Edit tour

Windows Analysis Report
https://tr.ee/s0lXXyulSF

Overview

General Information

Sample URL:	https://tr.ee/s0lXXyulSF
Analysis ID:	1646654
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Suricata IDS alerts for network traffic

Yara detected HtmlPhish54

Creates files inside the system directory

Deletes files inside the Windows folder

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4980 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,17273041466131456831,17735054007782211311,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6988 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tr.ee/s0lXXyulSF" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.4..script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.14..script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.3.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.4.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
1.2.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.8.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.6.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
Click to see the 2 entries

Suricata Signatures

ETPRO PHISHING JS/PsyduckPockeball Payload Inbound

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-24T06:51:43.214455+0100	2857090	1	Successful Credential Theft Detected	209.74.89.179	443	192.168.2.6	49701	TCP

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true

Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The URL 'lgn-rncrisoftonline.fabservs.com' does not match the legitimate domain., The URL contains suspicious elements such as 'rncrisoft' which is a misspelling of 'Microsoft'., The domain 'fabservs.com' is not associated with Microsoft., The presence of login-related input fields (Email, phone, or Skype) on a non-legitimate domain is a common phishing tactic. DOM: 2.7.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 1.4..script.csv, type: HTML
Source: Yara match	File source: 2.14..script.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 2.8.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML

Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true

HTTP Parser: Number of links: 0

Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: Iframe src: https://1c83ef0a-6147603a.fabservs.com/Prefetch/Prefetch.aspx
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: Iframe src: https://1c83ef0a-6147603a.fabservs.com/Prefetch/Prefetch.aspx
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: Iframe src: https://1c83ef0a-6147603a.fabservs.com/Prefetch/Prefetch.aspx

Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM	HTTP Parser: No favicon
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No favicon
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No favicon
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No favicon
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No favicon
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No favicon
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No favicon

Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.6:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.66.133:443 -> 192.168.2.6:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.66.133:443 -> 192.168.2.6:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49749 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 209.74.89.179:443 -> 192.168.2.6:49701

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: tr.ee to https://storage.googleapis.com/listtepopyio_23/exlainations%20xlsx.html

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.35
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.35
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s0lXXyulSF HTTP/1.1Host: tr.eeConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?iWjx=d3WGM HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://storage.googleapis.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CO6MywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?iWjx=d3WGM HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGMAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-aliveOrigin: https://lgn-rncrisoftonline.fabservs.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6147603af5fa48568d9cedc5a7aac02f/ HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://lgn-rncrisoftonline.fabservs.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="Sec-WebSocket-Key: 9ZhgeYoahwVqGpUeUOtU6g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?iWjx=d3WGM&sso_reload=true HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGMAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGMAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-aliveOrigin: https://lgn-rncrisoftonline.fabservs.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-aliveOrigin: https://lgn-rncrisoftonline.fabservs.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-aliveOrigin: https://lgn-rncrisoftonline.fabservs.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.fabservs.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /6147603af5fa48568d9cedc5a7aac02f/ HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://lgn-rncrisoftonline.fabservs.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: nDNYcFqPBj+IsJvYrnT8Lg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 1c83ef0a-6147603a.fabservs.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /6147603af5fa48568d9cedc5a7aac02f/ HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://lgn-rncrisoftonline.fabservs.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=45c39137-77b2-4990-b67d-65268916deef; brcap=0Sec-WebSocket-Key: ku708eXScjcF8cbcgJi4hw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /6147603af5fa48568d9cedc5a7aac02f/ HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://lgn-rncrisoftonline.fabservs.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=45c39137-77b2-4990-b67d-65268916deef; brcap=0Sec-WebSocket-Key: 5VyaLkLpCNaaNSCBBP/9cg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /6147603af5fa48568d9cedc5a7aac02f/ HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://lgn-rncrisoftonline.fabservs.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=45c39137-77b2-4990-b67d-65268916deef; brcap=0Sec-WebSocket-Key: jPqQw30ZkF9HagWmHqvyiw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lgn-rncrisoftonline.fabservs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: df594c69-6147603a.fabservs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=45c39137-77b2-4990-b67d-65268916deef; brcap=0
Source: global traffic	HTTP traffic detected: GET /6147603af5fa48568d9cedc5a7aac02f/ HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://lgn-rncrisoftonline.fabservs.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=45c39137-77b2-4990-b67d-65268916deef; brcap=0Sec-WebSocket-Key: eXZzyfB4gI3xQMrSGJLMqw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /6147603af5fa48568d9cedc5a7aac02f/ HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://lgn-rncrisoftonline.fabservs.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=45c39137-77b2-4990-b67d-65268916deef; brcap=0Sec-WebSocket-Key: m9vUFNDpO+lWYqD+5sKpRw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /6147603af5fa48568d9cedc5a7aac02f/ HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://lgn-rncrisoftonline.fabservs.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=45c39137-77b2-4990-b67d-65268916deef; brcap=0Sec-WebSocket-Key: yq6NNfrqR09Z1EMCgg2IzQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: tr.ee
Source: global traffic	DNS traffic detected: DNS query: lgn-rncrisoftonline.fabservs.com
Source: global traffic	DNS traffic detected: DNS query: df594c69-6147603a.fabservs.com
Source: global traffic	DNS traffic detected: DNS query: 187f9077-6147603a.fabservs.com
Source: global traffic	DNS traffic detected: DNS query: 30492e7d-6147603a.fabservs.com
Source: global traffic	DNS traffic detected: DNS query: l1ve.fabservs.com
Source: global traffic	DNS traffic detected: DNS query: 1c83ef0a-6147603a.fabservs.com

Source: unknown

HTTP traffic detected: POST /?iWjx=d3WGM HTTP/1.1Host: lgn-rncrisoftonline.fabservs.comConnection: keep-aliveContent-Length: 4200Cache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Origin: https://lgn-rncrisoftonline.fabservs.comContent-Type: application/x-www-form-urlencodedUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGMAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 24 Mar 2025 05:51:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 80a19085-46db-42eb-973b-fd0bad8c1600x-ms-ests-server: 2.1.20329.5 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 24 Mar 2025 05:51:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 9fc846be-9a5e-4f94-a88b-8f1ddc9a4a00x-ms-ests-server: 2.1.20329.5 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 24 Mar 2025 05:52:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 809935af-af58-4199-900d-90f9931f5401x-ms-ests-server: 2.1.20329.5 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 24 Mar 2025 05:52:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: a8468ac6-280d-4478-94bc-bbb477553252x-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 3CD404EC36FD4C6D8DFF69EB43FC92FF Ref B: LAX311000112021 Ref C: 2025-03-24T05:52:06Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 24 Mar 2025 05:52:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 43cec674-0f22-412f-9bda-86ef56c97300x-ms-ests-server: 2.1.20329.5 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 24 Mar 2025 05:52:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 01781eac-03f8-46ea-8254-d8280fc77b00x-ms-ests-server: 2.1.20329.5 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 24 Mar 2025 05:52:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 37a4eff5-9e1e-4a00-8646-c748901a7700x-ms-ests-server: 2.1.20329.5 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 24 Mar 2025 05:52:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: f432fa87-6cb8-49bb-bf27-8612e7ea8800x-ms-ests-server: 2.1.20329.5 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 24 Mar 2025 05:52:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 1fad1266-9f8a-4799-ab5e-5a7c02369600x-ms-ests-server: 2.1.20329.5 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: chromecache_82.2.dr

