| Source: 0.13.id.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: https://4x5seoz4hqc.opdrachtencentralebe.site/?jxb... This script demonstrates several high-risk behaviors, including data exfiltration and potential redirection to an untrusted domain. The script checks if it is running in an iframe and, if not allowed, attempts to redirect the top-level window to a URL containing an 'iframe-request-id' parameter. This behavior could be used for phishing or other malicious purposes, and the use of obfuscated code and unknown domains increases the risk. |
| Source: 0.4.id.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: https://4x5seoz4hqc.opdrachtencentralebe.site/?jxb... This JavaScript snippet exhibits several high-risk behaviors that raise concerns about its potential malicious intent:1. Dynamic Code Execution: The script uses the `eval()` function, which can execute remote or dynamic code, posing a significant security risk.2. Data Exfiltration: The script sends user data (e.g., cookies, session identifiers) to the external domain 'https://4x5seoz4hqc.opdrachtencentralebe.site', which is a potential indicator of data exfiltration.3. Obfuscated Code/URLs: The script contains heavily obfuscated URLs and query strings, making it difficult to determine the true purpose of the script.Additionally, the script interacts with several external domains, including 'aadcdn.msauth.net' and 'autologon.microsoftazuread-sso.com', which may be legitimate but require further investigation to confirm their trustworthiness.Overall, the combination of high-risk behaviors and the use of obfuscated code and URLs suggests that this script should be considered a high-risk security concern and requires further analysis and mitigation. |
| Source: 0.9.id.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: https://4x5seoz4hqc.opdrachtencentralebe.site/?jxb... This script exhibits several high-risk behaviors that indicate potential malicious intent:1. Dynamic Code Execution: The script uses the `$Config` object, which could be used to execute remote or dynamic code.2. Data Exfiltration: The script contains URLs that appear to be sending user data to external domains, such as `4x5seoz4hqc.opdrachtencentralebe.site` and `login.live.com`.3. Obfuscated Code/URLs: The script contains obfuscated or encoded strings, which is a common tactic used to hide malicious behavior.Additionally, the script appears to be attempting to mimic legitimate Microsoft services, such as Outlook Web Access (OWA) and the Microsoft Account (MSA) login flow, which is a common technique used in phishing attacks.Overall, the combination of dynamic code execution, data exfiltration, and obfuscation, along with the apparent attempt to impersonate trusted services, suggests this script is highly likely to be malicious and should be treated with caution. |
| Source: https://4x5seoz4hqc.opdrachtencentralebe.site/?jxbs6khlw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY | HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX |
