3QeQ2TdFO7t5sNvr48-iJEZQTzybD0OoStT8Jlok1Vfc11DuVhksvqiO- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: application/json, text/plain, / sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen
2025-01-13 14:44:36 UTC	300	IN	HTTP/1.1 200 OK date: Mon, 13 Jan 2025 14:44:36 GMT content-type: application/json strict-transport-security: max-age=31536000 cache-control: no-cache, no-store etag: "6" via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2025-01-13 14:44:36 UTC	100	IN	Data Raw: 35 39 0d 0a 7b 22 74 79 70 65 22 3a 22 66 69 6c 65 22 2c 22 69 64 22 3a 22 31 37 34 38 35 33 39 34 35 38 33 37 34 22 2c 22 65 74 61 67 22 3a 22 36 22 2c 22 77 61 74 65 72 6d 61 72 6b 5f 69 6e 66 6f 22 3a 7b 22 69 73 5f 77 61 74 65 72 6d 61 72 6b 65 64 22 3a 66 61 6c 73 65 7d 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 59{"type":"file","id":"1748539458374","etag":"6","watermark_info":{"is_watermarked":false}}0

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:36 UTC	1468	OUT	GET /api/2.0/files/1748539458374/metadata/global/boxSign HTTP/1.1 Host: app.box.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" X-Box-Client-Version: 23.25.1 X-Box-Client-Name: enduserapp sec-ch-ua-mobile: ?0 Authorization: Bearer 1!tkKmSz8uCftqGz-Sz4T4tVmQfC9ZyUr4opNS5sxq7g6dcvp78rR4IyQlXk3XCpVS9sdRd_mHFF35ltv0Gc1ECckcZonshZmRIR8l43ViwYUzOM5Dae01CmLI91VCy7nfku9G8X1B-WDJRgvQGQ03OMkjx0gXbaIckBFOZ22FQMhnir9hAEUh5PPCCRj58WlInAQsBJR0ZWse8gs2UvzQ55wFtzJy81KC2aA5bwbUVrxvl9byV3HHl_zbdQvs8HUOX_g9kR7Nhizf8Tqaj4P3pPFu3zC_oumzZ_Wf-3X985XRUEbXuwUEeii8RdDUzK7krFC3pXGxGigoznn52eHM6GEbQsVyTIm6CqxAbcPAUKM7v9b6zHnvFDMMtljExJeo2qDhGyJBlEAa3xwm0akjtzb3_vfBsayH8ImqPwvmmNqDEkZBFAcQqOzG3qIHCfb2IaUChgphSsE2KCV0YanGp_ZU7a4fBnIq7InX-S9CffxmzQeZ3VhxEIGgOI2NWsUjc1-0YNs-mqbaHmWSl7T4Mf0TnJD76hXEVEFCxzHTuz-jDQzbWSd7mIAn93vKZqQSU2CbQRbp-sIhJEQ1hFHugSQ1RFUr3LHL9I4wemN- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: application/json, text/plain, / sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen
2025-01-13 14:44:36 UTC	313	IN	HTTP/1.1 429 Too Many Requests date: Mon, 13 Jan 2025 14:44:36 GMT content-type: application/json Content-Length: 210 strict-transport-security: max-age=31536000 cache-control: no-cache, no-store retry-after: 2 via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-13 14:44:36 UTC	210	IN	Data Raw: 7b 22 74 79 70 65 22 3a 22 65 72 72 6f 72 22 2c 22 73 74 61 74 75 73 22 3a 34 32 39 2c 22 63 6f 64 65 22 3a 22 72 61 74 65 5f 6c 69 6d 69 74 5f 65 78 63 65 65 64 65 64 22 2c 22 68 65 6c 70 5f 75 72 6c 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 64 65 76 65 6c 6f 70 65 72 73 2e 62 6f 78 2e 63 6f 6d 5c 2f 64 6f 63 73 5c 2f 23 65 72 72 6f 72 73 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 52 65 71 75 65 73 74 20 72 61 74 65 20 6c 69 6d 69 74 20 65 78 63 65 65 64 65 64 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 2c 22 72 65 71 75 65 73 74 5f 69 64 22 3a 22 63 75 6f 37 76 38 68 78 6a 69 6c 38 74 38 74 74 22 7d Data Ascii: {"type":"error","status":429,"code":"rate_limit_exceeded","help_url":"http:\/\/developers.box.com\/docs\/#errors","message":"Request rate limit exceeded, please try again later","request_id":"cuo7v8hxjil8t8tt"}

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:36 UTC	696	OUT	OPTIONS /2.0/files/1748539458374?fields=permissions,shared_link,sha1,file_version,name,size,extension,representations,watermark_info,authenticated_download_url,is_download_available HTTP/1.1 Host: api.box.com Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: authorization,boxapi,x-box-client-name,x-rep-hints Origin: https://app.box.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://app.box.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 14:44:36 UTC	554	IN	HTTP/1.1 204 No Content date: Mon, 13 Jan 2025 14:44:36 GMT content-type: text/plain charset=UTF-8 access-control-allow-origin: * x-envoy-upstream-service-time: 3 strict-transport-security: max-age=31536000 access-control-max-age: 1800 vary: Origin access-control-allow-headers: authorization,boxapi,x-box-client-name,x-rep-hints box-request-id: 0d2f376fb1aff9f1d2dcc206bab36daa6 access-control-allow-methods: DELETE, HEAD, GET, OPTIONS, POST, PUT via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:36 UTC	1610	OUT	GET /2.0/files/1748539458374?fields=permissions,shared_link,sha1,file_version,name,size,extension,representations,watermark_info,authenticated_download_url,is_download_available HTTP/1.1 Host: api.box.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Language: en-US X-Box-Client-Name: ContentPreview sec-ch-ua-mobile: ?0 X-Rep-Hints: [3d][pdf][text][mp3][json][jpg?dimensions=1024x1024&paged=false][jpg?dimensions=2048x2048,png?dimensions=2048x2048][dash,mp4][filmstrip] Authorization: Bearer 1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: application/json BoxApi: shared_link=https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 sec-ch-ua-platform: "Windows" Origin: https://app.box.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/ Accept-Encoding: gzip, deflate, br
2025-01-13 14:44:37 UTC	433	IN	HTTP/1.1 200 OK date: Mon, 13 Jan 2025 14:44:37 GMT content-type: application/json access-control-allow-origin: * x-envoy-upstream-service-time: 147 vary: Origin etag: "6" box-request-id: 0ea114363663aa5b46d9db0906a6e7514 cache-control: no-cache, no-store strict-transport-security: max-age=31536000 via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2025-01-13 14:44:37 UTC	957	IN	Data Raw: 38 31 37 0d 0a 7b 22 74 79 70 65 22 3a 22 66 69 6c 65 22 2c 22 69 64 22 3a 22 31 37 34 38 35 33 39 34 35 38 33 37 34 22 2c 22 65 74 61 67 22 3a 22 36 22 2c 22 70 65 72 6d 69 73 73 69 6f 6e 73 22 3a 7b 22 63 61 6e 5f 64 6f 77 6e 6c 6f 61 64 22 3a 74 72 75 65 2c 22 63 61 6e 5f 70 72 65 76 69 65 77 22 3a 74 72 75 65 2c 22 63 61 6e 5f 75 70 6c 6f 61 64 22 3a 66 61 6c 73 65 2c 22 63 61 6e 5f 63 6f 6d 6d 65 6e 74 22 3a 74 72 75 65 2c 22 63 61 6e 5f 72 65 6e 61 6d 65 22 3a 66 61 6c 73 65 2c 22 63 61 6e 5f 64 65 6c 65 74 65 22 3a 66 61 6c 73 65 2c 22 63 61 6e 5f 73 68 61 72 65 22 3a 66 61 6c 73 65 2c 22 63 61 6e 5f 73 65 74 5f 73 68 61 72 65 5f 61 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 63 61 6e 5f 69 6e 76 69 74 65 5f 63 6f 6c 6c 61 62 6f 72 61 74 6f 72 22 3a Data Ascii: 817{"type":"file","id":"1748539458374","etag":"6","permissions":{"can_download":true,"can_preview":true,"can_upload":false,"can_comment":true,"can_rename":false,"can_delete":false,"can_share":false,"can_set_share_access":false,"can_invite_collaborator":
2025-01-13 14:44:37 UTC	1126	IN	Data Raw: 33 39 33 33 32 35 36 38 5c 2f 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 73 5c 2f 70 64 66 5c 2f 63 6f 6e 74 65 6e 74 5c 2f 7b 2b 61 73 73 65 74 5f 70 61 74 68 7d 22 7d 7d 2c 7b 22 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 22 3a 22 6a 70 67 22 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 64 69 6d 65 6e 73 69 6f 6e 73 22 3a 22 31 30 32 34 78 31 30 32 34 22 2c 22 70 61 67 65 64 22 3a 22 66 61 6c 73 65 22 2c 22 74 68 75 6d 62 22 3a 22 66 61 6c 73 65 22 7d 2c 22 69 6e 66 6f 22 3a 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 70 69 2e 62 6f 78 2e 63 6f 6d 5c 2f 32 2e 30 5c 2f 69 6e 74 65 72 6e 61 6c 5f 66 69 6c 65 73 5c 2f 31 37 34 38 35 33 39 34 35 38 33 37 34 5c 2f 76 65 72 73 69 6f 6e 73 5c 2f 31 39 32 35 37 33 39 33 33 32 35 36 38 5c 2f 72 65 Data Ascii: 39332568\/representations\/pdf\/content\/{+asset_path}"}},{"representation":"jpg","properties":{"dimensions":"1024x1024","paged":"false","thumb":"false"},"info":{"url":"https:\/\/api.box.com\/2.0\/internal_files\/1748539458374\/versions\/1925739332568\/re