String found in binary or memory: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49680
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.6:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.66.133:443 -> 192.168.2.6:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.66.133:443 -> 192.168.2.6:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.74.89.179:443 -> 192.168.2.6:49749 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir640_1317315910

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir640_1317315910

Jump to behavior

Source: classification engine

Classification label: mal64.phis.win@25/38@20/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,17273041466131456831,17735054007782211311,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tr.ee/s0lXXyulSF"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,17273041466131456831,17735054007782211311,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://tr.ee/s0lXXyulSF	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://df594c69-6147603a.fabservs.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	Avira URL Cloud	safe
https://df594c69-6147603a.fabservs.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	0%	Avira URL Cloud	safe
https://df594c69-6147603a.fabservs.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif	0%	Avira URL Cloud	safe
https://lgn-rncrisoftonline.fabservs.com/common/GetCredentialType?mkt=en-US	0%	Avira URL Cloud	safe
https://1c83ef0a-6147603a.fabservs.com/Prefetch/Prefetch.aspx	0%	Avira URL Cloud	safe
https://df594c69-6147603a.fabservs.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	0%	Avira URL Cloud	safe
https://df594c69-6147603a.fabservs.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js	0%	Avira URL Cloud	safe
https://df594c69-6147603a.fabservs.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif	0%	Avira URL Cloud	safe
https://df594c69-6147603a.fabservs.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js	0%	Avira URL Cloud	safe
https://df594c69-6147603a.fabservs.com/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js	0%	Avira URL Cloud	safe
https://df594c69-6147603a.fabservs.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js	0%	Avira URL Cloud	safe
https://l1ve.fabservs.com/Me.htm?v=3	0%	Avira URL Cloud	safe
https://df594c69-6147603a.fabservs.com/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js	0%	Avira URL Cloud	safe
https://df594c69-6147603a.fabservs.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css	0%	Avira URL Cloud	safe
https://lgn-rncrisoftonline.fabservs.com/favicon.ico	0%	Avira URL Cloud	safe
https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2	0%	Avira URL Cloud	safe
https://lgn-rncrisoftonline.fabservs.com/6147603af5fa48568d9cedc5a7aac02f/	0%	Avira URL Cloud	safe
https://df594c69-6147603a.fabservs.com/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg	0%	Avira URL Cloud	safe
https://df594c69-6147603a.fabservs.com/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
l1ve.fabservs.com	209.74.89.179	true	true	unknown
30492e7d-6147603a.fabservs.com	209.74.89.179	true	true	unknown
lgn-rncrisoftonline.fabservs.com	209.74.89.179	true	true	unknown
df594c69-6147603a.fabservs.com	209.74.89.179	true	true	unknown
tr.ee	151.101.66.133	true	false	high
187f9077-6147603a.fabservs.com	209.74.89.179	true	true	unknown
www.google.com	142.250.80.100	true	false	high
1c83ef0a-6147603a.fabservs.com	209.74.89.179	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://1c83ef0a-6147603a.fabservs.com/Prefetch/Prefetch.aspx	true	Avira URL Cloud: safe	unknown
https://lgn-rncrisoftonline.fabservs.com/common/GetCredentialType?mkt=en-US	true	Avira URL Cloud: safe	unknown
https://df594c69-6147603a.fabservs.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	true	Avira URL Cloud: safe	unknown
https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM&sso_reload=true	true		unknown
https://df594c69-6147603a.fabservs.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js	true	Avira URL Cloud: safe	unknown
https://df594c69-6147603a.fabservs.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif	true	Avira URL Cloud: safe	unknown
https://df594c69-6147603a.fabservs.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js	true	Avira URL Cloud: safe	unknown
https://df594c69-6147603a.fabservs.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	true	Avira URL Cloud: safe	unknown
https://df594c69-6147603a.fabservs.com/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js	true	Avira URL Cloud: safe	unknown
https://df594c69-6147603a.fabservs.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	true	Avira URL Cloud: safe	unknown
https://tr.ee/s0lXXyulSF	false		high
https://df594c69-6147603a.fabservs.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif	true	Avira URL Cloud: safe	unknown
https://df594c69-6147603a.fabservs.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js	true	Avira URL Cloud: safe	unknown
https://lgn-rncrisoftonline.fabservs.com/favicon.ico	true	Avira URL Cloud: safe	unknown
https://l1ve.fabservs.com/Me.htm?v=3	true	Avira URL Cloud: safe	unknown
https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2	true	Avira URL Cloud: safe	unknown
https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM	false		unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high
https://df594c69-6147603a.fabservs.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css	true	Avira URL Cloud: safe	unknown
https://lgn-rncrisoftonline.fabservs.com/6147603af5fa48568d9cedc5a7aac02f/	true	Avira URL Cloud: safe	unknown
https://df594c69-6147603a.fabservs.com/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js	true	Avira URL Cloud: safe	unknown
https://df594c69-6147603a.fabservs.com/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg	true	Avira URL Cloud: safe	unknown
https://df594c69-6147603a.fabservs.com/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.80.100	www.google.com	United States	15169	GOOGLEUS	false
209.74.89.179	l1ve.fabservs.com	United States	31744	MULTIBAND-NEWHOPEUS	true
151.101.66.133	tr.ee	United States	54113	FASTLYUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1646654
Start date and time:	2025-03-24 06:50:31 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://tr.ee/s0lXXyulSF
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@25/38@20/4

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.80.110, 142.250.65.163, 142.251.35.174, 142.251.167.84, 142.251.40.206, 142.250.80.46, 142.250.65.238, 142.250.80.27, 142.250.65.187, 142.250.64.123, 142.250.65.219, 142.251.35.187, 142.251.32.123, 142.250.65.251, 142.250.64.91, 142.250.72.123, 142.250.81.251, 142.250.80.59, 142.250.80.123, 142.251.40.123, 142.250.80.91, 142.251.40.187, 142.251.40.155, 199.232.210.172, 142.251.41.14, 142.251.32.110, 142.250.64.106, 142.251.40.170, 142.250.65.234, 142.251.40.138, 142.251.35.170, 142.250.65.202, 142.251.40.234, 142.250.65.170, 142.251.41.10, 142.250.72.106, 142.251.40.106, 142.250.81.234, 142.250.80.10, 142.251.40.202, 142.250.176.202, 142.251.32.106, 142.250.65.206, 142.251.40.227, 142.250.65.174, 142.250.176.195, 184.31.69.3, 4.245.163.56
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, storage.googleapis.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://tr.ee/s0lXXyulSF