| Source: https://4x5seoz4hqc.opdrachtencentralebe.site/?jxbs6khlw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY | HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX |
| Source: https://4x5seoz4hqc.opdrachtencentralebe.site/?jxbs6khlw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY | HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX |
| Source: https://atgroupbe.com/?mzbexmhu=4d586b3cdd8398ec81870945fe0e02d3ca84fd1f0aa54e929873ee37a69ffa7e76f2afe9750102aea14522c3040839bc6bfe12d2e504ebc32d90513dc9a1c00b&qrc=nmertens%40vanas.eu | HTTP Parser: No favicon |
| Source: https://atgroupbe.com/?mzbexmhu=4d586b3cdd8398ec81870945fe0e02d3ca84fd1f0aa54e929873ee37a69ffa7e76f2afe9750102aea14522c3040839bc6bfe12d2e504ebc32d90513dc9a1c00b&qrc=nmertens%40vanas.eu | HTTP Parser: No favicon |
| Source: https://4x5seoz4hqc.opdrachtencentralebe.site/?jxbs6khlw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1ubWVydGVucyU0MHZhbmFzLmV1JmNsaWVudC1yZXF1ZXN0LWlkPTVmMWJjNjUxLTA5Y2EtMmEzMi1iMDVjLWE2NDIwMmFhZWY2MCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg3MjU0NDAxODM5NDQzMjkuNDRmYWExMTEtZGY3NS00ZmE1LWFiZDMtYzUxYTg4N2JkMjdkJnN0YXRlPURZdEpEc0l3REFBVC1wVnlUQnNuRGs0UGlLY2dsNlJRQ1Z5Skxud2ZIMmFrT1l3MXhqVEtTYkZlWmVnU000V0U2Q0hIQVRHR29VT2NtQUhBbFltUzAwaU94eExkSXdIblRHTUpWS3ktYmJfOHVMLTlsLWNzOTljczIxVS05YnRWV2Nfb0R4WmV1N3JfQVE= | HTTP Parser: No favicon |
| Source: https://4x5seoz4hqc.opdrachtencentralebe.site/?jxbs6khlw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1ubWVydGVucyU0MHZhbmFzLmV1JmNsaWVudC1yZXF1ZXN0LWlkPTVmMWJjNjUxLTA5Y2EtMmEzMi1iMDVjLWE2NDIwMmFhZWY2MCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg3MjU0NDAxODM5NDQzMjkuNDRmYWExMTEtZGY3NS00ZmE1LWFiZDMtYzUxYTg4N2JkMjdkJnN0YXRlPURZdEpEc0l3REFBVC1wVnlUQnNuRGs0UGlLY2dsNlJRQ1Z5Skxud2ZIMmFrT1l3MXhqVEtTYkZlWmVnU000V0U2Q0hIQVRHR29VT2NtQUhBbFltUzAwaU94eExkSXdIblRHTUpWS3ktYmJfOHVMLTlsLWNzOTljczIxVS05YnRWV2Nfb0R4WmV1N3JfQVE=&sso_reload=true | HTTP Parser: No favicon |
| Source: https://4x5seoz4hqc.opdrachtencentralebe.site/?jxbs6khlw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1ubWVydGVucyU0MHZhbmFzLmV1JmNsaWVudC1yZXF1ZXN0LWlkPTVmMWJjNjUxLTA5Y2EtMmEzMi1iMDVjLWE2NDIwMmFhZWY2MCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg3MjU0NDAxODM5NDQzMjkuNDRmYWExMTEtZGY3NS00ZmE1LWFiZDMtYzUxYTg4N2JkMjdkJnN0YXRlPURZdEpEc0l3REFBVC1wVnlUQnNuRGs0UGlLY2dsNlJRQ1Z5Skxud2ZIMmFrT1l3MXhqVEtTYkZlWmVnU000V0U2Q0hIQVRHR29VT2NtQUhBbFltUzAwaU94eExkSXdIblRHTUpWS3ktYmJfOHVMLTlsLWNzOTljczIxVS05YnRWV2Nfb0R4WmV1N3JfQVE=&sso_reload=true | HTTP Parser: No favicon |