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:37 UTC	1437	OUT	GET /api/2.0/internal_files/1748539458374/versions/1925739332568/representations/jpg_1024x1024/content/?access_token=1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6&shared_link=https%3A%2F%2Fapp.box.com%2Fs%2Fit1hhxczqyf0qxif41bma48tat7sqs32&box_client_name=box-content-preview&box_client_version=3.0.0 HTTP/1.1 Host: public.boxcloud.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://app.box.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 14:44:38 UTC	696	IN	HTTP/1.1 200 OK server: nginx date: Mon, 13 Jan 2025 14:44:38 GMT content-type: image/jpeg Content-Length: 23540 access-control-allow-origin: * access-control-expose-headers: Accept-Ranges,Content-Encoding,Content-Length,Content-Range,Date,Retry-After expires: Tue, 14 Jan 2025 00:31:18 -0800 accept-ranges: bytes x-xss-protection: 1; mode=block cache-control: max-age=28800, private x-envoy-upstream-service-time: 470 referrer-policy: no-referrer x-robots-tag: noindex, nofollow pragma: cache x-content-type-options: nosniff vary: Origin strict-transport-security: max-age=31536000 via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-13 14:44:38 UTC	694	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff e1 00 de 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 01 1a 00 05 00 00 00 01 00 00 00 4a 01 1b 00 05 00 00 00 01 00 00 00 52 01 28 00 03 00 00 00 01 00 01 00 00 02 13 00 03 00 00 00 01 00 01 00 00 87 69 00 04 00 00 00 01 00 00 00 5a 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 05 90 00 00 07 00 00 00 04 30 32 33 32 91 01 00 07 00 00 00 04 01 02 03 00 92 86 00 07 00 00 00 39 00 00 00 9c a0 00 00 07 00 00 00 04 30 31 30 30 a0 01 00 03 00 00 00 01 ff ff 00 00 00 00 00 00 41 53 43 49 49 00 00 00 70 64 66 57 69 64 74 68 3a 36 31 32 2e 30 30 70 74 73 2c 70 64 66 48 65 69 67 68 74 3a 37 39 32 2e 30 30 70 74 73 2c 6e 75 6d 50 61 67 65 73 3a 31 00 ff db 00 43 00 03 02 02 02 02 02 Data Ascii: JFIFExifMM*JR(iZ023290100ASCIIpdfWidth:612.00pts,pdfHeight:792.00pts,numPages:1C
2025-01-13 14:44:38 UTC	1390	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-13 14:44:38 UTC	1390	IN	Data Raw: c8 bb 43 83 f5 c6 8b 88 e5 eb 3f a8 dc cd d5 f2 7c bc ac ab 34 d5 66 2e 51 ed 6a ee 25 ba 3c 44 4f ee 9f 7f af 13 31 e4 1c 37 19 f9 0f f2 53 b9 74 77 fb 2b a1 ba 43 8a 65 70 5a ee df a7 4d 77 93 f2 5b da fd 96 fa cd aa aa a7 f3 d8 b3 6f 1e bb 76 28 b9 55 33 14 7e 6a e2 66 3c 4c f8 89 f2 0c dc a7 e6 75 31 f1 97 1f bd f8 37 09 fc fb 7b bb fc 5e 2f 95 c7 f7 39 73 8d 56 bb 67 5e 6d 38 97 ec 5f b9 45 15 4c 7e 3a e7 cf 98 a7 f7 53 e2 7c 47 9f 00 9f e0 dd ff 00 d9 58 5d d5 ae e8 8e f3 eb 7d 2e 83 73 c8 b5 39 7b 8d 06 d3 8f 6e ee 6c b0 33 68 c6 aa 98 bf 66 bf cb 66 cd db 57 29 8a a2 af 33 4c d3 31 f5 e7 cf d0 3b ee f3 ee 4d 07 45 75 e6 67 3c de eb f3 b6 77 22 fd 8d 7e b7 57 81 47 b6 4e cb 61 91 72 2d e3 e2 da 89 fa f6 ae ba a2 3c cf f1 11 33 f7 e3 c4 85 39 ca be Data Ascii: C?\|4f.Qj%<DO17Stw+CepZMw[ov(U3~jf<Lu17{^/9sVg^m8_EL~:S\|GX]}.s9{nl3hffW)3L1;MEug<w"~WGNar-<39
2025-01-13 14:44:38 UTC	1390	IN	Data Raw: 26 27 c0 38 5f 8e fc 8f 33 80 fc 92 bb f1 fb ae 7b ab 27 b4 ba da 78 95 dd df 8c cc eb 7b 3c 9e 29 91 46 45 16 ec e3 4e 7d b9 9f 7b 57 68 aa af 4b 57 26 6b a6 28 89 8f 11 1f b8 3b 2e 9a 98 ff 00 d6 ff 00 c8 df bf ff 00 27 e1 3f ff 00 9b 34 1d 4f cd 8f ff 00 08 fd bd f7 e3 ff 00 b2 1b 2f fe 4d 40 e4 b8 1f 41 f3 5a 3a 7f 26 ab 7d f1 cf 79 3d 5c 83 81 dd d6 62 69 f7 37 b0 7f 43 62 f6 4e 0d 34 db ae 9f c5 8f 6e b8 9a 26 7c 53 33 5c f8 8a a7 cf 99 fb 04 37 c4 4f 91 fd 2b c6 fe 2e f1 0d 17 36 ec 4e 39 c5 37 5c 07 4d 6b 43 c8 b5 3b 8d 85 ac 3c cd 7e 5e 15 3f 8a ed 37 2c 5c aa 2b f3 54 d1 ed 1e 22 7d bd bc 47 99 f3 00 f3 c7 29 d0 6c b3 7e 11 72 ae 69 7a de 7e 93 0b b4 7b bb 1f 95 e9 62 68 9b 39 36 35 d9 7b 5c 6b 78 f7 e2 9a e3 cd 15 57 4d af cd 4f 98 ff 00 9e 27 Data Ascii: &'8_3{'x{<)FEN}{WhKW&k(;.'?4O/M@AZ:&}y=\bi7CbN4n&\|S3\7O+.6N97\MkC;<~^?7,\+T"}G)l~riz~{bh965{\kxWMO'
2025-01-13 14:44:38 UTC	1390	IN	Data Raw: 06 f7 0f eb ee 07 d7 98 57 b5 dc 0b 85 68 b8 de 26 45 cf cb 7a c6 a3 5d 67 0e dd ca fc 78 f6 aa 9b 54 d3 15 4f 8f ef 3f 60 91 c5 d0 e8 f0 b6 d9 db ec 3d 3e 0d 8d 9e ce 8b 56 f3 73 2d 63 d1 45 fc 9a 6d 44 c5 a8 b9 72 23 da b8 a2 2a aa 29 8a a6 7c 7b 4f 8f 1e 41 fb db e9 f5 3c 83 57 95 a4 de eb 31 36 3a ec eb 35 63 e5 62 65 d8 a6 f5 9b f6 aa 8f 15 51 5d 15 c4 d3 55 33 1f 53 13 13 12 0d 8c 7c 7c 7c 4b 16 f1 71 6c 5b b3 66 cd 11 6e dd bb 74 c5 34 d1 4c 47 88 a6 22 3e a2 22 22 22 20 1c 96 fb a6 ba 8b 94 ef a9 e5 3c 9b ab 78 8e db 75 4c d3 34 ec 73 b4 98 b7 f2 62 69 ff 00 4f f9 b5 d1 35 7d 78 fa fb fa fe c0 e8 77 3c 7b 43 c8 b0 a9 d6 f2 0d 2e 06 cf 12 8b b6 ef d3 8f 99 8d 45 eb 71 72 dd 51 55 ba e2 9a e2 63 da 9a a2 26 27 c7 98 98 89 80 7c d9 71 de 3f b9 cc d7 Data Ascii: Wh&Ez]gxTO?`=>Vs-cEmDr#*)\|{OA<W16:5cbeQ]U3S\|\|\|Kql[fnt4LG">""" <xuL4sbiO5}xw<{C.EqrQUc&'\|q?
2025-01-13 14:44:38 UTC	1390	IN	Data Raw: 99 91 ab ca b5 83 19 94 dc fc 73 67 f5 55 5b fc 31 57 bf ed fb ab f9 fa 6d cf fa 7b a8 7c 28 cb 14 89 dd 7b b5 16 ac db b6 63 7b ed df 77 8f 5f 0c 88 eb 9c 2f 89 38 e6 d3 1a 9e dd cd 6d db b8 9d 6b bb 5a f3 f5 6e f2 9e ed e0 7c 43 92 df e2 3b 2b 9b 9c 9d ae 2e 35 ac bb f6 35 ba 4c cc ef c5 6a e4 d5 14 55 54 d8 b7 54 53 e6 68 ab c4 4c ff 00 64 5c 5e 8b cb e5 e0 8e 45 3b 62 93 33 11 36 bd 6b b9 8f 3f 6a 63 f1 49 c9 ea fc 6e 2e 69 c1 7d cd a2 22 66 22 b6 b6 a2 7c 78 89 fc 13 5a 4e 7f c6 37 fb eb bc 67 03 2e fd 3b 4b 3a cc 5d bd 58 b9 18 b7 2c 57 fa 5c 8f 68 b7 5f 8a e9 8f bf 34 cc 55 4f f3 4c f8 8a a2 26 55 b3 f0 33 f1 f1 46 7b c7 b6 6d 35 dc 4c 4f ad 7c c7 a7 f1 3e 27 ee 58 c3 cd c3 9f 2c e1 ac fb b5 16 d4 c4 c7 a4 f8 f3 fc fe 1f 7b 47 75 db 9c 0f 8f e5 6e Data Ascii: sgU[1Wm{\|({c{w_/8mkZn\|C;+.55LjUTTShLd\^E;b36k?jcIn.i}"f"\|xZN7g.;K:]X,W\h_4UOL&U3F{m5LO\|>'X,{Gun
2025-01-13 14:44:38 UTC	1390	IN	Data Raw: e6 1f 9e 5e b9 e7 8b 93 e2 cc 7c bc e6 b7 7e a3 dd 11 df e7 7e 35 bd 6f d3 7a 5a 97 70 39 be cb e4 9f 39 ff 00 04 f3 2d 5e 86 69 e3 7a 39 bf 5e 6e a6 73 a9 bd e6 bc af 5f 58 8b d6 bd 7c 7d ff 00 bf 9f 31 fc 30 63 27 17 1f 44 e3 fc d6 29 bf bf 26 b5 6e dd 7a 57 fb 6d b6 dc d3 93 93 ab e7 f9 7c 91 4f 65 37 ba f7 6f d6 df 58 d2 67 b8 2f 59 eb fe c0 e0 5d c5 95 95 6e ce 0d ab b7 38 b7 20 c8 ff 00 45 1f a3 cc 88 aa cd da fe e7 c5 34 64 db a3 ff 00 ed ff 00 a2 af 48 89 ea 1c 3e 47 4d ac 6e de 99 29 1f dd 5f 31 1f 59 ac cf ec b1 d5 26 38 5c ac 1c fb 4e a3 d6 96 9f a5 bc 4f e5 16 88 fd d5 c7 20 d7 e5 5f f8 db b4 e7 db 4c 6a ed 6c b9 ef 2c d6 f2 3b d4 d7 1f be dd 8b bb 1c 7a 71 6d cf ff 00 0e 35 bb 31 e3 f8 f3 35 4f f7 6d 71 f2 56 bd 6a 9c 4c 73 ba e1 c7 6a 47 e7 Data Ascii: ^\|~~5ozZp99-^iz9^ns_X\|}10c'D)&nzWm\|Oe7oXg/Y]n8 E4dH>GMn)_1Y&8\NO _Ljl,;zqm515OmqVjLsjG
2025-01-13 14:44:38 UTC	1390	IN	Data Raw: 62 66 67 51 35 f3 3e 65 5b 3f 49 b7 26 d1 6c d8 71 4c c4 6b d7 bb c4 27 76 7c 2b 9d ee b8 9f f8 17 6d c5 fa f3 2f 8f fe 9e de 27 f4 eb d1 97 5d 8f c3 6f c7 a5 1e b3 4f f1 4f ad 3e 3f db c4 2a 63 e6 f1 30 f2 3e 6b 1e 4c b1 93 73 3d d1 db bd cf 99 fd 56 6f c5 e5 64 c3 f2 f7 a6 39 a6 a2 35 ee d6 a3 c7 ec cf b4 e2 fd 8b ba d2 db e3 bb 5e 3d d7 d9 5a cb 53 62 68 c4 b9 19 73 6a 99 b3 55 35 5a f1 4f af 88 f5 aa 8a 66 3f db d6 1c e2 e5 70 b0 e5 9c d8 ef 92 2d 3b f5 f6 ef d7 cf df f7 ed d6 4e 3f 2f 36 3f 85 7a 63 9a fa 7a 7b b5 e9 e3 f6 40 72 be 9b da f3 8d bd 5b fe 5b d7 7d 63 b5 d8 d7 6a 8b 15 65 64 da cb ae e4 db a7 cf ad 33 57 af f1 1e 67 c7 fd d6 f8 bd 63 1f 07 1f c2 e3 e6 cb 5a f9 d4 76 e9 5b 93 d2 f2 73 2f f1 33 e2 c5 6b 7e 33 dc 95 db 70 3e 6b bd d1 6b f8 Data Ascii: bfgQ5>e[?I&lqLk'v\|+m/']oOO>?*c0>kLs=Vod95^=ZSbhsjU5ZOf?p-;N?/6?zcz{@r[[}cjed3WgcZv[s/3k~3p>kk
2025-01-13 14:44:38 UTC	1237	IN	Data Raw: e7 98 9f e2 41 f4 00 7c f3 11 fc c8 3e 80 00 00 00 00 00 00 00 00 00 00 00 f8 0f a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e2 fb af 90 ed b8 97 4d f3 ce 57 a0 c9 fd 3e cf 4d c6 76 9b 0c 2b de 91 57 e3 bf 67 12 e5 cb 75 7a cf d4 f8 aa 98 9f 13 f5 f4 0f 31 75 27 69 76 66 87 9e f4 66 a2 ff 00 7c e4 f6 5d 1d a9 a6 b9 99 c8 b4 59 f8 ba f9 c9 d3 45 3a d8 ca 8c db 57 30 ed db aa d5 a8 bd e2 cc d3 7a 2a 8a bd e2 22 7d a0 17 46 b7 e4 a5 5f e3 be 3f c3 b9 87 4d f3 ae 21 89 cb f3 72 35 ba 0d c6 e2 d6 1c 63 e6 65 da b5 5d d8 b3 5d 16 af d7 7a c5 55 db b5 72 aa 3f 2d 14 fb 45 33 e7 c4 fd 02 17 e3 47 c8 1e c5 ed fe 4f cf f4 7c c3 a9 f7 7a Data Ascii: A\|>MW>Mv+Wguz1u'ivff\|]YE:W0z*"}F_?M!r5ce]]zUr?-E3GO\|z
2025-01-13 14:44:38 UTC	1390	IN	Data Raw: 95 5b 1b 96 31 ea ab 1e dd 19 71 77 06 dc 63 45 31 73 0a 2a a2 89 a2 9b be 6b 98 88 f7 fb 88 f0 16 47 28 f9 7d c5 b8 c6 67 23 ce b7 d7 fc bf 6d c3 78 56 cf fa 37 26 e6 18 36 71 aa d7 eb 72 e9 aa 9a 6f c7 e3 aa f5 39 17 e8 b1 55 71 4d ea ed 5a aa 28 98 aa 3e fd 6a f0 16 37 6f 76 be 8b a6 78 25 fe c5 e4 78 19 d9 7a 7c 2c ac 2b 19 75 e0 d3 45 75 63 da c8 c8 b7 63 f3 d5 15 55 4f 9b 74 4d da 6a ab c7 99 8a 7c cc 44 f8 04 25 3f 22 fa ea 3b a3 91 f4 76 46 5d fc 7d df 16 e3 96 f9 3e 7e 45 ca 69 fd 35 38 b5 4f ef a6 2a 89 f6 f7 a2 89 b5 5d 51 eb e3 d6 ed 13 13 3f 7e 02 bc d1 fc 8a b3 cc 39 56 8f 95 71 7d 47 62 64 df de f5 7e 47 30 d6 f0 ef c7 ad a3 1f 2f 1b f5 d6 a8 b7 7a 6a ae b8 aa 32 aa a6 ed 13 4c 7e 58 b5 f8 aa 9f 3f bf ea 42 aa dd fc 9d ec ee 61 f0 e7 84 77 Data Ascii: [1qwcE1skG(}g#mxV7&6qro9UqMZ(>j7ovx%xz\|,+uEuccUOtMj\|D%?";vF]}>~Ei58O]Q?~9Vq}Gbd~G0/zj2L~X?Baw