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, original size modulo 2^32 1864
Category:	dropped
Size (bytes):	673
Entropy (8bit):	7.6584200238076905
Encrypted:	false
SSDEEP:	12:XRt8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:X+UVpkNK0Rwid81p6btk7LqZ6D
MD5:	2D2CBA7D7DC75F3BA9DC756738D41A6E
SHA1:	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC
SHA-256:	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
SHA-512:	46F17658CA247C02F612213025350390D8F62179C8DE26725EB17F5CCFAFDD63F2149DA1765D3C2F3A12FE85EF29CAC58457B0D5C2F8DA8DED6E1231A35F199D
Malicious:	false
Reputation:	low
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 06:51:34.837166071 CET	53	60738	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:34.881294966 CET	53	56414	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:35.599885941 CET	53	60750	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:37.833070993 CET	54784	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:37.833204985 CET	56042	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:37.929604053 CET	53	54784	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:37.931771994 CET	53	56042	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:39.639610052 CET	52357	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:39.641217947 CET	52649	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:39.741214991 CET	53	52649	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:39.766779900 CET	53	52357	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:40.671766996 CET	53	50892	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:41.448805094 CET	59207	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:41.448986053 CET	51029	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:41.669979095 CET	53	51029	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:41.692408085 CET	53	59207	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:48.870443106 CET	64415	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:48.870637894 CET	49662	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:48.995596886 CET	53	64415	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:49.007230997 CET	53	49662	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:52.538352966 CET	53	49213	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:55.995007038 CET	53244	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:55.995177984 CET	61811	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:56.115438938 CET	53	61811	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:56.244180918 CET	53	53244	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:56.380130053 CET	58168	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:56.380268097 CET	56570	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:56.501008987 CET	53	58168	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:56.501029968 CET	53	56570	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:56.520720959 CET	64349	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:56.521126032 CET	54211	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:51:56.689776897 CET	53	54211	1.1.1.1	192.168.2.6
Mar 24, 2025 06:51:56.751090050 CET	53	64349	1.1.1.1	192.168.2.6
Mar 24, 2025 06:52:04.264646053 CET	50777	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:52:04.264790058 CET	52389	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:52:04.444103003 CET	53	50777	1.1.1.1	192.168.2.6
Mar 24, 2025 06:52:04.453001022 CET	53	52389	1.1.1.1	192.168.2.6
Mar 24, 2025 06:52:08.849760056 CET	53	63131	1.1.1.1	192.168.2.6
Mar 24, 2025 06:52:11.560800076 CET	52608	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:52:11.561009884 CET	59469	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:52:11.580560923 CET	53	57977	1.1.1.1	192.168.2.6
Mar 24, 2025 06:52:11.733407974 CET	53	52608	1.1.1.1	192.168.2.6
Mar 24, 2025 06:52:11.750411034 CET	53	59469	1.1.1.1	192.168.2.6
Mar 24, 2025 06:52:28.067394972 CET	53930	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:52:28.067545891 CET	58238	53	192.168.2.6	1.1.1.1
Mar 24, 2025 06:52:28.187613010 CET	53	53930	1.1.1.1	192.168.2.6
Mar 24, 2025 06:52:28.187863111 CET	53	58238	1.1.1.1	192.168.2.6
Mar 24, 2025 06:52:31.338599920 CET	138	138	192.168.2.6	192.168.2.255
Mar 24, 2025 06:52:33.370460033 CET	53	64597	1.1.1.1	192.168.2.6
Mar 24, 2025 06:52:34.186990976 CET	53	56435	1.1.1.1	192.168.2.6
Mar 24, 2025 06:52:36.102370024 CET	53	53377	1.1.1.1	192.168.2.6

Timestamp	Bytes transferred	Direction	Data
Mar 24, 2025 06:51:47.612524986 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 24, 2025 06:51:47.702809095 CET	223	IN	HTTP/1.1 304 Not Modified Date: Mon, 24 Mar 2025 05:13:27 GMT Expires: Mon, 24 Mar 2025 06:03:27 GMT Age: 2300 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 24, 2025 06:51:47.707798004 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 24, 2025 06:51:47.797321081 CET	223	IN	HTTP/1.1 304 Not Modified Date: Mon, 24 Mar 2025 05:13:30 GMT Expires: Mon, 24 Mar 2025 06:03:30 GMT Age: 2297 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:40 UTC	665	OUT	GET /s0lXXyulSF HTTP/1.1 Host: tr.ee Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 05:51:40 UTC	453	IN	HTTP/1.1 302 Found Connection: close Content-Length: 0 Apigw-Requestid: H6rk_jbLPHcEMvg= Cache-Control: no-store Location: https://storage.googleapis.com/listtepopyio_23/exlainations%20xlsx.html X-Frame-Options: SAMEORIGIN Accept-Ranges: bytes Date: Mon, 24 Mar 2025 05:51:40 GMT Via: 1.1 varnish X-Served-By: cache-lga21968-LGA X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1742795500.099687,VS0,VE420 Strict-Transport-Security: max-age=300