| Source: https://4x5seoz4hqc.opdrachtencentralebe.site/?jxbs6khlw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1ubWVydGVucyU0MHZhbmFzLmV1JmNsaWVudC1yZXF1ZXN0LWlkPTVmMWJjNjUxLTA5Y2EtMmEzMi1iMDVjLWE2NDIwMmFhZWY2MCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg3MjU0NDAxODM5NDQzMjkuNDRmYWExMTEtZGY3NS00ZmE1LWFiZDMtYzUxYTg4N2JkMjdkJnN0YXRlPURZdEpEc0l3REFBVC1wVnlUQnNuRGs0UGlLY2dsNlJRQ1Z5Skxud2ZIMmFrT1l3MXhqVEtTYkZlWmVnU000V0U2Q0hIQVRHR29VT2NtQUhBbFltUzAwaU94eExkSXdIblRHTUpWS3ktYmJfOHVMLTlsLWNzOTljczIxVS05YnRWV2Nfb0R4WmV1N3JfQVE=&sso_reload=true | HTTP Parser: No favicon |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic | HTTP traffic detected: GET /?mzbexmhu=bbd299e40cc6ba4977bf44a725eec5648bda7170169e3fbfd31a05747fa7276fd2437dda5a583d6a5ff345cb6fce6d6bd82e92021cc24ab98d2ebfffc47a5826&qrc=nmertens@vanas.eu HTTP/1.1Host: atgroupbe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /?mzbexmhu=4d586b3cdd8398ec81870945fe0e02d3ca84fd1f0aa54e929873ee37a69ffa7e76f2afe9750102aea14522c3040839bc6bfe12d2e504ebc32d90513dc9a1c00b&qrc=nmertens%40vanas.eu HTTP/1.1Host: atgroupbe.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=49grOtCXeSnR; qPdM.sig=sHRK-hAuDkX4_NMg7n_fVqm77RA |
| Source: global traffic | HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://atgroupbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://atgroupbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/pyp2m/0x4AAAAAAA4z3pwKhYTmXrRa/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://atgroupbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=902629406ac90cae&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/pyp2m/0x4AAAAAAA4z3pwKhYTmXrRa/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/pyp2m/0x4AAAAAAA4z3pwKhYTmXrRa/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=902629406ac90cae&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: atgroupbe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://atgroupbe.com/?mzbexmhu=4d586b3cdd8398ec81870945fe0e02d3ca84fd1f0aa54e929873ee37a69ffa7e76f2afe9750102aea14522c3040839bc6bfe12d2e504ebc32d90513dc9a1c00b&qrc=nmertens%40vanas.euAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=49grOtCXeSnR; qPdM.sig=sHRK-hAuDkX4_NMg7n_fVqm77RA |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1545665412:1736944027:KIA3QrYIi31F6Ow_jP2wVHXYaCH6w3o5SXBDMvd1Lqc/902629406ac90cae/UntzyPCGy9F6N.8Hr428stsXCLWIeREH1k3d1p2I4Q0-1736947205-1.1.1.1-x_9922SJcNPSCMtgwJ82GVK635VAw9Nf9rQMmt0zZ5TCbY_AJb60cae1uqEr3Q4v HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/902629406ac90cae/1736947206886/a26264d4a11fdea1dabba148c2964288556bd74495365cec885d7fa06dc415d0/JdfWpu73ekZ3PKB HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/pyp2m/0x4AAAAAAA4z3pwKhYTmXrRa/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/902629406ac90cae/1736947206888/gVzBEL-Am4v7Otp HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/pyp2m/0x4AAAAAAA4z3pwKhYTmXrRa/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/902629406ac90cae/1736947206888/gVzBEL-Am4v7Otp HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1545665412:1736944027:KIA3QrYIi31F6Ow_jP2wVHXYaCH6w3o5SXBDMvd1Lqc/902629406ac90cae/UntzyPCGy9F6N.8Hr428stsXCLWIeREH1k3d1p2I4Q0-1736947205-1.1.1.1-x_9922SJcNPSCMtgwJ82GVK635VAw9Nf9rQMmt0zZ5TCbY_AJb60cae1uqEr3Q4v HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1545665412:1736944027:KIA3QrYIi31F6Ow_jP2wVHXYaCH6w3o5SXBDMvd1Lqc/902629406ac90cae/UntzyPCGy9F6N.8Hr428stsXCLWIeREH1k3d1p2I4Q0-1736947205-1.1.1.1-x_9922SJcNPSCMtgwJ82GVK635VAw9Nf9rQMmt0zZ5TCbY_AJb60cae1uqEr3Q4v HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzR4NXNlb3o0aHFjLm9wZHJhY2h0ZW5jZW50cmFsZWJlLnNpdGUvIiwiZG9tYWluIjoiNHg1c2VvejRocWMub3BkcmFjaHRlbmNlbnRyYWxlYmUuc2l0ZSIsImtleSI6IjQ5Z3JPdENYZVNuUiIsInFyYyI6Im5tZXJ0ZW5zQHZhbmFzLmV1IiwiaWF0IjoxNzM2OTQ3MjE1LCJleHAiOjE3MzY5NDczMzV9.9HzrZqwB8Cfpa4f5kdWHW2-cm9cw9jFH4D4bR48U80Q HTTP/1.1Host: 4x5seoz4hqc.opdrachtencentralebe.siteConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://atgroupbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /?qrc=nmertens%40vanas.eu HTTP/1.1Host: 4x5seoz4hqc.opdrachtencentralebe.siteConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://atgroupbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=49grOtCXeSnR; qPdM.sig=sHRK-hAuDkX4_NMg7n_fVqm77RA |
| Source: global traffic | HTTP traffic detected: GET /owa/?login_hint=nmertens%40vanas.eu HTTP/1.1Host: 4x5seoz4hqc.opdrachtencentralebe.siteConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://atgroupbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=49grOtCXeSnR; qPdM.sig=sHRK-hAuDkX4_NMg7n_fVqm77RA |
| Source: global traffic | HTTP traffic detected: GET /?jxbs6khlw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1ubWVydGVucyU0MHZhbmFzLmV1JmNsaWVudC1yZXF1ZXN0LWlkPTVmMWJjNjUxLTA5Y2EtMmEzMi1iMDVjLWE2NDIwMmFhZWY2MCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg3MjU0NDAxODM5NDQzMjkuNDRmYWExMTEtZGY3NS00ZmE1LWFiZDMtYzUxYTg4N2JkMjdkJnN0YXRlPURZdEpEc0l3REFBVC1wVnlUQnNuRGs0UGlLY2dsNlJRQ1Z5Skxud2ZIMmFrT1l3MXhqVEtTYkZlWmVnU000V0U2Q0hIQVRHR29VT2NtQUhBbFltUzAwaU94eExkSXdIblRHTUpWS3ktYmJfOHVMLTlsLWNzOTljczIxVS05YnRWV2Nfb0R4WmV1N3JfQVE= HTTP/1.1Host: 4x5seoz4hqc.opdrachtencentralebe.siteConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://atgroupbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=49grOtCXeSnR; qPdM.sig=sHRK-hAuDkX4_NMg7n_fVqm77RA; ClientId=FB21F832B5594C1DA285C60AF464CF56; OIDC=1; OpenIdConnect.nonce.v3.qvskXLuPwMl-JYbppKGaa8hin5nybUbmTDNhRRQO7og=638725440183944329.44faa111-df75-4fa5-abd3-c51a887bd27d; X-OWA-RedirectHistory=ArLym14BiUQrW2c13Qg |
| Source: global traffic | HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_eaF-Fe71oZcWvr096r6xEw2.js HTTP/1.1Host: 4x5seoz4hqc.opdrachtencentralebe.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://4x5seoz4hqc.opdrachtencentralebe.site/?jxbs6khlw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1ubWVydGVucyU0MHZhbmFzLmV1JmNsaWVudC1yZXF1ZXN0LWlkPTVmMWJjNjUxLTA5Y2EtMmEzMi1iMDVjLWE2NDIwMmFhZWY2MCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg3MjU0NDAxODM5NDQzMjkuNDRmYWExMTEtZGY3NS00ZmE1LWFiZDMtYzUxYTg4N2JkMjdkJnN0YXRlPURZdEpEc0l3REFBVC1wVnlUQnNuRGs0UGlLY2dsNlJRQ1Z5Skxud2ZIMmFrT1l3MXhqVEtTYkZlWmVnU000V0U2Q0hIQVRHR29VT2NtQUhBbFltUzAwaU94eExkSXdIblRHTUpWS3ktYmJfOHVMLTlsLWNzOTljczIxVS05YnRWV2Nfb0R4WmV1N3JfQVE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