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:38 UTC	1211	OUT	GET /api/2.0/internal_files/1748539458374/versions/1925739332568/representations/jpg_1024x1024/content/?access_token=1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6&shared_link=https%3A%2F%2Fapp.box.com%2Fs%2Fit1hhxczqyf0qxif41bma48tat7sqs32&box_client_name=box-content-preview&box_client_version=3.0.0 HTTP/1.1 Host: public.boxcloud.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 14:44:39 UTC	541	IN	HTTP/1.1 200 OK server: nginx date: Mon, 13 Jan 2025 14:44:39 GMT content-type: image/jpeg Content-Length: 23540 expires: Tue, 14 Jan 2025 00:31:19 -0800 accept-ranges: bytes x-xss-protection: 1; mode=block cache-control: max-age=28800, private x-envoy-upstream-service-time: 333 referrer-policy: no-referrer x-robots-tag: noindex, nofollow pragma: cache x-content-type-options: nosniff strict-transport-security: max-age=31536000 via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-13 14:44:39 UTC	849	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff e1 00 de 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 01 1a 00 05 00 00 00 01 00 00 00 4a 01 1b 00 05 00 00 00 01 00 00 00 52 01 28 00 03 00 00 00 01 00 01 00 00 02 13 00 03 00 00 00 01 00 01 00 00 87 69 00 04 00 00 00 01 00 00 00 5a 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 05 90 00 00 07 00 00 00 04 30 32 33 32 91 01 00 07 00 00 00 04 01 02 03 00 92 86 00 07 00 00 00 39 00 00 00 9c a0 00 00 07 00 00 00 04 30 31 30 30 a0 01 00 03 00 00 00 01 ff ff 00 00 00 00 00 00 41 53 43 49 49 00 00 00 70 64 66 57 69 64 74 68 3a 36 31 32 2e 30 30 70 74 73 2c 70 64 66 48 65 69 67 68 74 3a 37 39 32 2e 30 30 70 74 73 2c 6e 75 6d 50 61 67 65 73 3a 31 00 ff db 00 43 00 03 02 02 02 02 02 Data Ascii: JFIFExifMM*JR(iZ023290100ASCIIpdfWidth:612.00pts,pdfHeight:792.00pts,numPages:1C
2025-01-13 14:44:39 UTC	1390	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-13 14:44:39 UTC	1390	IN	Data Raw: 5d d5 ae e8 8e f3 eb 7d 2e 83 73 c8 b5 39 7b 8d 06 d3 8f 6e ee 6c b0 33 68 c6 aa 98 bf 66 bf cb 66 cd db 57 29 8a a2 af 33 4c d3 31 f5 e7 cf d0 3b ee f3 ee 4d 07 45 75 e6 67 3c de eb f3 b6 77 22 fd 8d 7e b7 57 81 47 b6 4e cb 61 91 72 2d e3 e2 da 89 fa f6 ae ba a2 3c cf f1 11 33 f7 e3 c4 85 39 ca be 43 7c 98 e9 bd 15 ae ce ef 0e 8c e2 98 dc 0e d5 db 1f d6 6a e3 5c 9a f6 7e d3 45 8f 76 aa 69 9b f7 ac dc c7 a2 d5 fa 2d d5 54 45 7f 86 b9 f1 1e 66 3c c4 4c 82 c9 da 77 85 ec 4f 90 9c 37 a6 b0 74 f8 d9 5a ee 59 c5 f6 3c 8e 9d a4 64 4f b5 1f a7 b9 6a 9a 28 a6 8f 1e 2a a6 b8 bb e7 cf 98 98 06 cf 29 ee 1c ee 3d f2 0b 83 74 b5 9d 1d 9b f8 fc bb 47 b8 db 5c ce aa fc d3 72 c5 58 53 62 29 a2 9a 3c 78 aa 2a fc d3 e6 66 63 c7 88 05 7b 8f f2 0f bc 3b 67 92 72 5c 7f 8d dd Data Ascii: ]}.s9{nl3hffW)3L1;MEug<w"~WGNar-<39C\|j\~Evi-TEf<LwO7tZY<dOj()=tG\rXSb)<xfc{;gr\
2025-01-13 14:44:39 UTC	1390	IN	Data Raw: fd 2b c6 fe 2e f1 0d 17 36 ec 4e 39 c5 37 5c 07 4d 6b 43 c8 b5 3b 8d 85 ac 3c cd 7e 5e 15 3f 8a ed 37 2c 5c aa 2b f3 54 d1 ed 1e 22 7d bd bc 47 99 f3 00 f3 c7 29 d0 6c b3 7e 11 72 ae 69 7a de 7e 93 0b b4 7b bb 1f 95 e9 62 68 9b 39 36 35 d9 7b 5c 6b 78 f7 e2 9a e3 cd 15 57 4d af cd 4f 98 ff 00 9e 27 ee 01 79 70 3e 2b 77 a2 be 6b e1 e9 bb 23 97 6e b9 d4 f6 2f 18 c9 b1 c2 b9 37 25 c8 fc b9 fa eb d8 97 22 e6 66 aa 8f 48 a6 c4 51 72 dd 54 5e 8a a8 b7 4d 73 e9 34 cf 90 75 5f 3e 2c e5 eb 3a ff 00 81 76 6f e8 f2 72 b4 fd 71 d8 9a 1e 55 bd a3 1e cd 57 ab a3 5b 62 f4 d3 7e f7 a5 3f 75 7e 38 b9 15 fd 7f 1e be 7f 88 99 04 3f cc 6f 92 7d 21 ba f8 c3 cb 78 e7 13 ec ae 2f c9 b7 3c ff 00 53 57 1e e3 da cd 66 db 1f 23 23 37 2b 37 c5 9b 53 4d 14 57 33 4d 34 cd 7e f5 55 57 Data Ascii: +.6N97\MkC;<~^?7,\+T"}G)l~riz~{bh965{\kxWMO'yp>+wk#n/7%"fHQrT^Ms4u_>,:vorqUW[b~?u~8?o}!x/<SWf##7+7SMW3M4~UW
2025-01-13 14:44:39 UTC	1390	IN	Data Raw: 3e a2 22 22 22 20 1c 96 fb a6 ba 8b 94 ef a9 e5 3c 9b ab 78 8e db 75 4c d3 34 ec 73 b4 98 b7 f2 62 69 ff 00 4f f9 b5 d1 35 7d 78 fa fb fa fe c0 e8 77 3c 7b 43 c8 b0 a9 d6 f2 0d 2e 06 cf 12 8b b6 ef d3 8f 99 8d 45 eb 71 72 dd 51 55 ba e2 9a e2 63 da 9a a2 26 27 c7 98 98 89 80 7c d9 71 de 3f b9 cc d7 ec 76 fa 3d 7e 6e 56 a6 f4 e4 e0 5f c9 c5 a2 ed cc 4b b3 4c d3 37 2d 55 54 4c db aa 69 99 8f 6a 7c 4f 89 f0 0d fb 96 ed dd b7 55 9b b6 e9 ae 8a e2 69 aa 9a a3 cc 4c 4f f3 13 1f ec 0a e3 33 e3 5f c7 cc dc 0d a6 b6 f7 48 f0 5a 2c 6e ec 57 8d b0 8b 3a 0c 5b 35 64 5b aa 62 66 2a ae 8a 22 af e6 22 af 31 31 31 54 44 c7 dc 79 06 e7 13 e9 2e 01 c5 7a e2 cf 53 5e d7 5f e4 7c 5f 1e aa e2 d6 17 25 bf 3b 78 a6 d4 d7 35 d3 66 6a c9 f7 9a ed d1 e7 c5 11 57 9f 5a 62 22 27 e8 Data Ascii: >""" <xuL4sbiO5}xw<{C.EqrQUc&'\|q?v=~nV_KL7-UTLij\|OUiLO3_HZ,nW:[5d[bf*""111TDy.zS^_\|_%;x5fjWZb"'
2025-01-13 14:44:39 UTC	1390	IN	Data Raw: 78 89 fc 13 5a 4e 7f c6 37 fb eb bc 67 03 2e fd 3b 4b 3a cc 5d bd 58 b9 18 b7 2c 57 fa 5c 8f 68 b7 5f 8a e9 8f bf 34 cc 55 4f f3 4c f8 8a a2 26 55 b3 f0 33 f1 f1 46 7b c7 b6 6d 35 dc 4c 4f ad 7c c7 a7 f1 3e 27 ee 58 c3 cd c3 9f 2c e1 ac fb b5 16 d4 c4 c7 a4 f8 f3 fc fe 1f 7b 47 75 db 9c 0f 8f e5 6e f0 f6 9b 8a ad 5d e3 d7 35 f6 76 31 4e 35 ca a2 cd cc da a2 9c 7a 7c c5 3e 26 6a 99 89 98 8f 3e b1 31 33 e2 25 2e 1e 93 cb e4 57 1d b1 d7 d2 fd d3 5f 58 f5 ec fb 5f b7 f3 f7 22 cd d4 f8 b8 2d 7a de df 63 b7 7e 93 e9 dd e3 f7 fe 3e f6 97 28 ee fe 07 c4 b9 2e 47 11 d8 d7 ba c9 da e2 63 da ca c8 b1 ad d1 e6 67 7e 2b 77 66 af c7 35 55 62 dd 51 4f 9f 4a bc 44 cf f6 4b c5 e8 9c be 5e 08 e4 53 b6 2b 33 31 13 6b d6 bb 98 f3 f6 a6 3f 14 7c 9e af c6 e2 e6 9c 17 dc da 22 Data Ascii: xZN7g.;K:]X,W\h_4UOL&U3F{m5LO\|>'X,{Gun]5v1N5z\|>&j>13%.W_X_"-zc~>(.Gcg~+wf5UbQOJDK^S+31k?\|"
2025-01-13 14:44:39 UTC	1390	IN	Data Raw: 89 ea 1c 3e 47 4d ac 6e de 99 29 1f dd 5f 31 1f 59 ac cf ec b1 d5 26 38 5c ac 1c fb 4e a3 d6 96 9f a5 bc 4f e5 16 88 fd d5 c7 20 d7 e5 5f f8 db b4 e7 db 4c 6a ed 6c b9 ef 2c d6 f2 3b d4 d7 1f be dd 8b bb 1c 7a 71 6d cf ff 00 0e 35 bb 31 e3 f8 f3 35 4f f7 6d 71 f2 56 bd 6a 9c 4c 73 ba e1 c7 6a 47 e7 14 b4 da 7f 5b 4c b2 33 d2 67 a4 5b 95 78 d5 b2 de b7 fd 26 f5 ed 8f d2 b1 0e ba ad 77 39 cf f9 25 cf e3 85 f3 2d 66 82 68 d0 68 bf 3c e7 6a 27 3a 2e fd e5 7a fa f8 bd 6b d7 c7 df 9f e7 cf 98 fe 19 d1 93 8b 8f a2 f1 fe 67 1c df df 93 5a b7 6e be cf f6 db 6b f3 4e 4d fa be 7f 97 c9 14 f6 d3 7b af 76 fe d7 d6 1f 3b d3 92 55 d3 dd 85 a8 ed 9a 6b a2 6d ed b8 ce d3 8f e4 55 31 e2 8b 99 96 ad ce 5e 0c 78 8f ef 5d 74 5e a2 3c ff 00 1e 62 1f 7a 1f 1b fa bf 0e fd 3f fd Data Ascii: >GMn)_1Y&8\NO _Ljl,;zqm515OmqVjLsjG[L3g[x&w9%-fhh<j':.zkgZnkNM{v;UkmU1^x]t^<bz?
2025-01-13 14:44:39 UTC	1390	IN	Data Raw: ef d7 cf df f7 ed d6 4e 3f 2f 36 3f 85 7a 63 9a fa 7a 7b b5 e9 e3 f6 40 72 be 9b da f3 8d bd 5b fe 5b d7 7d 63 b5 d8 d7 6a 8b 15 65 64 da cb ae e4 db a7 cf ad 33 57 af f1 1e 67 c7 fd d6 f8 bd 63 1f 07 1f c2 e3 e6 cb 5a f9 d4 76 e9 5b 93 d2 f2 73 2f f1 33 e2 c5 6b 7e 33 dc 95 db 70 3e 6b bd d1 6b f8 ce e7 89 75 d6 6e ab 55 5e 3d cc 2c 4b f4 65 d7 6b 1e ab 11 11 6a 68 a6 69 fa 9a 62 3c 42 be 2e 77 17 06 5b 67 c7 93 2c 5e db dc c7 6e e7 7e 77 eb f7 a6 c9 c3 e4 e5 c7 5c 37 a6 39 ad 75 a8 f7 6a 35 e1 9f 6b c4 bb 07 77 bb d4 f2 3d bf 1a eb dc cd a6 8a ab 95 eb 72 ef 53 97 55 dc 4a ae 53 eb 5c db aa 69 f3 4f 98 fa 9f fb 39 c5 cb e1 e0 c5 7c 38 ef 92 2b 7d 77 44 76 ea 75 e3 7e ae b2 71 b9 79 72 57 2d e9 8e 6d 5d ea 7d db 8d f9 d2 4f 2f 1f b7 f3 f1 6f 60 e6 61 70 Data Ascii: N?/6?zcz{@r[[}cjed3WgcZv[s/3k~3p>kkunU^=,Kekjhib<B.w[g,^n~w\79uj5kw=rSUJS\iO9\|8+}wDvu~qyrW-m]}O/o`ap
2025-01-13 14:44:39 UTC	1237	IN	Data Raw: f9 c9 d3 45 3a d8 ca 8c db 57 30 ed db aa d5 a8 bd e2 cc d3 7a 2a 8a bd e2 22 7d a0 17 46 b7 e4 a5 5f e3 be 3f c3 b9 87 4d f3 ae 21 89 cb f3 72 35 ba 0d c6 e2 d6 1c 63 e6 65 da b5 5d d8 b3 5d 16 af d7 7a c5 55 db b5 72 aa 3f 2d 14 fb 45 33 e7 c4 fd 02 17 e3 47 c8 1e c5 ed fe 4f cf f4 7c c3 a9 f7 7a 2c 4e 39 c9 f3 f5 98 99 f7 a7 0e 2c d8 b7 6a 8b 13 4e 1d e8 b7 91 5d 75 64 c7 e4 aa a9 aa 9a 66 df ac d3 fb bc fd 03 8f f9 25 da 39 da 0f 91 7c 77 81 6f 3e 49 64 75 0f 12 bf c1 f3 f7 77 33 ad 4e ba 88 c9 d8 5b cd b3 6e 8a 26 bc db 37 29 9f f2 ea b9 3e 94 f8 99 f5 04 c7 57 fc 98 e4 ba 3f 8e dc 57 9d f7 0e 97 6d bc e4 fc 9b 75 7f 43 c7 71 35 3a a8 c6 ce e4 fe 6f de 8c 3c 9b 78 b7 2a a2 9c 78 bd 8f 6b f3 d5 35 d5 45 14 d1 13 5f 98 89 88 06 8f 70 fc 90 c8 e4 bd 05 Data Ascii: E:W0z"}F_?M!r5ce]]zUr?-E3GO\|z,N9,jN]udf%9\|wo>Iduw3N[n&7)>W?WmuCq5:o<xxk5E_p
2025-01-13 14:44:39 UTC	1390	IN	Data Raw: 16 e3 96 f9 3e 7e 45 ca 69 fd 35 38 b5 4f ef a6 2a 89 f6 f7 a2 89 b5 5d 51 eb e3 d6 ed 13 13 3f 7e 02 bc d1 fc 8a b3 cc 39 56 8f 95 71 7d 47 62 64 df de f5 7e 47 30 d6 f0 ef c7 ad a3 1f 2f 1b f5 d6 a8 b7 7a 6a ae b8 aa 32 aa a6 ed 13 4c 7e 58 b5 f8 aa 9f 3f bf ea 42 aa dd fc 9d ec ee 61 f0 e7 84 77 17 20 e3 7c 9b 8a ec ef 72 0e 27 77 2f 33 59 f8 e2 37 36 2f 67 5b fc f1 87 67 1e f5 cb b3 6e ba 63 d3 f1 5c 8a 6a ab de 23 d6 62 7c 83 d2 dd 59 df 38 9d 8b cb b7 9d 7f b8 e0 1c 9f 85 72 6d 26 1e 36 d6 75 9b fa 31 bf 26 4e bf 22 aa e8 b5 93 6e ac 7b b7 68 9a 7d ed 57 4d 54 cd 51 55 15 47 89 80 4a 63 f7 4f 14 9e c9 e5 dd 65 b5 b3 97 a9 cf e2 3a 5c 4e 45 7b 27 36 28 a3 1f 2f 5d 7f f2 c5 57 ec d5 15 4d 53 4d aa ec d5 45 cf 68 a7 c4 cd 3e 3c c4 f9 07 07 63 e5 be 9f Data Ascii: >~Ei58O*]Q?~9Vq}Gbd~G0/zj2L~X?Baw \|r'w/3Y76/g[gnc\j#b\|Y8rm&6u1&N"n{h}WMTQUGJcOe:\NE{'6(/]WMSMEh><c