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:42 UTC	721	OUT	GET /?iWjx=d3WGM HTTP/1.1 Host: lgn-rncrisoftonline.fabservs.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://storage.googleapis.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 05:51:43 UTC	181	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:51:42 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2025-03-24 05:51:43 UTC	16199	IN	Data Raw: 33 66 33 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 66 75 6e 63 74 69 6f 6e 20 61 30 5a 35 28 5a 2c 76 29 7b 76 61 72 20 47 3d 61 30 5a 34 28 29 3b 72 65 74 75 72 6e 20 61 30 5a 35 3d 66 75 6e 63 74 69 6f 6e 28 45 2c 77 29 7b 45 3d 45 2d 30 78 31 38 63 3b 76 61 72 20 59 3d 47 5b 45 5d 3b 72 65 74 75 72 6e 20 59 3b 7d 2c 61 30 5a 35 28 5a 2c 76 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 61 30 5a 34 28 29 7b 76 61 72 20 6f 44 3d 5b 27 27 2c 27 49 53 5f 52 45 43 4f 52 44 27 2c 27 23 30 36 39 27 2c 27 73 65 72 69 66 27 2c 27 66 6c 61 67 73 27 2c 27 74 65 78 74 42 61 73 Data Ascii: 3f3f<!DOCTYPE html><html lang="en"> <head> <script type="text/javascript"> function a0Z5(Z,v){var G=a0Z4();return a0Z5=function(E,w){E=E-0x18c;var Y=G[E];return Y;},a0Z5(Z,v);}function a0Z4(){var oD=['','IS_RECORD','#069','serif','flags','textBas
2025-03-24 05:51:43 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 30 69 5a 47 6c 7a 63 47 78 68 65 54 6f 67 59 6d 78 76 59 32 73 37 49 48 64 70 5a 48 52 6f 4f 69 41 78 4d 6a 42 77 65 44 73 67 61 47 56 70 5a 32 68 30 4f 69 41 30 4d 48 42 34 4f 79 42 76 64 6d 56 79 5a 6d 78 76 64 7a 6f 67 61 47 6c 6b 5a 47 56 75 4f 79 42 77 62 33 4e 70 64 47 6c 76 62 6a 6f 67 63 6d 56 73 59 58 52 70 64 6d 55 37 49 6c 30 3d 27 2c 27 73 69 6e 6b 49 64 27 2c 27 55 4d 4d 42 64 27 2c 27 23 64 69 76 41 67 61 68 69 27 2c 27 48 49 47 48 5f 46 4c 4f 41 54 27 2c 27 41 72 72 61 79 5c 78 32 30 49 74 65 72 61 74 6f 72 27 2c 27 46 75 6e 63 74 69 6f 6e 27 2c 27 6a 53 49 48 77 27 2c 27 73 72 67 62 27 2c 27 50 71 42 45 4c 27 2c 27 79 71 50 77 64 27 2c 27 66 69 6c 6c 54 65 78 74 27 2c 27 6a 61 76 61 27 2c 27 2e 63 6f 6d 6d 75 6e 69 74 79 Data Ascii: 40000iZGlzcGxheTogYmxvY2s7IHdpZHRoOiAxMjBweDsgaGVpZ2h0OiA0MHB4OyBvdmVyZmxvdzogaGlkZGVuOyBwb3NpdGlvbjogcmVsYXRpdmU7Il0=','sinkId','UMMBd','#divAgahi','HIGH_FLOAT','Array\x20Iterator','Function','jSIHw','srgb','PqBEL','yqPwd','fillText','java','.community
2025-03-24 05:51:43 UTC	8	IN	Data Raw: 2e 2f 5b 47 53 5d 0d 0a Data Ascii: ./[GS]
2025-03-24 05:51:43 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 29 2c 47 49 5b 77 44 28 30 78 33 62 62 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 47 75 3d 21 30 78 30 2c 6e 75 6c 6c 3b 7d 2c 47 49 5b 47 53 5d 28 27 27 29 2c 21 47 75 3b 7d 29 3b 69 66 28 21 47 54 7c 7c 21 47 63 7c 7c 47 57 29 7b 76 61 72 20 47 4b 3d 2f 2e 2f 5b 47 53 5d 2c 47 67 3d 47 68 28 47 53 2c 27 27 5b 47 7a 5d 2c 66 75 6e 63 74 69 6f 6e 28 47 75 2c 47 49 2c 47 58 2c 47 62 2c 47 50 29 7b 76 61 72 20 77 78 3d 61 30 5a 35 2c 47 4d 3d 47 49 5b 27 65 78 65 63 27 5d 3b 72 65 74 75 72 6e 20 47 4d 3d 3d 3d 47 43 7c 7c 47 4d 3d 3d 3d 47 4e 5b 77 78 28 30 78 33 62 62 29 5d 3f 47 54 26 26 21 47 50 3f 7b 27 64 6f 6e 65 27 3a 21 30 78 30 2c 27 76 61 6c 75 65 27 3a 47 6f 28 47 4b 2c 47 49 2c 47 58 2c 47 62 29 7d 3a 7b 27 Data Ascii: 4000),GI[wD(0x3bb)]=function(){return Gu=!0x0,null;},GI[GS](''),!Gu;});if(!GT\|\|!Gc\|\|GW){var GK=/./[GS],Gg=Gh(GS,''[Gz],function(Gu,GI,GX,Gb,GP){var wx=a0Z5,GM=GI['exec'];return GM===GC\|\|GM===GN[wx(0x3bb)]?GT&&!GP?{'done':!0x0,'value':Go(GK,GI,GX,Gb)}:{'
2025-03-24 05:51:43 UTC	16384	IN	Data Raw: 29 3b 69 66 28 21 0d 0a 34 30 30 30 0d 0a 47 49 29 7b 69 66 28 46 76 28 30 78 31 65 61 29 3d 3d 3d 46 76 28 30 78 34 66 35 29 29 7b 76 61 72 20 47 4d 3d 47 6b 28 30 78 62 36 32 29 2c 47 6b 3d 47 79 28 30 78 37 30 66 29 2c 47 72 3d 5a 63 28 30 78 39 32 62 29 2c 47 73 3d 5a 54 28 30 78 32 32 63 35 29 2c 47 42 3d 47 4a 28 30 78 31 34 62 33 29 2c 47 4c 3d 5a 48 28 30 78 33 61 66 29 2c 47 64 3d 5a 4c 28 30 78 31 62 33 30 29 2c 47 6a 3d 5a 62 28 30 78 32 39 65 29 2c 47 61 3d 5a 61 28 30 78 31 33 31 37 29 2c 47 44 3d 47 53 28 30 78 31 61 30 39 29 2c 47 78 3d 5a 49 3b 47 72 5b 27 65 78 70 6f 72 74 73 27 5d 3d 66 75 6e 63 74 69 6f 6e 28 47 66 29 7b 76 61 72 20 46 47 3d 46 76 2c 47 6d 3d 47 72 28 47 66 29 2c 47 51 3d 47 4c 28 74 68 69 73 29 2c 47 55 3d 61 72 67 75 Data Ascii: );if(!4000GI){if(Fv(0x1ea)===Fv(0x4f5)){var GM=Gk(0xb62),Gk=Gy(0x70f),Gr=Zc(0x92b),Gs=ZT(0x22c5),GB=GJ(0x14b3),GL=ZH(0x3af),Gd=ZL(0x1b30),Gj=Zb(0x29e),Ga=Za(0x1317),GD=GS(0x1a09),Gx=ZI;Gr['exports']=function(Gf){var FG=Fv,Gm=Gr(Gf),GQ=GL(this),GU=argu