=49grOtCXeSnR; qPdM.sig=sHRK-hAuDkX4_NMg7n_fVqm77RA; ClientId=FB21F832B5594C1DA285C60AF464CF56; OIDC=1; OpenIdConnect.nonce.v3.qvskXLuPwMl-JYbppKGaa8hin5nybUbmTDNhRRQO7og=638725440183944329.44faa111-df75-4fa5-abd3-c51a887bd27d; X-OWA-RedirectHistory=ArLym14BiUQrW2c13Qg; esctx-4gkjWv7bPZ4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEAue7rvKCYo0f6g1nfWbdgavmYi6qwgM_hcLZBJTphM5YPvxEtUq7k8Jo6zSMuE41jfw-JjI0p5Es6eef1-bKDMSJZ68Fjv9a8CNIC-wZpIp0o_3xB1N8jcu1QvyArzlXZNeq2jmAuMLhkXmropO1dSAA; fpc=Akk6UZj0ovhLqc74YHtKB8k; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEiAsp2G1HP2GwXyH3aWI5rbPo6sGvBbRkqIgwnqINyGbiFxjQDbQyWpuGLaXMH56n5KHAlKnKZB_VQSKD0Go_D2DBLQzHgf4gG3hAhMd_6n3jl4uQmFqgUN1637iGRLBbgtzzCt35XTDyj1NRSEzqIQjurUBcTRLhpd9fleOqiNggAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd |
| Source: global traffic | HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_eaF-Fe71oZcWvr096r6xEw2.js HTTP/1.1Host: 4x5seoz4hqc.opdrachtencentralebe.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=49grOtCXeSnR; qPdM.sig=sHRK-hAuDkX4_NMg7n_fVqm77RA; ClientId=FB21F832B5594C1DA285C60AF464CF56; OIDC=1; OpenIdConnect.nonce.v3.qvskXLuPwMl-JYbppKGaa8hin5nybUbmTDNhRRQO7og=638725440183944329.44faa111-df75-4fa5-abd3-c51a887bd27d; X-OWA-RedirectHistory=ArLym14BiUQrW2c13Qg; esctx-4gkjWv7bPZ4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEAue7rvKCYo0f6g1nfWbdgavmYi6qwgM_hcLZBJTphM5YPvxEtUq7k8Jo6zSMuE41jfw-JjI0p5Es6eef1-bKDMSJZ68Fjv9a8CNIC-wZpIp0o_3xB1N8jcu1QvyArzlXZNeq2jmAuMLhkXmropO1dSAA; fpc=Akk6UZj0ovhLqc74YHtKB8k; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEiAsp2G1HP2GwXyH3aWI5rbPo6sGvBbRkqIgwnqINyGbiFxjQDbQyWpuGLaXMH56n5KHAlKnKZB_VQSKD0Go_D2DBLQzHgf4gG3hAhMd_6n3jl4uQmFqgUN1637iGRLBbgtzzCt35XTDyj1NRSEzqIQjurUBcTRLhpd9fleOqiNggAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd |
| Source: global traffic | HTTP traffic detected: GET /?jxbs6khlw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1ubWVydGVucyU0MHZhbmFzLmV1JmNsaWVudC1yZXF1ZXN0LWlkPTVmMWJjNjUxLTA5Y2EtMmEzMi1iMDVjLWE2NDIwMmFhZWY2MCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg3MjU0NDAxODM5NDQzMjkuNDRmYWExMTEtZGY3NS00ZmE1LWFiZDMtYzUxYTg4N2JkMjdkJnN0YXRlPURZdEpEc0l3REFBVC1wVnlUQnNuRGs0UGlLY2dsNlJRQ1Z5Skxud2ZIMmFrT1l3MXhqVEtTYkZlWmVnU000V0U2Q0hIQVRHR29VT2NtQUhBbFltUzAwaU94eExkSXdIblRHTUpWS3ktYmJfOHVMLTlsLWNzOTljczIxVS05YnRWV2Nfb0R4WmV1N3JfQVE=&sso_reload=true HTTP/1.1Host: 4x5seoz4hqc.opdrachtencentralebe.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://4x5seoz4hqc.opdrachtencentralebe.site/?jxbs6khlw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1ubWVydGVucyU0MHZhbmFzLmV1JmNsaWVudC1yZXF1ZXN0LWlkPTVmMWJjNjUxLTA5Y2EtMmEzMi1iMDVjLWE2NDIwMmFhZWY2MCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg3MjU0NDAxODM5NDQzMjkuNDRmYWExMTEtZGY3NS00ZmE1LWFiZDMtYzUxYTg4N2JkMjdkJnN0YXRlPURZdEpEc0l3REFBVC1wVnlUQnNuRGs0UGlLY2dsNlJRQ1Z5Skxud2ZIMmFrT1l3MXhqVEtTYkZlWmVnU000V0U2Q0hIQVRHR29VT2NtQUhBbFltUzAwaU94eExkSXdIblR |
Edit tour
chrome.exe (PID: 6860 cmdline: 