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Software Vulnerabilities

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 174

Chrome Cache Entry: 175

Chrome Cache Entry: 176

Chrome Cache Entry: 177

Chrome Cache Entry: 178

Chrome Cache Entry: 179

Chrome Cache Entry: 180

Chrome Cache Entry: 181

Chrome Cache Entry: 182

Chrome Cache Entry: 183

Chrome Cache Entry: 184

Chrome Cache Entry: 185

Chrome Cache Entry: 186

Chrome Cache Entry: 187

Chrome Cache Entry: 188

Chrome Cache Entry: 189

Chrome Cache Entry: 190

Chrome Cache Entry: 191

Chrome Cache Entry: 192

Windows Analysis Report
https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:39 UTC	1701	OUT	GET /2.0/files/1748539458374?fields=content_created_at,content_modified_at,created_at,created_by,modified_at,modified_by,owned_by,description,metadata.global.boxSkillsCards,expires_at,version_limit,version_number,is_externally_owned,restored_from,uploader_display_name HTTP/1.1 Host: api.box.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Language: en-US X-Box-Client-Name: ContentSidebar sec-ch-ua-mobile: ?0 X-Rep-Hints: [3d][pdf][text][mp3][json][jpg?dimensions=1024x1024&paged=false][jpg?dimensions=2048x2048,png?dimensions=2048x2048][dash,mp4][filmstrip] Authorization: Bearer 1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: application/json BoxApi: shared_link=https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 sec-ch-ua-platform: "Windows" Origin: https://app.box.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/ Accept-Encoding: gzip, deflate, br
2025-01-13 14:44:39 UTC	433	IN	HTTP/1.1 200 OK date: Mon, 13 Jan 2025 14:44:39 GMT content-type: application/json access-control-allow-origin: * x-envoy-upstream-service-time: 119 vary: Origin etag: "6" box-request-id: 05c3b3a0e9f330d25320641433870e035 cache-control: no-cache, no-store strict-transport-security: max-age=31536000 via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2025-01-13 14:44:39 UTC	722	IN	Data Raw: 32 63 36 0d 0a 7b 22 74 79 70 65 22 3a 22 66 69 6c 65 22 2c 22 69 64 22 3a 22 31 37 34 38 35 33 39 34 35 38 33 37 34 22 2c 22 65 74 61 67 22 3a 22 36 22 2c 22 63 6f 6e 74 65 6e 74 5f 63 72 65 61 74 65 64 5f 61 74 22 3a 22 32 30 32 35 2d 30 31 2d 31 33 54 30 35 3a 34 39 3a 34 34 2d 30 38 3a 30 30 22 2c 22 63 6f 6e 74 65 6e 74 5f 6d 6f 64 69 66 69 65 64 5f 61 74 22 3a 22 32 30 32 35 2d 30 31 2d 31 33 54 30 36 3a 30 37 3a 33 36 2d 30 38 3a 30 30 22 2c 22 63 72 65 61 74 65 64 5f 61 74 22 3a 22 32 30 32 35 2d 30 31 2d 31 33 54 30 35 3a 34 39 3a 34 34 2d 30 38 3a 30 30 22 2c 22 63 72 65 61 74 65 64 5f 62 79 22 3a 7b 22 74 79 70 65 22 3a 22 75 73 65 72 22 2c 22 69 64 22 3a 22 33 39 33 37 38 38 35 36 35 39 36 22 2c 22 6e 61 6d 65 22 3a 22 50 61 74 20 52 6f 62 65 Data Ascii: 2c6{"type":"file","id":"1748539458374","etag":"6","content_created_at":"2025-01-13T05:49:44-08:00","content_modified_at":"2025-01-13T06:07:36-08:00","created_at":"2025-01-13T05:49:44-08:00","created_by":{"type":"user","id":"39378856596","name":"Pat Robe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:40 UTC	671	OUT	GET /2.0/files/1748539458374?fields=content_created_at,content_modified_at,created_at,created_by,modified_at,modified_by,owned_by,description,metadata.global.boxSkillsCards,expires_at,version_limit,version_number,is_externally_owned,restored_from,uploader_display_name HTTP/1.1 Host: api.box.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: box_visitor_id=678526c81f7108.44421725; site_preference=desktop
2025-01-13 14:44:40 UTC	428	IN	HTTP/1.1 401 Unauthorized date: Mon, 13 Jan 2025 14:44:40 GMT strict-transport-security: max-age=31536000 www-authenticate: Bearer realm="Service", error="invalid_request", error_description="The access token was not found." box-request-id: 03218e115bb4e01bd74167a9a549290da x-envoy-upstream-service-time: 1 via: 1.1 google Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:40 UTC	1397	OUT	GET /api/2.0/internal_files/1748539458374/versions/1925739332568/representations/pdf/content/?access_token=1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6&shared_link=https%3A%2F%2Fapp.box.com%2Fs%2Fit1hhxczqyf0qxif41bma48tat7sqs32&box_client_name=box-content-preview&box_client_version=3.0.0 HTTP/1.1 Host: public.boxcloud.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://app.box.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 14:44:41 UTC	701	IN	HTTP/1.1 200 OK server: nginx date: Mon, 13 Jan 2025 14:44:41 GMT content-type: application/pdf Content-Length: 46554 access-control-allow-origin: * access-control-expose-headers: Accept-Ranges,Content-Encoding,Content-Length,Content-Range,Date,Retry-After expires: Tue, 14 Jan 2025 00:31:21 -0800 accept-ranges: bytes x-xss-protection: 1; mode=block cache-control: max-age=28800, private x-envoy-upstream-service-time: 387 referrer-policy: no-referrer x-robots-tag: noindex, nofollow pragma: cache x-content-type-options: nosniff vary: Origin strict-transport-security: max-age=31536000 via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-13 14:44:41 UTC	689	IN	Data Raw: 25 50 44 46 2d 31 2e 37 0d 0a 25 b5 b5 b5 b5 0d 0a 31 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 2f 50 61 67 65 73 20 32 20 30 20 52 2f 4c 61 6e 67 28 65 6e 2d 55 53 29 20 2f 53 74 72 75 63 74 54 72 65 65 52 6f 6f 74 20 31 31 20 30 20 52 2f 4d 61 72 6b 49 6e 66 6f 3c 3c 2f 4d 61 72 6b 65 64 20 74 72 75 65 3e 3e 2f 4d 65 74 61 64 61 74 61 20 32 39 20 30 20 52 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 20 33 30 20 30 20 52 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 32 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 73 2f 43 6f 75 6e 74 20 31 2f 4b 69 64 73 5b 20 33 20 30 20 52 5d 20 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 33 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 2f 50 61 72 65 6e 74 20 32 20 30 20 Data Ascii: %PDF-1.7%1 0 obj<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 11 0 R/MarkInfo<</Marked true>>/Metadata 29 0 R/ViewerPreferences 30 0 R>>endobj2 0 obj<</Type/Pages/Count 1/Kids[ 3 0 R] >>endobj3 0 obj<</Type/Page/Parent 2 0
2025-01-13 14:44:41 UTC	1390	IN	Data Raw: bd cb 34 f9 c1 06 fc 53 c6 8a 68 fa 37 c5 30 ee 25 2e b8 67 3d 0a 58 86 fe 4d 8f 9c f2 33 a7 f3 2e b7 ac f7 8d ff 44 f9 25 4d 0a 42 ef a7 c9 87 69 66 21 13 c1 6e d1 6c d8 ad 49 61 17 04 c5 55 1b d8 2a 92 3a b6 48 99 cc 85 f4 c8 9d 15 c6 fd 27 fc f0 f7 68 be 61 a0 df cf c0 ec ca 64 83 b0 16 b9 f1 1b 06 42 aa 90 43 8a cc 7b b2 ce 3a d4 93 bd c7 83 95 72 a4 9a 61 df a3 64 dd e2 36 6e 24 5c ce 7a 5f 3b c5 e0 1f f5 cb 8e 65 9f 59 2d 88 c8 36 fb c3 f5 3b f0 b1 4d 05 ac 08 0e d4 0e 52 5b 0a 7b 67 1b fc f1 c9 1e e2 e6 68 e2 6b e1 b5 8a a0 ef ed 3b 7b 2c bc 32 52 e4 16 36 d8 3d 5d 7f 3d 8a 22 3e 35 4a 0e 16 bf aa 9a bb 95 b7 c4 f2 61 14 c7 b1 ae 68 18 ef 31 c2 78 fa 58 35 79 2f 34 98 d3 a7 18 7b c0 eb e2 2f 78 58 5d 59 80 02 75 f5 1c 5b 64 da a4 be 80 2b cd e8 19 Data Ascii: 4Sh70%.g=XM3.D%MBif!nlIaU*:H'hadBC{:rad6n$\z_;eY-6;MR[{ghk;{,2R6=]=">5Jah1xX5y/4{/xX]Yu[d+