2025-03-24 05:51:43 UTC	16384	IN	Data Raw: 27 70 75 72 65 27 3a 71 6e 28 30 78 31 64 0d 0a 34 30 30 30 0d 0a 63 29 2c 27 63 6f 70 79 72 69 67 68 74 27 3a 71 6e 28 30 78 34 66 63 29 2c 27 6c 69 63 65 6e 73 65 27 3a 27 27 2c 27 73 6f 75 72 63 65 27 3a 71 6e 28 30 78 32 31 30 29 7d 29 3b 7d 2c 30 78 31 63 35 37 3a 66 75 6e 63 74 69 6f 6e 28 47 70 2c 47 4a 2c 47 79 29 7b 76 61 72 20 71 4f 3d 61 30 5a 35 3b 69 66 28 27 48 72 66 48 61 27 3d 3d 3d 71 4f 28 30 78 31 64 34 29 29 7b 76 61 72 20 47 43 3d 5a 54 28 47 43 29 2c 47 41 3d 5a 48 28 5a 4c 2c 74 68 69 73 2c 47 43 29 3b 72 65 74 75 72 6e 21 28 74 68 69 73 3d 3d 3d 5a 62 26 26 5a 61 28 5a 70 2c 47 43 29 26 26 21 5a 49 28 5a 39 2c 47 43 29 29 26 26 28 21 28 47 41 7c 7c 21 5a 6e 28 74 68 69 73 2c 47 43 29 7c 7c 21 5a 75 28 5a 76 2c 47 43 29 7c 7c 5a 66 Data Ascii: 'pure':qn(0x1d4000c),'copyright':qn(0x4fc),'license':'','source':qn(0x210)});},0x1c57:function(Gp,GJ,Gy){var qO=a0Z5;if('HrfHa'===qO(0x1d4)){var GC=ZT(GC),GA=ZH(ZL,this,GC);return!(this===Zb&&Za(Zp,GC)&&!ZI(Z9,GC))&&(!(GA\|\|!Zn(this,GC)\|\|!Zu(Zv,GC)\|\|Zf
2025-03-24 05:51:43 UTC	24	IN	Data Raw: 4d 3f 27 30 2e 27 2b 47 68 28 27 30 27 2c 47 4d 2d 47 62 29 2b 47 0d 0a Data Ascii: M?'0.'+Gh('0',GM-Gb)+G
2025-03-24 05:51:43 UTC	12770	IN	Data Raw: 33 31 64 61 0d 0a 73 3a 47 57 28 47 73 2c 30 78 30 2c 47 62 2d 47 4d 29 2b 27 2e 27 2b 47 57 28 47 73 2c 47 62 2d 47 4d 29 29 3a 47 72 2b 47 73 3b 7d 7d 29 3b 7d 2c 30 78 31 65 62 33 3a 66 75 6e 63 74 69 6f 6e 28 47 70 2c 47 4a 2c 47 79 29 7b 76 61 72 20 52 4d 3d 61 30 5a 35 2c 47 6f 3d 47 79 28 30 78 32 31 61 34 29 2c 47 65 3d 47 79 28 30 78 31 37 38 64 29 2c 47 43 3d 47 79 28 30 78 32 31 31 39 29 2c 47 41 3d 47 79 28 30 78 31 30 66 62 29 2c 47 6e 3d 47 79 28 30 78 39 32 62 29 3b 47 6f 28 7b 27 74 61 72 67 65 74 27 3a 52 4d 28 30 78 35 38 65 29 2c 27 73 74 61 74 27 3a 21 30 78 30 2c 27 66 6f 72 63 65 64 27 3a 21 47 65 7c 7c 47 43 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 52 6b 3d 52 4d 3b 69 66 28 52 6b 28 30 78 35 61 30 29 3d 3d 3d 52 6b 28 30 78 Data Ascii: 31das:GW(Gs,0x0,Gb-GM)+'.'+GW(Gs,Gb-GM)):Gr+Gs;}});},0x1eb3:function(Gp,GJ,Gy){var RM=a0Z5,Go=Gy(0x21a4),Ge=Gy(0x178d),GC=Gy(0x2119),GA=Gy(0x10fb),Gn=Gy(0x92b);Go({'target':RM(0x58e),'stat':!0x0,'forced':!Ge\|\|GC(function(){var Rk=RM;if(Rk(0x5a0)===Rk(0x
2025-03-24 05:51:43 UTC	3614	IN	Data Raw: 33 66 66 39 0d 0a 35 3b 69 66 28 70 63 28 30 78 34 30 31 29 3d 3d 3d 70 63 28 30 78 33 63 34 29 29 7b 76 61 72 20 45 53 2c 45 54 3b 74 68 69 73 5b 70 63 28 30 78 32 30 32 29 5d 3d 6e 65 77 20 47 75 28 66 75 6e 63 74 69 6f 6e 28 45 63 2c 45 4b 29 7b 76 61 72 20 70 4b 3d 70 63 3b 69 66 28 76 6f 69 64 20 30 78 30 21 3d 3d 45 53 7c 7c 76 6f 69 64 20 30 78 30 21 3d 3d 45 54 29 74 68 72 6f 77 20 6e 65 77 20 45 53 28 70 4b 28 30 78 33 31 61 29 29 3b 45 53 3d 45 63 2c 45 54 3d 45 4b 3b 7d 29 2c 74 68 69 73 5b 70 63 28 30 78 35 31 66 29 5d 3d 47 6d 28 45 53 29 2c 74 68 69 73 5b 70 63 28 30 78 34 34 36 29 5d 3d 45 5a 28 45 54 29 3b 7d 65 6c 73 65 21 47 7a 28 45 77 2c 45 57 29 7c 7c 45 4e 26 26 21 47 7a 28 45 33 2c 45 57 29 7c 7c 45 45 28 45 68 2c 45 77 5b 45 57 5d Data Ascii: 3ff95;if(pc(0x401)===pc(0x3c4)){var ES,ET;this[pc(0x202)]=new Gu(function(Ec,EK){var pK=pc;if(void 0x0!==ES\|\|void 0x0!==ET)throw new ES(pK(0x31a));ES=Ec,ET=EK;}),this[pc(0x51f)]=Gm(ES),this[pc(0x446)]=EZ(ET);}else!Gz(Ew,EW)\|\|EN&&!Gz(E3,EW)\|\|EE(Eh,Ew[EW]
2025-03-24 05:51:43 UTC	16384	IN	Data Raw: 79 28 30 78 31 65 61 39 29 28 27 69 74 65 72 61 74 6f 72 27 29 3b 7d 2c 30 78 32 34 35 39 3a 66 75 6e 63 74 69 6f 6e 28 47 70 2c 47 4a 2c 47 79 29 7b 47 79 28 30 78 31 35 34 33 29 2c 47 79 28 30 78 39 62 34 29 2c 47 79 28 30 78 37 36 36 29 2c 47 79 28 30 78 31 38 32 38 29 2c 47 79 28 30 78 31 65 62 33 29 3b 7d 2c 30 78 37 36 36 3a 66 75 6e 63 74 69 6f 6e 28 47 70 2c 47 4a 2c 47 79 29 7b 76 61 72 20 70 6b 3d 61 30 5a 35 2c 47 6f 3d 47 79 28 30 78 32 31 61 34 29 2c 47 65 3d 47 79 28 30 78 31 36 37 62 29 2c 47 43 3d 47 79 28 30 78 35 38 66 29 2c 47 41 3d 47 79 28 30 78 32 32 33 39 29 2c 47 6e 3d 47 79 28 30 78 31 63 35 37 29 2c 47 4f 3d 47 79 28 30 78 63 39 32 29 2c 47 48 3d 47 6e 28 70 6b 28 30 78 32 64 63 29 29 3b 47 6f 28 7b 27 74 61 72 67 65 74 27 3a 27 Data Ascii: y(0x1ea9)('iterator');},0x2459:function(Gp,GJ,Gy){Gy(0x1543),Gy(0x9b4),Gy(0x766),Gy(0x1828),Gy(0x1eb3);},0x766:function(Gp,GJ,Gy){var pk=a0Z5,Go=Gy(0x21a4),Ge=Gy(0x167b),GC=Gy(0x58f),GA=Gy(0x2239),Gn=Gy(0x1c57),GO=Gy(0xc92),GH=Gn(pk(0x2dc));Go({'target':'

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:42 UTC	487	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CO6MywE= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 05:51:43 UTC	1303	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 05:51:43 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-05CB85jlPlAuM-4TK2bDcA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Downlink Accept-CH: RTT Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-03-24 05:51:43 UTC	1303	IN	Data Raw: 31 30 36 38 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 72 65 66 69 6e 61 6e 63 65 20 6d 6f 72 74 67 61 67 65 20 72 61 74 65 73 20 74 6f 64 61 79 22 2c 22 6e 61 73 63 61 72 20 63 75 70 20 73 65 72 69 65 73 22 2c 22 68 6f 73 74 69 6e 67 20 73 6e 6c 20 74 6f 6e 69 67 68 74 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 31 37 20 70 72 6f 20 6d 61 78 22 2c 22 79 65 6c 6c 6f 77 73 74 6f 6e 65 20 76 6f 6c 63 61 6e 6f 22 2c 22 6e 6f 72 74 68 65 72 6e 20 6c 69 67 68 74 73 20 61 75 72 6f 72 61 20 62 6f 72 65 61 6c 69 73 20 66 6f 72 65 63 61 73 74 22 2c 22 63 68 65 76 72 6f 6c 65 74 20 62 65 6c 20 61 69 72 22 2c 22 6d 61 72 67 6f 74 20 64 65 74 72 6f 69 74 20 74 69 67 65 72 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d Data Ascii: 1068)]}'["",["refinance mortgage rates today","nascar cup series","hosting snl tonight","apple iphone 17 pro max","yellowstone volcano","northern lights aurora borealis forecast","chevrolet bel air","margot detroit tigers"],["","","","","","","",""],[]
2025-03-24 05:51:43 UTC	1303	IN	Data Raw: 51 30 51 30 53 45 52 43 53 45 39 54 59 30 35 77 59 30 31 4c 4e 44 6c 44 54 32 39 42 62 57 52 43 54 7a 64 73 4d 57 5a 58 53 44 56 6c 54 44 68 4e 52 57 73 72 52 47 74 6b 54 30 74 48 59 32 67 32 62 32 70 55 54 32 6c 4b 5a 30 5a 76 51 6c 4e 72 53 46 70 78 63 55 74 79 4e 30 4e 45 64 58 49 78 5a 6c 64 75 65 6a 68 6b 5a 6d 70 77 53 57 74 4b 4d 48 4e 72 61 47 74 54 56 55 6c 68 64 6d 70 4b 61 54 46 52 4f 45 70 4d 62 58 70 53 56 44 68 6f 4b 30 49 32 64 46 67 35 65 57 4e 51 4e 44 46 54 56 54 52 30 63 6c 6c 74 54 45 34 30 57 6b 56 73 56 79 39 54 61 47 31 46 56 30 5a 34 56 57 5a 54 4f 46 52 73 4f 58 4e 33 55 45 4e 6a 4e 6e 56 32 61 54 42 59 65 54 56 7a 61 79 74 6c 4e 56 56 4a 52 31 64 4b 56 48 70 30 62 30 31 79 63 48 51 79 62 45 64 48 55 30 5a 5a 54 31 55 7a 56 56 52 Data Ascii: Q0Q0SERCSE9TY05wY01LNDlDT29BbWRCTzdsMWZXSDVlTDhNRWsrRGtkT0tHY2g2b2pUT2lKZ0ZvQlNrSFpxcUtyN0NEdXIxZlduejhkZmpwSWtKMHNraGtTVUlhdmpKaTFROEpMbXpSVDhoK0I2dFg5eWNQNDFTVTR0clltTE40WkVsVy9TaG1FV0Z4VWZTOFRsOXN3UENjNnV2aTBYeTVzaytlNVVJR1dKVHp0b01ycHQybEdHU0ZZT1UzVVR
2025-03-24 05:51:43 UTC	1303	IN	Data Raw: 48 5a 7a 68 51 52 32 70 6a 62 45 68 35 56 54 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 69 38 76 51 55 46 43 52 55 6c 42 52 55 46 42 55 55 46 4e 51 6b 6c 6e 51 55 4e 46 55 55 56 45 52 56 46 49 4c 33 68 42 51 57 4a 42 51 55 46 44 51 58 64 46 51 6b 46 52 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 4e 43 51 55 31 47 51 6d 64 46 53 45 46 51 4c 30 56 42 52 47 64 52 51 55 46 4a 51 6b 46 6e 55 55 4a 44 5a 30 31 47 51 31 46 42 51 55 46 42 51 55 46 42 51 55 56 44 51 58 64 52 55 6b 46 42 56 56 4e 4a 56 45 56 48 52 58 68 52 61 56 46 57 52 6e Data Ascii: HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWJBQUFDQXdFQkFRQUFBQUFBQUFBQUFBQUNCQU1GQmdFSEFQL0VBRGdRQUFJQkFnUUJDZ01GQ1FBQUFBQUFBQUVDQXdRUkFBVVNJVEVHRXhRaVFWRn
2025-03-24 05:51:43 UTC	299	IN	Data Raw: 74 78 53 6b 4e 34 4e 44 68 6b 4b 7a 4e 44 52 56 68 4b 4b 33 45 77 64 55 35 47 52 6b 35 48 65 6e 4d 31 62 44 56 33 52 6d 6c 45 4f 45 39 34 4e 79 39 34 65 48 49 79 5a 44 56 33 61 44 5a 4b 62 47 4e 4f 64 54 42 35 65 45 5a 32 54 55 52 42 53 54 46 68 61 32 38 31 62 45 74 4a 53 30 38 31 62 32 64 48 4f 55 52 6d 51 33 68 43 52 47 52 4a 55 32 78 4d 4e 58 46 59 55 58 70 4a 65 6b 31 52 52 32 56 36 54 6c 4d 77 64 57 55 31 57 6b 52 44 4d 45 78 6f 4b 32 59 77 51 7a 41 30 57 47 35 43 5a 6a 64 30 4b 30 38 72 53 6d 56 6e 4e 57 70 74 54 55 39 78 53 45 31 74 63 31 4a 6a 53 6b 74 54 5a 31 42 32 61 57 70 78 4e 54 4e 78 59 6e 68 4d 55 54 42 33 52 6e 4a 68 4d 47 6c 43 53 55 67 72 56 45 56 75 4d 33 64 4a 63 6d 46 78 51 57 64 34 65 54 4a 4a 4d 6a 4a 69 56 56 46 51 57 45 64 6c 4e Data Ascii: txSkN4NDhkKzNDRVhKK3EwdU5GRk5HenM1bDV3RmlEOE94Ny94eHIyZDV3aDZKbGNOdTB5eEZ2TURBSTFha281bEtJS081b2dHOURmQ3hCRGRJU2xMNXFYUXpJek1RR2V6TlMwdWU1WkRDMExoK2YwQzA0WG5CZjd0K08rSmVnNWptTU9xSE1tc1JjSktTZ1B2aWpxNTNxYnhMUTB3RnJhMGlCSUgrVEVuM3dJcmFxQWd4eTJJMjJiVVFQWEdlN