2025-01-13 14:44:41 UTC	1390	IN	Data Raw: 03 af 54 9a f7 9a af a4 3a 70 bc 85 b3 1e 88 3d 25 68 28 0f 85 5a 1e cb 85 9a 47 00 d7 3c ba 8e 95 b2 f3 f0 5b d0 f0 8f d5 fb 2a dc 80 be 89 f8 33 3d fa 3f 25 3e 4a d9 36 f3 4a 4f 37 15 2a 7b 74 52 49 9d 2b cf 7c ca 81 bf 62 7f 25 be 80 f6 04 3d 7b 64 10 87 5a 5b 36 d4 25 3e ca 95 5b b1 7a a0 d2 50 1c f7 ea b6 ad ee da b8 49 dd 65 b8 7b ed e3 bb ed e1 c7 6e 8c 37 e4 4b 69 8b ac ef 8e 6b 35 db 2b 23 82 4e f4 3b cb 71 6a d9 2d ca 19 1a 2f 3b ce 56 be 53 65 a1 30 5f 48 97 a1 33 9c 2b f2 20 6d a1 55 a3 1b 5b bc 4a 12 6a ed 59 9b e5 44 eb e5 be 33 ce b2 5e 20 5a 97 a4 65 8f 72 6a 74 4b bf 5c d0 d9 d2 af 0a 59 ea 79 cb 90 97 c5 0c 5b 58 1f 87 60 73 23 2b 76 53 cc 37 06 9b 5a fb 9b 6a 3d 76 bf 76 ea 3b df ac cb ae cd 7d 59 e1 7a ec d5 83 f9 84 ad cd fa 3a a6 d3 Data Ascii: T:p=%h(ZG<[3=?%>J6JO7{tRI+\|b%={dZ[6%>[zPIe{n7Kik5+#N;qj-/;VSe0_H3+ mU[JjYD3^ ZerjtK\Yy[X`s#+vS7Zj=vv;}Yz:
2025-01-13 14:44:41 UTC	1390	IN	Data Raw: 7e 0f 59 97 71 ef 21 9f b9 cf b1 d7 2d c7 4a 69 f1 26 9d f7 5b f1 88 d9 f8 3f 8d 09 a9 a7 8d dd ef f7 1f 6d c9 3b f2 33 3b 16 d3 9e ed 59 af 21 8d ca 8e 14 67 ba a7 a7 5f bb 87 d2 7a b4 e1 73 4a 33 36 f7 f4 1d c9 64 8c 29 96 d2 cc a5 98 df ef fc 76 bc 8c 41 df 37 fc 56 9c 32 c3 0d 94 6e ea a0 a1 47 cc bb 89 d2 8f b5 1e 69 da 16 2a d2 3e a3 26 6d b2 ce e3 b4 0e 1a 2b 1e a1 de 7a de 17 d4 24 ea a8 56 c5 8a d9 d4 64 9c 8e d8 cf 75 14 77 f9 7f 42 7a 20 15 88 4f c8 2d cb 68 e7 91 d3 f0 0d f5 d3 eb 58 4b ce df d3 9e 3f ab 61 5e 93 78 f1 8f 6e 45 d0 82 16 b4 a0 b1 69 d7 89 b0 a3 e6 d5 d0 de ff 66 5b fe 2c 66 18 4a 17 fe d1 6d 08 5a d0 82 16 b4 a0 fd cf cd f8 c8 ef fb 6f 1f 47 32 ed c7 43 ff 6d c3 50 4a 17 6b 77 02 17 d1 c5 ca 27 36 1f d2 da 0c ba d8 b8 90 2e 36 Data Ascii: ~Yq!-Ji&[?m;3;Y!g_zsJ36d)vA7V2nGi*>&m+z$VduwBz O-hXK?a^xnEif[,fJmZoG2CmPJkw'6.6
2025-01-13 14:44:41 UTC	1390	IN	Data Raw: 97 0d 8e ae 36 f1 7d 8e da 34 8e 96 0d ea eb 2a 6e 28 ea d6 c0 1e 95 9a 02 0d 0c d4 76 e4 76 6a 72 2c 02 37 46 09 8b 7c 9c e3 54 96 21 03 2b 17 3e 0d d5 e8 2e f9 14 13 5d 3e 9a ea aa 74 37 b8 ab dc 98 43 9e a9 95 b2 6f 72 ac f5 e7 5b 3a cd 5d 5a 56 5d a9 3f ed c0 2c a9 e8 91 e2 fc 3c 4e f9 28 0d d9 2a a1 15 62 0e 96 64 3b d4 63 d5 d3 63 f5 74 57 72 dc 61 d9 e3 55 b6 5b b6 ab b5 b5 be 9d 0c 19 72 2a 3b da 85 2e 4c 85 17 56 f9 a6 64 57 b9 7d 73 b3 dd 69 b2 9d fd fb b5 5b 28 22 ad a2 a6 10 6b b5 04 db 9d bb a4 d6 ed b2 b9 4a 5a 6b 3b 3a 5b e6 b6 b6 7b 3c ad 8b 8b 6b e6 8f c4 ba 68 75 8f af 6f 75 4f ab 1c e5 d0 1b 5f 5e b9 da 71 ba bc 77 0c 95 8a d2 8a 02 54 a5 51 41 bb 5b 9c 5f d6 ee 11 e7 4f ab ae dc 69 23 72 9d 5f 51 e9 d7 84 56 58 53 50 d5 de 1b 79 95 3b Data Ascii: 6}4n(vvjr,7F\|T!+>.]>t7Cor[:]ZV]?,<N(bd;cctWraU[r*;.LVdW}si[("kJZk;:[{<khuouO_^qwTQA[_Oi#r_QVXSPy;
2025-01-13 14:44:41 UTC	1390	IN	Data Raw: 4a 34 29 71 b2 12 27 29 b1 40 89 f9 4a cc 53 a2 51 89 06 25 ea 95 a8 53 62 ae 12 b5 4a d4 28 31 47 89 d9 4a cc 52 62 a6 12 33 94 a8 56 a2 4a 89 4a 25 4e 54 62 ba 12 5e 25 2a 94 98 a6 44 b9 12 65 4a 4c 55 62 8a 12 93 95 98 a4 c4 44 25 4a 95 98 a0 c4 78 25 c6 29 31 56 89 12 25 8a 95 28 52 a2 50 89 02 25 c6 28 e1 51 22 5f 89 d1 4a 9c a0 c4 28 25 8e 57 62 a4 12 23 94 c8 53 62 b8 12 c3 94 18 aa c4 10 25 72 95 18 ac c4 20 25 06 2a 91 a3 c4 00 25 fa 2b d1 4f 89 6c 25 8e 53 a2 af 12 7d 94 c8 52 22 53 89 0c 25 7a 2b e1 56 22 5d 89 34 25 5c 4a 38 95 48 55 22 45 89 5e 4a 38 94 48 56 22 49 89 44 25 12 94 88 57 22 4e 09 bb 12 b1 4a c4 28 11 ad 84 4d 89 28 25 22 95 b0 2a 11 a1 44 b8 12 61 4a 84 2a 61 51 c2 ac 44 88 12 26 25 8c 4a 18 94 d0 94 10 4a 50 40 88 4e 25 0e 2a Data Ascii: J4)q')@JSQ%SbJ(1GJRb3VJJ%NTb^%DeJLUbD%Jx%)1V%(RP%(Q"_J(%Wb#Sb%r %%+Ol%S}R"S%z+V"]4%\J8HU"E^J8HV"ID%W"NJ(M(%"DaJaQD&%JJP@N%*
2025-01-13 14:44:41 UTC	1390	IN	Data Raw: 74 11 47 5e c8 a9 56 a6 0b 98 ce 67 5a c7 b4 d6 1f 57 0b 3a cf 1f 37 17 74 2e d3 39 fe b8 46 d0 d9 4c 67 f9 e3 bc a0 16 7f 1c 36 63 71 a6 3f 6e 18 68 0d d3 6a 2e be 8a cb 9d c1 74 ba 3f ae 1e 74 1a 17 5f c9 b4 82 69 39 53 33 d3 32 a6 a5 5c f5 12 2e 7e 2a d3 62 7f 5c 1d 68 11 57 76 0a 47 2e 64 6a 62 3a 99 e9 24 a6 05 5c 6e 3e d3 3c 6e 59 23 17 6f 60 aa e7 c8 3a a6 b9 4c b5 4c 35 4c 73 98 66 73 a7 67 71 cb 66 32 cd e0 4e 57 73 d5 55 7c a3 4a a6 13 b9 b9 d3 f9 46 5e ae a5 82 69 1a 53 39 53 99 df ee 01 4d f5 db e5 1d a6 f8 ed 72 7a 4f f6 db cf 01 4d f2 db fb 83 26 72 48 29 d3 04 bf 1d e7 02 31 9e 53 e3 98 c6 b2 b3 c4 6f 5f 03 2a f6 db d7 81 8a fc f6 33 41 85 7e 7b 0b a8 c0 1f 53 02 1a c3 e4 61 ca 67 1a ed 8f c1 fb 5d 9c c0 a9 51 fe e8 2a d0 f1 4c 23 fd d1 72 Data Ascii: tG^VgZW:7t.9FLg6cq?nhj.t?t_i9S32\.~b\hWvG.djb:$\n><nY#o`:LL5Lsfsgqf2NWsU\|JF^iS9SMrzOM&rH)1So_3A~{Sag]Q*L#r
2025-01-13 14:44:41 UTC	1390	IN	Data Raw: 2a b0 18 58 04 9c 02 2c 04 9a 80 93 81 93 80 05 c0 7c 60 1e d0 08 34 00 f5 40 1d 30 17 a8 05 6a 80 39 c0 6c 60 16 30 13 98 01 54 03 55 40 25 70 22 30 1d f0 02 15 c0 34 a0 1c 28 03 a6 02 53 80 c9 c0 24 60 22 50 0a 4c 00 c6 03 e3 80 b1 40 09 50 0c 14 01 85 40 01 30 06 f0 00 f9 c0 68 e0 04 60 14 70 3c 30 12 18 01 e4 01 c3 81 61 c0 50 60 08 90 0b 0c 06 06 01 03 81 1c 60 00 d0 1f e8 07 64 03 c7 01 7d 81 3e 40 16 90 09 64 00 bd 01 37 90 0e a4 01 2e c0 09 a4 02 29 40 2f c0 01 24 03 49 40 22 90 00 c4 03 71 80 1d 88 05 62 80 68 c0 06 44 01 91 80 15 88 00 c2 81 30 20 14 b0 00 66 20 04 30 01 c6 31 9d b8 1a 00 0d 10 00 51 bd 80 4f 1c 04 0e 00 bf 00 fb 81 7d c0 bf 81 9f 81 7f 01 3f 01 3f 02 3f 00 df 03 ff 04 be 03 be 05 be 01 be 06 f6 02 5f 01 5f 02 ff 00 be 00 f6 00 Data Ascii: *X,\|`4@0j9l`0TU@%p"04(S$`"PL@P@0h`p<0aP``d}>@d7.)@/$I@"qbhD0 f 01QO}???__
2025-01-13 14:44:41 UTC	1237	IN	Data Raw: 3c f6 64 eb 8e 26 14 1d ea de d1 34 d4 10 b2 be c9 10 9d 2f cb 7b 42 9b f2 3d 9a 79 7d 13 2a 49 cc cf 4e 7e 31 fb c5 9c ec 17 b3 51 4d f6 c0 41 55 22 3a 2d 5a 87 3d 52 33 9b ed 21 ee f4 01 da d0 ac cc 61 b9 b9 83 47 6b 43 87 64 ba d3 23 35 dd 37 64 d8 f0 d1 86 dc c1 a9 9a c1 ae 3c a3 35 99 16 86 57 7f a9 36 4c 39 10 a2 ad 71 e7 4f cf 35 a5 26 47 d9 ad 21 26 ad 57 62 4c ff 51 19 b6 69 33 32 46 0d 48 31 1b cc 21 06 93 c5 dc 67 78 41 7a 69 53 71 fa bb e6 e8 94 b8 f8 94 18 8b 25 26 25 3e 2e 25 da 7c e0 3d 53 e4 be 7f 9a 22 f7 17 1a 9b f6 6f 30 84 1c 3f 33 bf b7 e1 9a 30 8b 66 0c 09 e9 48 4d 4c 3a ee f8 b4 f1 d3 a3 62 6d c6 f0 58 5b 74 bc c5 1c 13 1d d1 a7 68 e6 81 b5 71 bd 64 1d bd e2 e2 b8 ae 03 93 30 9c ee ce 7d c6 35 26 3b a5 53 26 fd 55 8e fb 4e ea dd b9 Data Ascii: <d&4/{B=y}*IN~1QMAU":-Z=R3!aGkCd#57d<5W6L9qO5&G!&WbLQi32FH1!gxAziSq%&%>.%\|=S"o0?30fHML:bmX[thqd0}5&;S&UN
2025-01-13 14:44:41 UTC	1390	IN	Data Raw: 72 c2 06 24 26 26 77 1c e3 36 23 17 64 6a ef 41 11 11 61 72 df 0a 93 fb 56 98 0d 81 61 61 88 0a 93 fb 56 98 7c 0a d4 b9 db 93 24 1f 49 ef 61 65 e1 89 09 d6 9c c4 41 03 42 9c 7d ca 9c 5e b5 b9 e7 c7 60 3f ce c5 00 bc 1e 78 40 d8 95 6d 5d 2a 7a c4 09 39 b9 b9 72 b7 9f 85 97 f3 11 eb 48 3c 54 49 8f c7 e9 16 72 33 c7 b6 2e dc 3d 26 aa be af 8b 5c b9 c3 eb 03 19 92 6d b1 3b 93 12 d2 62 2d da c1 5c 43 78 5c 8a 3d 2e d5 1e ae 1d 1c 2b 30 75 93 12 5d b1 e6 7e 8e f9 ae 81 bd 13 43 c5 0a 93 58 1b 9e ec cc 4c 5a 18 e5 88 8d 38 34 2b e6 ed df 60 0e 33 1b 8c e6 b0 10 bc 78 37 76 f9 37 1f d7 3b 22 b9 8f e3 97 13 0d 9b 53 8f 4b 0a 0f 8d 4d 89 e3 67 80 37 6b 34 9d 40 9b e5 33 d8 9a 15 15 65 0f 0c bb ce 51 01 b6 ea fc ad 1c 76 7b 60 d8 ed fa b0 a7 86 0d 18 30 58 0e fb e0 Data Ascii: r$&&w6#djAarVaaV\|$IaeAB}^`?x@m]*z9rH<TIr3.=&\m;b-\Cx\=.+0u]~CXLZ84+`3x7v7;"SKMg7k4@3eQv{`0X