2025-03-24 05:51:43 UTC	90	IN	Data Raw: 35 34 0d 0a 61 62 57 52 4e 65 45 56 35 55 30 74 42 59 6c 68 4a 54 6d 6f 30 53 45 5a 55 53 6b 52 56 62 6d 6c 55 4e 54 51 78 56 55 39 6d 4d 54 68 43 56 6a 49 78 4e 6d 4a 6a 51 30 35 32 57 48 4e 33 52 44 68 76 4b 32 56 78 55 33 4d 78 52 6c 52 50 62 30 63 78 4e 44 46 0d 0a Data Ascii: 54abWRNeEV5U0tBYlhJTmo0SEZUSkRVbmlUNTQxVU9mMThCVjIxNmJjQ052WHN3RDhvK2VxU3MxRlRPb0cxNDF
2025-03-24 05:51:43 UTC	1220	IN	Data Raw: 35 33 62 0d 0a 4b 59 6e 70 4a 4c 31 68 6b 61 54 46 76 4b 32 74 69 5a 30 38 78 52 45 63 30 4e 57 68 56 56 56 52 53 53 30 74 33 4c 31 52 70 52 47 56 4e 62 47 74 58 61 58 46 43 5a 54 51 35 4f 45 52 77 62 55 45 76 62 47 4a 48 65 55 35 69 62 44 68 71 5a 6e 68 4f 52 46 4d 79 4b 33 70 48 61 6b 45 72 62 33 52 6e 65 55 31 75 59 57 35 68 57 54 56 6a 52 56 5a 6c 53 6b 52 32 4b 32 56 4d 52 6d 31 72 4f 55 68 49 5a 57 68 75 65 58 70 52 4e 33 52 48 4e 6d 4e 4e 53 33 41 30 61 6d 74 7a 56 48 70 72 62 33 52 31 64 33 64 54 4d 55 55 30 54 33 70 49 52 32 70 72 63 6e 4e 74 56 6d 31 55 4f 57 31 47 4d 31 67 30 52 6d 56 59 56 6d 4a 33 4d 44 52 70 61 58 70 51 53 6c 70 52 5a 45 64 56 63 31 4e 45 63 48 4e 4b 52 48 67 33 63 30 64 45 63 44 4a 44 4e 46 52 7a 57 47 4e 43 62 57 68 75 5a Data Ascii: 53bKYnpJL1hkaTFvK2tiZ08xREc0NWhVVVRSS0t3L1RpRGVNbGtXaXFCZTQ5OERwbUEvbGJHeU5ibDhqZnhORFMyK3pHakErb3RneU1uYW5hWTVjRVZlSkR2K2VMRm1rOUhIZWhueXpRN3RHNmNNS3A0amtzVHprb3R1d3dTMUU0T3pIR2prcnNtVm1UOW1GM1g0RmVYVmJ3MDRpaXpQSlpRZEdVc1NEcHNKRHg3c0dEcDJDNFRzWGNCbWhuZ
2025-03-24 05:51:43 UTC	126	IN	Data Raw: 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a Data Ascii: ,[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","ENTITY","QUERY","QUERY","ENTITY","QUERY","QUERY","QUERY"]}]
2025-03-24 05:51:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:45 UTC	891	OUT	POST /?iWjx=d3WGM HTTP/1.1 Host: lgn-rncrisoftonline.fabservs.com Connection: keep-alive Content-Length: 4200 Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Origin: https://lgn-rncrisoftonline.fabservs.com Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 05:51:45 UTC	4200	OUT	Data Raw: 39 69 36 6d 70 36 69 66 6e 68 3d 25 35 42 25 35 42 25 32 32 33 31 37 65 36 35 37 35 36 34 32 35 33 36 33 30 36 62 37 38 37 39 37 65 25 32 32 25 32 43 25 32 32 32 35 33 37 34 33 32 35 33 33 34 32 32 35 33 33 34 34 36 66 33 31 37 34 25 32 32 25 32 43 25 32 32 37 39 32 35 33 33 34 32 33 35 33 36 33 35 33 38 33 34 33 30 33 30 33 37 25 32 32 25 32 43 25 32 32 33 38 33 30 33 37 33 35 33 30 33 32 33 32 33 35 33 37 25 32 32 25 35 44 25 32 43 25 32 32 35 36 35 38 34 30 30 37 38 30 25 32 32 25 32 43 25 32 32 30 32 39 36 37 30 30 25 32 32 25 32 43 34 25 35 44 26 75 75 35 37 36 39 3d 25 35 42 25 35 42 25 32 32 32 35 33 37 34 36 34 35 32 35 25 32 32 25 32 43 25 32 32 33 37 34 32 34 39 36 64 37 37 25 32 32 25 32 43 25 32 32 32 35 33 34 33 30 37 65 32 35 25 32 32 25 32 Data Ascii: 9i6mp6ifnh=%5B%5B%22317e6575642536306b78797e%22%2C%222537432533422533446f3174%22%2C%22792533423536353834303037%22%2C%22383037353032323537%22%5D%2C%225658400780%22%2C%220296700%22%2C4%5D&uu5769=%5B%5B%222537464525%22%2C%223742496d77%22%2C%222534307e25%22%2
2025-03-24 05:51:45 UTC	410	IN	HTTP/1.1 302 Found Server: nginx Date: Mon, 24 Mar 2025 05:51:45 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close location: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM set-cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; Domain=fabservs.com; HttpOnly; Path=/; SameSite=None; Secure
2025-03-24 05:51:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:45 UTC	888	OUT	GET /?iWjx=d3WGM HTTP/1.1 Host: lgn-rncrisoftonline.fabservs.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
2025-03-24 05:51:48 UTC	781	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:51:48 GMT Content-Type: text/html; charset=utf-8 Content-Length: 56476 Connection: close cache-control: no-store, no-cache pragma: no-cache vary: Accept-Encoding p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: b7c63da3-c27f-42b7-82da-4c3187804800 x-ms-ests-server: 2.1.20329.5 - WEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: *
2025-03-24 05:51:48 UTC	15598	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bc bd f9 5b e2 48 d7 30 fc fb fc 15 ca 3b 97 24 b7 51 09 8b 6c 9d e1 b1 d3 da e3 a8 c0 88 b6 a6 19 ee 7e 03 09 12 1b 81 26 80 4b eb fb b7 7f 67 a9 4a 2a 2c dd 73 2f cf 37 d7 35 6d a8 d4 7a ea d4 d9 eb e4 dd f6 87 86 7d e5 34 8f b7 06 b3 87 e1 6f bf bc e3 3f 5b ef 06 be eb c1 df ad 77 b3 60 36 f4 f1 69 eb d2 f7 82 a9 df 9b 05 a3 3b 7c 71 10 bd 79 f7 e0 cf dc ad de 78 34 f3 47 33 2b 35 f3 9f 66 07 d8 4f 75 ab 37 70 a7 a1 3f b3 e6 b3 fe 5e 29 05 63 cc 26 7b fe b7 79 b0 b0 52 36 57 df bb 7a 9e f8 a9 83 35 dd 9c 1e 5b be 77 e7 27 5b dd ee 5d 1f ed d9 e3 87 89 3b 0b ba c3 f5 0d 1f 03 6f 36 b0 3c 7f 11 f4 fc 3d fa 61 6c 05 a3 60 16 b8 c3 bd b0 e7 0e 7d cb dc cf 18 5b 0f ee 53 f0 30 7f 10 45 59 2c 9a 87 fe 94 7e bb d0 b7 f5 ec 87 a9 Data Ascii: [H0;$Ql~&KgJ*,s/75mz}4o?[w`6i;\|qyx4G3+5fOu7p?^)c&{yR6Wz5[w'[];o6<=al`}[S0EY,~