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:42 UTC	1201	OUT	GET /api/2.0/internal_files/1748539458374/versions/1925739332568/representations/pdf/content/?access_token=1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6&shared_link=https%3A%2F%2Fapp.box.com%2Fs%2Fit1hhxczqyf0qxif41bma48tat7sqs32&box_client_name=box-content-preview&box_client_version=3.0.0 HTTP/1.1 Host: public.boxcloud.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 14:44:42 UTC	546	IN	HTTP/1.1 200 OK server: nginx date: Mon, 13 Jan 2025 14:44:42 GMT content-type: application/pdf Content-Length: 46554 expires: Tue, 14 Jan 2025 00:31:22 -0800 accept-ranges: bytes x-xss-protection: 1; mode=block cache-control: max-age=28800, private x-envoy-upstream-service-time: 485 referrer-policy: no-referrer x-robots-tag: noindex, nofollow pragma: cache x-content-type-options: nosniff strict-transport-security: max-age=31536000 via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-13 14:44:42 UTC	844	IN	Data Raw: 25 50 44 46 2d 31 2e 37 0d 0a 25 b5 b5 b5 b5 0d 0a 31 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 2f 50 61 67 65 73 20 32 20 30 20 52 2f 4c 61 6e 67 28 65 6e 2d 55 53 29 20 2f 53 74 72 75 63 74 54 72 65 65 52 6f 6f 74 20 31 31 20 30 20 52 2f 4d 61 72 6b 49 6e 66 6f 3c 3c 2f 4d 61 72 6b 65 64 20 74 72 75 65 3e 3e 2f 4d 65 74 61 64 61 74 61 20 32 39 20 30 20 52 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 20 33 30 20 30 20 52 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 32 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 73 2f 43 6f 75 6e 74 20 31 2f 4b 69 64 73 5b 20 33 20 30 20 52 5d 20 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 33 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 2f 50 61 72 65 6e 74 20 32 20 30 20 Data Ascii: %PDF-1.7%1 0 obj<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 11 0 R/MarkInfo<</Marked true>>/Metadata 29 0 R/ViewerPreferences 30 0 R>>endobj2 0 obj<</Type/Pages/Count 1/Kids[ 3 0 R] >>endobj3 0 obj<</Type/Page/Parent 2 0
2025-01-13 14:44:42 UTC	1390	IN	Data Raw: ac 08 0e d4 0e 52 5b 0a 7b 67 1b fc f1 c9 1e e2 e6 68 e2 6b e1 b5 8a a0 ef ed 3b 7b 2c bc 32 52 e4 16 36 d8 3d 5d 7f 3d 8a 22 3e 35 4a 0e 16 bf aa 9a bb 95 b7 c4 f2 61 14 c7 b1 ae 68 18 ef 31 c2 78 fa 58 35 79 2f 34 98 d3 a7 18 7b c0 eb e2 2f 78 58 5d 59 80 02 75 f5 1c 5b 64 da a4 be 80 2b cd e8 19 cd e6 f7 cd dd 3b ea 96 c5 8c 86 7a c6 0d ab e6 2b f0 8f 4e f7 ee 3f 8d 53 22 3b f4 cf 7d 55 7e 03 4d 10 fe cf 0d 0a 65 6e 64 73 74 72 65 61 6d 0d 0a 65 6e 64 6f 62 6a 0d 0a 35 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 46 6f 6e 74 2f 53 75 62 74 79 70 65 2f 54 72 75 65 54 79 70 65 2f 4e 61 6d 65 2f 46 31 2f 42 61 73 65 46 6f 6e 74 2f 42 43 44 45 45 45 2b 43 61 6c 69 62 72 69 2f 45 6e 63 6f 64 69 6e 67 2f 57 69 6e 41 6e 73 69 45 6e 63 6f 64 69 6e 67 2f 46 Data Ascii: R[{ghk;{,2R6=]=">5Jah1xX5y/4{/xX]Yu[d+;z+N?S";}U~Mendstreamendobj5 0 obj<</Type/Font/Subtype/TrueType/Name/F1/BaseFont/BCDEEE+Calibri/Encoding/WinAnsiEncoding/F
2025-01-13 14:44:42 UTC	1390	IN	Data Raw: 5f 48 97 a1 33 9c 2b f2 20 6d a1 55 a3 1b 5b bc 4a 12 6a ed 59 9b e5 44 eb e5 be 33 ce b2 5e 20 5a 97 a4 65 8f 72 6a 74 4b bf 5c d0 d9 d2 af 0a 59 ea 79 cb 90 97 c5 0c 5b 58 1f 87 60 73 23 2b 76 53 cc 37 06 9b 5a fb 9b 6a 3d 76 bf 76 ea 3b df ac cb ae cd 7d 59 e1 7a ec d5 83 f9 84 ad cd fa 3a a6 d3 93 4f ec 38 27 8f 0d 0a 65 6e 64 73 74 72 65 61 6d 0d 0a 65 6e 64 6f 62 6a 0d 0a 32 37 20 30 20 6f 62 6a 0d 0a 5b 20 32 32 36 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 35 37 39 20 30 20 30 20 36 31 35 20 34 38 38 20 34 35 39 20 30 20 30 20 32 35 32 20 30 20 30 20 34 32 30 20 30 20 36 34 36 20 36 36 32 20 35 31 Data Ascii: _H3+ mU[JjYD3^ ZerjtK\Yy[X`s#+vS7Zj=vv;}Yz:O8'endstreamendobj27 0 obj[ 226 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 579 0 0 615 488 459 0 0 252 0 0 420 0 646 662 51
2025-01-13 14:44:42 UTC	1390	IN	Data Raw: 2d cb 68 e7 91 d3 f0 0d f5 d3 eb 58 4b ce df d3 9e 3f ab 61 5e 93 78 f1 8f 6e 45 d0 82 16 b4 a0 b1 69 d7 89 b0 a3 e6 d5 d0 de ff 66 5b fe 2c 66 18 4a 17 fe d1 6d 08 5a d0 82 16 b4 a0 fd cf cd f8 c8 ef fb 6f 1f 47 32 ed c7 43 ff 6d c3 50 4a 17 6b 77 02 17 d1 c5 ca 27 36 1f d2 da 0c ba d8 b8 90 2e 36 34 d3 7a a0 5a 7b 5b d7 d5 da 75 74 a2 d6 42 25 da 89 64 34 d8 a1 3f a1 64 63 f1 ef fb 8e 16 b4 a0 05 2d 68 41 0b 5a d0 82 16 b4 a0 05 2d 68 41 fb f3 5b f7 ef 98 d2 d4 f7 cc ee be a3 7d cf d4 e3 9b f9 ff 8b ca ef 9b fa 77 cd c0 f7 cc e0 77 cc a0 05 2d 68 41 0b 5a d0 82 16 b4 a0 05 2d 68 41 0b 5a d0 82 16 b4 3f ce c4 6f fe 96 7c d0 82 16 b4 a0 05 2d 68 41 0b 5a d0 82 16 b4 a0 05 2d 68 41 0b 5a d0 82 16 b4 a0 05 2d 68 41 0b 5a d0 82 16 b4 a0 05 2d 68 41 0b 5a d0 Data Ascii: -hXK?a^xnEif[,fJmZoG2CmPJkw'6.64zZ{[utB%d4?dc-hAZ-hA[}ww-hAZ-hAZ?o\|-hAZ-hAZ-hAZ-hAZ
2025-01-13 14:44:42 UTC	1390	IN	Data Raw: fb b5 5b 28 22 ad a2 a6 10 6b b5 04 db 9d bb a4 d6 ed b2 b9 4a 5a 6b 3b 3a 5b e6 b6 b6 7b 3c ad 8b 8b 6b e6 8f c4 ba 68 75 8f af 6f 75 4f ab 1c e5 d0 1b 5f 5e b9 da 71 ba bc 77 0c 95 8a d2 8a 02 54 a5 51 41 bb 5b 9c 5f d6 ee 11 e7 4f ab ae dc 69 23 72 9d 5f 51 e9 d7 84 56 58 53 50 d5 de 1b 79 95 3b 5d 78 01 e8 5e 4d 7a a5 53 26 5c 32 21 6b 2a 47 c2 a2 c7 3b 76 7a 88 5a f4 5c a3 ee d0 d3 75 1d 82 74 9f 45 f9 04 d5 75 68 ec b3 f1 8d 32 f5 1b 79 70 ca aa eb 30 72 8e 47 45 1b e1 b3 b0 af 85 a3 fb 04 a2 2d c8 b1 c9 9c 5d 84 17 09 e9 99 6c ed 24 07 d8 13 66 f2 58 3c a1 9e 08 cd aa 61 48 a5 cb 0f cf 2e c4 86 0a da 1a 21 ac c2 d1 8e 3a cb 75 77 87 68 69 0f f5 38 76 ea 35 95 07 22 5b 10 29 7d 2d 5d 3e b4 5c 86 75 ab 08 f7 e3 8e 7b 0f f5 c0 5b 5d b9 35 82 50 bf 7e Data Ascii: [("kJZk;:[{<khuouO_^qwTQA[_Oi#r_QVXSPy;]x^MzS&\2!k*G;vzZ\utEuh2yp0rGE-]l$fX<aH.!:uwhi8v5"[)}-]>\u{[]5P~
2025-01-13 14:44:42 UTC	1390	IN	Data Raw: 8e 53 a2 af 12 7d 94 c8 52 22 53 89 0c 25 7a 2b e1 56 22 5d 89 34 25 5c 4a 38 95 48 55 22 45 89 5e 4a 38 94 48 56 22 49 89 44 25 12 94 88 57 22 4e 09 bb 12 b1 4a c4 28 11 ad 84 4d 89 28 25 22 95 b0 2a 11 a1 44 b8 12 61 4a 84 2a 61 51 c2 ac 44 88 12 26 25 8c 4a 18 94 d0 94 10 4a 50 40 88 4e 25 0e 2a 71 40 89 5f 94 d8 af c4 3e 25 fe ad c4 cf 4a fc 4b 89 9f 94 f8 51 89 1f 94 f8 5e 89 7f 2a f1 9d 12 df 2a f1 8d 12 5f 2b b1 57 89 af 94 f8 52 89 7f 28 f1 85 12 7b 94 f8 bb 12 9f 2b f1 99 12 9f 2a f1 89 12 7f 53 e2 63 25 3e 52 e2 43 25 3e 50 e2 7d 25 fe aa c4 7b 4a bc ab c4 3b 4a bc ad c4 5b 4a bc a9 c4 1b 4a bc ae c4 6b 4a bc aa c4 2b 4a bc ac c4 4b 4a bc a8 c4 0b 4a 3c af c4 73 4a 3c ab c4 33 4a 3c ad c4 53 4a 3c a9 c4 13 4a 3c ae c4 63 4a 3c aa c4 23 4a ec 56 Data Ascii: S}R"S%z+V"]4%\J8HU"E^J8HV"ID%W"NJ(M(%"DaJaQD&%JJP@N%q@_>%JKQ^_+WR({+Sc%>RC%>P}%{J;J[JJkJ+JKJJ<sJ<3J<SJ<J<cJ<#JV
2025-01-13 14:44:42 UTC	1390	IN	Data Raw: 5e ae a5 82 69 1a 53 39 53 99 df ee 01 4d f5 db e5 1d a6 f8 ed 72 7a 4f f6 db cf 01 4d f2 db fb 83 26 72 48 29 d3 04 bf 1d e7 02 31 9e 53 e3 98 c6 b2 b3 c4 6f 5f 03 2a f6 db d7 81 8a fc f6 33 41 85 7e 7b 0b a8 c0 1f 53 02 1a c3 e4 61 ca 67 1a ed 8f c1 fb 5d 9c c0 a9 51 fe e8 2a d0 f1 4c 23 fd d1 72 6a 8c 60 ca f3 47 8f 05 0d f7 47 57 82 86 f9 a3 ab 41 43 39 6f 08 53 ae 3f ba 1f 68 30 47 0e f2 47 cb 8e 0d f4 47 cb b5 99 c3 34 80 8b f7 e7 3b f4 63 ca e6 ca 8e 63 ea cb 95 f5 61 ca 62 ca 64 ca f0 47 cb 51 ea cd e4 e6 3a d3 b9 ce 34 ae cc c5 b5 38 99 52 b9 5c 0a 53 2f 26 07 53 32 53 92 df 36 0b 94 e8 b7 cd 06 25 f8 6d 73 40 f1 4c 71 4c 76 a6 58 a6 18 2e 10 cd 05 6c ec 8c 62 8a 64 b2 32 45 70 64 38 47 86 b1 33 94 c9 c2 64 66 0a e1 48 13 47 1a d9 69 60 d2 98 04 Data Ascii: ^iS9SMrzOM&rH)1So_3A~{Sag]QL#rj`GGWAC9oS?h0GGG4;ccabdGQ:48R\S/&S2S6%ms@LqLvX.lbd2Epd8G3dfHGi`
2025-01-13 14:44:42 UTC	1390	IN	Data Raw: 2f c0 01 24 03 49 40 22 90 00 c4 03 71 80 1d 88 05 62 80 68 c0 06 44 01 91 80 15 88 00 c2 81 30 20 14 b0 00 66 20 04 30 01 c6 31 9d b8 1a 00 0d 10 00 51 bd 80 4f 1c 04 0e 00 bf 00 fb 81 7d c0 bf 81 9f 81 7f 01 3f 01 3f 02 3f 00 df 03 ff 04 be 03 be 05 be 01 be 06 f6 02 5f 01 5f 02 ff 00 be 00 f6 00 7f 07 3e 07 3e 03 3e 05 3e 01 fe 06 7c 0c 7c 04 7c 08 7c 00 bc 0f fc 15 78 0f 78 17 78 07 78 1b 78 0b 78 13 78 03 78 1d 78 0d 78 15 78 05 78 19 78 09 78 11 78 01 78 1e 78 0e 78 16 78 06 78 1a 78 0a 78 12 78 02 78 1c 78 0c 78 14 78 04 d8 0d 3c 0c 3c 04 3c 08 3c 00 dc 0f ec 02 76 02 1d c0 0e e0 3e 60 3b b0 0d d8 0a f8 81 76 c0 07 dc 0b dc 03 dc 0d 6c 01 da 80 bb 80 bf 00 77 02 77 00 9b 81 db 81 db 80 5b 81 5b 80 9b 81 4d c0 4d c0 8d c0 0d c0 f5 c0 75 c0 b5 c0 46 Data Ascii: /$I@"qbhD0 f 01QO}???__>>>>\|\|\|\|xxxxxxxxxxxxxxxxxxxxxxxxxxx<<<<v>`;vlww[[MMuF
2025-01-13 14:44:42 UTC	606	IN	Data Raw: f8 94 18 8b 25 26 25 3e 2e 25 da 7c e0 3d 53 e4 be 7f 9a 22 f7 17 1a 9b f6 6f 30 84 1c 3f 33 bf b7 e1 9a 30 8b 66 0c 09 e9 48 4d 4c 3a ee f8 b4 f1 d3 a3 62 6d c6 f0 58 5b 74 bc c5 1c 13 1d d1 a7 68 e6 81 b5 71 bd 64 1d bd e2 e2 b8 ae 03 93 30 9c ee ce 7d c6 35 26 3b a5 53 26 fd 55 8e fb 4e ea dd b9 67 5b 84 4d 4c 74 77 04 44 66 47 e7 b7 db c2 21 c2 95 08 83 f0 24 4b 95 61 93 57 ab 7e 8d d0 af 9e 3e 22 43 66 f7 0b 17 93 7a bb 33 33 7e 88 08 8f 48 4c 4f 71 87 59 45 bc 31 82 22 6c 11 da bd ee 87 dd 2f b9 0d ee 08 77 44 4c 4a 79 8c d7 e4 a5 fc fc fc 98 11 23 72 72 66 cd 8a 4e 18 11 0d 19 9d 6b db 3b 38 3a 77 d0 40 91 3d 2b f0 f6 cf ce 76 78 52 51 65 44 c6 0f 4d dd eb ec 5e 4f a2 aa a8 ab 9a 6c d4 82 87 97 11 1f 1f a2 3f b1 2c 43 9a 21 d2 e0 4e cf cc 1c 36 5c Data Ascii: %&%>.%\|=S"o0?30fHML:bmX[thqd0}5&;S&UNg[MLtwDfG!$KaW~>"Cfz33~HLOqYE1"l/wDLJy#rrfNk;8:w@=+vxRQeDM^Ol?,C!N6\
2025-01-13 14:44:42 UTC	1390	IN	Data Raw: 1e c2 fd c5 d2 9c 75 ea 12 74 3b 47 7f ea 36 ee f6 60 2c f2 f6 4c bd 82 f0 26 ca 14 f1 06 94 b6 26 e9 c3 60 2d 0b 91 15 f8 9b 42 02 c3 80 2a e6 cc 9e 25 47 23 e3 f0 d1 88 d3 1d d1 87 49 c3 2a 63 98 d5 72 e0 0a 39 30 5a a3 c5 6a 31 99 70 39 18 22 fc 16 cc 05 63 28 f4 64 4d 58 ac 61 c6 b1 31 8e 18 0b 0f 92 25 c6 61 8f 71 44 5b 0e 9e 14 6a eb 15 1b 93 6c 33 1f 1c 64 89 76 c8 7f 5d bd a5 73 9f a1 02 e3 95 45 e7 e8 e3 65 8e 0d 8c 57 6c 60 bc 62 03 e3 15 1b 18 af d8 c0 78 c5 62 bc b6 5b 53 28 35 c5 8c 1e 6d 8d 8d 4d 0a e9 10 7d b6 a6 97 25 c9 05 15 d8 fd 72 1e 8f 1e d1 6d 54 62 65 e8 f6 26 c4 a6 cb e0 6d 4d 7a 34 96 4d d7 2e f7 1f 7d 56 9b 98 1a 15 43 05 fa 6f 3e 88 07 63 46 1f 75 ed b1 d8 5d c9 89 e9 76 0b 46 a4 44 f7 3e 1e db 0b 9d 1d 67 b6 39 e2 62 1d d1 a1 Data Ascii: ut;G6`,L&&`-B%G#Icr90Zj1p9"c(dMXa1%aqD[jl3dv]sEeWl`bxb[S(5mM}%rmTbe&mMz4M.}VCo>cFu]vFD>g9b

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:42 UTC	557	OUT	OPTIONS /2.0/events HTTP/1.1 Host: api.box.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: authorization,boxapi,content-type,x-box-client-name,x-box-client-version Origin: https://app.box.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://app.box.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 14:44:42 UTC	547	IN	HTTP/1.1 200 OK date: Mon, 13 Jan 2025 14:44:42 GMT strict-transport-security: max-age=31536000 access-control-allow-origin: * access-control-allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE vary: Origin box-request-id: 02be56602eb04ecc928cc80dd361e470a access-control-max-age: 1800 access-control-allow-headers: authorization,boxapi,content-type,x-box-client-name,x-box-client-version x-envoy-upstream-service-time: 1 via: 1.1 google Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:42 UTC	1410	OUT	POST /2.0/events HTTP/1.1 Host: api.box.com Connection: keep-alive Content-Length: 70 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" X-Box-Client-Version: 3.0.0 X-Box-Client-Name: box-content-preview sec-ch-ua-mobile: ?0 Authorization: Bearer 1!81GsgeLbvBfdvg_epjR4YXdhC34ifkJ-dEYeL_tDlzy5pPmSdBs4kOXU5NDsuixWfKiUBIX52dXH7xKcZUv9NRzNRgjX_p3EwyI4HetbLFqKAY1IiJqjcz51wxqOBx3qYI2vWaJ193-3hnT4u-BhVV32KbFribDCuvDwtGuZs6Tq--5P0NYeePVL2ca47nq1cNqmOBlI4XA8OArmMAoaKkY6cYoM08a6od562CilqdGPc3owoW28SUH7in447SsgXJNW68i6OfbzD0U6Vt4b27daeCiv34CSyFnWfj8XvC9ynPyAXeENtiO_lG_PaS1PFkAri0JN0DaufR-YHMxXRnoQXIhmxXvoNyI-Ip5XnYF-4w8EHQSMk0UCRNJ2fP5-sxMAEPM7rae5cQWLuR29gLy07jbseH-GT7NXFjjofHspX7LEABe-BgtQ1BEgk1jUb_fyyWzVrbGhNvkVNUgLntyAxCVywL7Apng9AUiSQ7FSi7TwsJZBrIjjk2yO6TBxMefyQbOubJwRJsPRofJZqSGdGzkNVhKeaGok-QK_vN_kUOEpj9hQHAu-8L4RWGIwVVUecPqorXyBJux_kFa1Di_Tu7dv-FWxcBsvxXK6 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Accept: application/json, text/plain, / BoxApi: shared_link=https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 sec-ch-ua-platform: "Windows" Origin: https://app.box.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.box.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 14:44:42 UTC	70	OUT	Data Raw: 7b 22 65 76 65 6e 74 5f 74 79 70 65 22 3a 22 70 72 65 76 69 65 77 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 74 79 70 65 22 3a 22 66 69 6c 65 22 2c 22 69 64 22 3a 22 31 37 34 38 35 33 39 34 35 38 33 37 34 22 7d 7d Data Ascii: {"event_type":"preview","source":{"type":"file","id":"1748539458374"}}
2025-01-13 14:44:43 UTC	370	IN	HTTP/1.1 204 No Content date: Mon, 13 Jan 2025 14:44:43 GMT access-control-allow-origin: * x-envoy-upstream-service-time: 222 vary: Origin box-request-id: 054e89eb343d76c535ddcb998d03d2a6b cache-control: no-cache, no-store strict-transport-security: max-age=31536000 via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:53 UTC	682	OUT	GET /verify/bfdocs HTTP/1.1 Host: login.hrmails.online Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 14:44:53 UTC	20	IN	HTTP/1.1 302 Found
2025-01-13 14:44:53 UTC	35	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 0d 0a Data Ascii: Cache-Control: no-cache, no-store
2025-01-13 14:44:53 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-01-13 14:44:53 UTC	25	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a Data Ascii: Content-Type: text/html
2025-01-13 14:44:53 UTC	41	IN	Data Raw: 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 68 72 6d 61 69 6c 73 2e 6f 6e 6c 69 6e 65 2f 0d 0a Data Ascii: Location: https://login.hrmails.online/
2025-01-13 14:44:53 UTC	158	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 32 32 61 63 2d 65 34 64 64 3d 38 30 65 66 30 63 62 30 63 65 31 62 65 66 65 36 64 66 62 33 36 61 30 34 65 65 39 34 37 38 34 32 38 33 35 39 63 35 33 38 64 30 35 38 62 63 62 37 34 65 39 64 64 37 38 37 63 33 66 62 38 32 36 38 3b 20 50 61 74 68 3d 2f 3b 20 44 6f 6d 61 69 6e 3d 68 72 6d 61 69 6c 73 2e 6f 6e 6c 69 6e 65 3b 20 45 78 70 69 72 65 73 3d 4d 6f 6e 2c 20 31 33 20 4a 61 6e 20 32 30 32 35 20 31 35 3a 34 34 3a 35 33 20 47 4d 54 0d 0a Data Ascii: Set-Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268; Path=/; Domain=hrmails.online; Expires=Mon, 13 Jan 2025 15:44:53 GMT
2025-01-13 14:44:53 UTC	28	IN	Data Raw: 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a Data Ascii: Transfer-Encoding: chunked
2025-01-13 14:44:53 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-13 14:44:53 UTC	3	IN	Data Raw: 30 0d 0a Data Ascii: 0
2025-01-13 14:44:53 UTC	2	IN	Data Raw: 0d 0a Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:53 UTC	880	OUT	POST /app-api/split-proxy/api/testImpressions/beacon HTTP/1.1 Host: app.box.com Connection: keep-alive Content-Length: 4027 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://app.box.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: z=e0nbhfs05jvfi7hinhshoqas1q; box_visitor_id=678526c81f7108.44421725; bv=ISF-17076; cn=88; site_preference=desktop; anonymousbanner=seen; csrf-token=fag2EmRuoXgR3F6jxcT3dekpzEMHhJXwg_v2ACjI54C
2025-01-13 14:44:53 UTC	4027	OUT	Data Raw: 7b 22 65 6e 74 72 69 65 73 22 3a 5b 7b 22 66 22 3a 22 65 6e 74 65 72 70 72 69 73 65 5f 70 65 6e 64 6f 5f 61 6e 61 6c 79 74 69 63 73 5f 64 69 73 70 6c 61 79 5f 67 75 69 64 65 73 22 2c 22 69 22 3a 5b 7b 22 6b 22 3a 22 2d 31 22 2c 22 74 22 3a 22 6f 6e 22 2c 22 6d 22 3a 31 37 33 36 37 37 39 34 37 30 32 38 38 2c 22 63 22 3a 31 37 33 31 36 30 31 30 39 34 37 38 31 2c 22 72 22 3a 22 64 65 66 61 75 6c 74 20 72 75 6c 65 22 7d 5d 7d 2c 7b 22 66 22 3a 22 75 73 65 72 5f 70 65 6e 64 6f 5f 61 6e 61 6c 79 74 69 63 73 5f 64 69 73 70 6c 61 79 5f 67 75 69 64 65 73 22 2c 22 69 22 3a 5b 7b 22 6b 22 3a 22 32 22 2c 22 74 22 3a 22 63 6f 6e 74 72 6f 6c 22 2c 22 6d 22 3a 31 37 33 36 37 37 39 34 37 30 32 38 39 2c 22 72 22 3a 22 6e 6f 74 20 72 65 61 64 79 22 7d 2c 7b 22 6b 22 3a 22 Data Ascii: {"entries":[{"f":"enterprise_pendo_analytics_display_guides","i":[{"k":"-1","t":"on","m":1736779470288,"c":1731601094781,"r":"default rule"}]},{"f":"user_pendo_analytics_display_guides","i":[{"k":"2","t":"control","m":1736779470289,"r":"not ready"},{"k":"
2025-01-13 14:44:53 UTC	366	IN	HTTP/1.1 204 No Content date: Mon, 13 Jan 2025 14:44:53 GMT content-type: application/json; charset=utf-8 access-control-allow-origin: * x-envoy-upstream-service-time: 3 strict-transport-security: max-age=31536000 box-request-id: 051cf1cab69da9017dfd722ea9e3e4c88 via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:53 UTC	753	OUT	GET / HTTP/1.1 Host: login.hrmails.online Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268
2025-01-13 14:44:53 UTC	20	IN	HTTP/1.1 302 Found
2025-01-13 14:44:53 UTC	35	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 0d 0a Data Ascii: Cache-Control: no-cache, no-store
2025-01-13 14:44:53 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-01-13 14:44:53 UTC	40	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: text/html; charset=utf-8
2025-01-13 14:44:53 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 33 20 4a 61 6e 20 32 30 32 35 20 31 34 3a 34 34 3a 35 33 20 47 4d 54 0d 0a Data Ascii: Date: Mon, 13 Jan 2025 14:44:53 GMT
2025-01-13 14:44:53 UTC	13	IN	Data Raw: 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a Data Ascii: Expires: -1
2025-01-13 14:44:53 UTC	44	IN	Data Raw: 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 72 6d 61 69 6c 73 2e 6f 6e 6c 69 6e 65 2f 6c 6f 67 69 6e 0d 0a Data Ascii: Location: https://www.hrmails.online/login
2025-01-13 14:44:53 UTC	101	IN	Data Raw: 4e 65 6c 3a 20 7b 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 30 31 2c 22 66 61 69 6c 75 72 65 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 7d 0d 0a Data Ascii: Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
2025-01-13 14:44:53 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-01-13 14:44:53 UTC	18	IN	Data Raw: 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Pragma: no-cache
2025-01-13 14:44:53 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:44:54 UTC	756	OUT	GET /login HTTP/1.1 Host: www.hrmails.online Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 22ac-e4dd=80ef0cb0ce1befe6dfb36a04ee9478428359c538d058bcb74e9dd787c3fb8268
2025-01-13 14:44:54 UTC	20	IN	HTTP/1.1 302 Found
2025-01-13 14:44:54 UTC	35	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 0d 0a Data Ascii: Cache-Control: no-cache, no-store
2025-01-13 14:44:54 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-01-13 14:44:54 UTC	24	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 7a 69 70 0d 0a Data Ascii: Content-Encoding: gzip
2025-01-13 14:44:54 UTC	40	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: text/html; charset=utf-8
2025-01-13 14:44:54 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 33 20 4a 61 6e 20 32 30 32 35 20 31 34 3a 34 34 3a 35 33 20 47 4d 54 0d 0a Data Ascii: Date: Mon, 13 Jan 2025 14:44:53 GMT
2025-01-13 14:44:54 UTC	833	IN	Data Raw: 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 68 72 6d 61 69 6c 73 2e 6f 6e 6c 69 6e 65 2f 63 6f 6d 6d 6f 6e 2f 6f 61 75 74 68 32 2f 76 32 2e 30 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 34 37 36 35 34 34 35 62 2d 33 32 63 36 2d 34 39 62 30 2d 38 33 65 36 2d 31 64 39 33 37 36 35 32 37 36 63 61 26 72 65 64 69 72 65 63 74 5f 75 72 69 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 25 32 46 6c 61 6e 64 69 6e 67 76 32 26 72 65 73 70 6f 6e 73 65 5f 74 79 70 65 3d 63 6f 64 65 25 32 30 69 64 5f 74 6f 6b 65 6e 26 73 63 6f 70 65 3d 6f 70 65 6e 69 64 25 32 30 70 72 6f 66 69 6c 65 25 32 30 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 25 32 46 Data Ascii: Location: https://login.hrmails.online/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2F
2025-01-13 14:44:54 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin
2025-01-13 14:44:54 UTC	25	IN	Data Raw: 52 65 71 75 65 73 74 2d 43 6f 6e 74 65 78 74 3a 20 61 70 70 49 64 3d 0d 0a Data Ascii: Request-Context: appId=
2025-01-13 14:44:54 UTC	114	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4f 48 2e 44 43 41 66 66 69 6e 69 74 79 3d 4f 48 2d 65 75 73 3b 20 50 61 74 68 3d 2f 3b 20 45 78 70 69 72 65 73 3d 4d 6f 6e 2c 20 31 33 20 4a 61 6e 20 32 30 32 35 20 32 32 3a 34 34 3a 35 34 20 47 4d 54 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a Data Ascii: Set-Cookie: OH.DCAffinity=OH-eus; Path=/; Expires=Mon, 13 Jan 2025 22:44:54 GMT; HttpOnly; Secure; SameSite=None
2025-01-13 14:44:54 UTC	138	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4f 48 2e 46 4c 49 44 3d 35 64 36 38 31 64 37 32 2d 62 39 36 33 2d 34 34 64 64 2d 61 30 66 36 2d 37 61 64 35 30 61 65 64 35 63 38 66 3b 20 50 61 74 68 3d 2f 3b 20 45 78 70 69 72 65 73 3d 54 75 65 2c 20 31 33 20 4a 61 6e 20 32 30 32 36 20 31 34 3a 34 34 3a 35 34 20 47 4d 54 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a Data Ascii: Set-Cookie: OH.FLID=5d681d72-b963-44dd-a0f6-7ad50aed5c8f; Path=/; Expires=Tue, 13 Jan 2026 14:44:54 GMT; HttpOnly; Secure; SameSite=None