2025-03-24 05:51:48 UTC	16384	IN	Data Raw: 42 0f 31 87 57 dc 23 46 86 a5 a9 37 c5 39 95 45 d7 2e d5 ce 65 7b 68 02 a1 c7 c2 21 c0 c0 c9 ee ec a0 c3 42 b8 b9 22 c5 d4 b0 9f 76 76 ec 4f 5c d5 ec 52 84 ac ec c3 cc f3 15 99 f8 9d 61 ff 21 de 95 f0 44 55 6c 2f 66 1d e4 53 9d cb 89 67 28 3d c3 0d d7 ce e6 7d b2 f9 46 6e 6a e1 81 69 be 68 11 32 01 0a 5d b4 9b 2d ce 45 b3 71 fb af 04 78 c8 a6 80 da ff 0f b7 f0 2a b1 85 3e 37 89 b6 6e 65 e7 a2 8b 50 a2 ef 9a 93 c1 19 55 d6 ee d6 72 65 64 ee 48 32 8e 62 e6 4d 41 e3 a0 90 89 94 35 40 09 68 d7 2a 68 2f f5 47 14 51 a0 70 0c b5 d3 5b fc 55 c3 8c 2a 64 3a c0 21 be 13 ef 10 81 ea 27 00 f1 b5 2d 15 c5 44 40 2c 10 fe aa 2c 5b 7c 3c 7c 03 e7 18 70 05 bb 37 75 a0 f6 01 6d 76 4e ef 60 c6 97 4c 12 a2 f4 d2 ec f5 f4 5d 27 b3 cb 35 f3 6e ec 2f 47 17 5e 74 f5 25 df dd 4c Data Ascii: B1W#F79E.e{h!B"vvO\Ra!DUl/fSg(=}Fnjih2]-Eqx>7nePUredH2bMA5@hh/GQp[U*d:!'-D@,,[\|<\|p7umvN`L]'5n/G^t%L
2025-03-24 05:51:48 UTC	10657	IN	Data Raw: ff 85 1c 84 24 7f 41 15 41 d2 d6 3f e9 92 cf 30 c4 5a 5b 11 bb 72 6b 8e e8 4a e4 d0 60 6d 2f 95 7a c0 83 3e 0d a2 20 3d 0a 3d 92 d7 96 e8 3f f9 03 11 3d 60 b6 8f bd 34 7e ef 10 94 6d 09 c5 b1 43 8f f2 5d 6b 07 9a 88 ef b7 d2 11 c2 8d 18 f8 85 5a 25 8a ef 24 2c 3a bf 01 c9 5a 9f 73 22 16 4f 33 31 9c 80 67 3a 35 2c bb 57 b4 2c 00 d0 d7 ed c8 b4 e0 74 8e be 5b 2c 46 5a d8 c2 90 b3 15 c9 9c b4 b1 54 1c f7 be e9 de 0a 32 1f 00 45 3e 48 1a 34 b7 16 f7 d0 7d e2 47 b4 ab 68 4d 82 f7 14 b9 63 bb 7d db 15 1b 8a 5b 4c ba 3d 73 43 a9 c4 4f c0 dc 9a b9 a1 f4 e5 86 52 41 10 1f 83 ed b8 bd 88 7a 76 c3 dc 59 e1 76 21 1b 2d df 24 d9 97 0d 26 f0 00 97 aa 37 43 75 8c 1e ed a2 fe 33 23 b8 5d 3e 72 1a af f9 3e d4 33 50 bb e6 78 4b 45 0e f5 14 1f 61 50 06 dd f1 00 52 81 dc 86 Data Ascii: $AA?0Z[rkJ`m/z> ==?=`4~mC]kZ%$,:Zs"O31g:5,W,t[,FZT2E>H4}GhMc}[L=sCORAzvYv!-$&7Cu3#]>r>3PxKEaPR
2025-03-24 05:51:48 UTC	5727	IN	Data Raw: e9 b5 11 e4 c6 de 72 63 6b 18 c6 d0 09 d0 30 89 61 0a 85 5d 23 ed 1e 7a 8c a6 ba 9c 76 8f 84 89 30 20 c8 08 34 c3 e6 e1 e4 1f e5 9b 21 e4 56 a7 2a 10 b7 89 2e 8b 20 c8 77 ec 9f 20 e8 05 5d 05 9a c4 5a d0 3a 78 9d 61 a4 a3 23 45 6a 60 1b 3c fa 69 d8 6e 23 cb f6 20 22 b7 e2 b3 3c 4d b6 d2 9d b5 b2 dc 3f d8 3c c6 94 a6 ef 8b 41 d2 9b d6 d0 ad 5a 43 c6 c7 60 01 9a 24 8d 89 91 24 22 cb 1a 45 e7 8b db e6 63 40 9c 03 bc 80 b1 5b 0a 5a b5 36 90 7c 8b cc 1a 6c 59 15 4a 74 a2 f3 dc bb e8 a3 41 17 dd db db 05 eb 90 30 77 f6 93 54 4d 0a 79 a6 98 1c 63 38 c9 4b be 8d fb 02 25 a9 8d c4 ad c7 1c dd 90 2b 6e 24 ad 4d 6e 63 b5 17 a6 2a f2 19 ab bd 28 d3 9d 19 59 a4 16 bf a3 4b d1 38 52 7c 51 22 c0 3a e7 32 a1 6a 62 39 99 3d a9 59 78 51 ec 91 1e 4a 96 ac a0 27 8d 62 9a b9 Data Ascii: rck0a]#zv0 4!V. w ]Z:xa#Ej`<in# "<M?<AZC`$$"Ec@[Z6\|lYJtA0wTMyc8K%+n$Mnc(YK8R\|Q":2jb9=YxQJ'b
2025-03-24 05:51:48 UTC	8110	IN	Data Raw: be df f5 81 3b ac 96 af 17 01 f0 c2 b7 e9 3b 08 2a b3 00 88 ba bb 6c dd c1 8c fc 7f 0e 44 ab 8f 19 5e bc fe 12 78 d7 f7 b3 ca 05 cc 85 8e 40 b4 d9 0f 5f f0 a2 36 d0 2a a7 24 e5 af cd 5f a7 40 cb c4 57 aa 17 7e e9 ec 02 26 da f4 5a 17 bd 98 9d 8f 43 62 53 09 63 f3 fd 4e 5c 12 38 48 9d 77 8e f0 3d 6c bf e2 fa bb fd 28 5d c3 08 1c f5 07 2b 18 ee 7b af eb b9 38 d3 21 54 39 e8 89 49 0e 59 52 fc fe e0 e3 d4 fc bf 4d 9a 6a 88 2d 62 a6 a1 75 7f 62 35 50 fe f9 75 8e 1d 6d 85 04 6a 3e 62 a9 6e 39 58 f4 35 a8 b9 9e 8d e8 7d 55 0d 88 6c 36 dd ef 18 af 61 23 82 11 ed 79 c0 61 f6 e1 f2 a7 7c 03 7f 11 22 94 1d 2b 43 2c 1f ae 3e 13 28 6f 2f 84 f4 60 ac 13 3e ba 11 5c 23 7c af 76 91 55 b1 24 7e 35 59 0c ba 03 25 af 0c 85 00 08 43 40 12 21 8c a6 d8 f1 ca b8 58 41 a2 fc 4a Data Ascii: ;;lD^x@_6$_@W~&ZCbScN\8Hw=l(]+{8!T9IYRMj-bub5Pumj>bn9X5}Ul6a#ya\|"+C,>(o/`>\#\|vU$~5Y%C@!XAJ

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:49 UTC	666	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1 Host: df594c69-6147603a.fabservs.com Connection: keep-alive Origin: https://lgn-rncrisoftonline.fabservs.com sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://lgn-rncrisoftonline.fabservs.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 05:51:52 UTC	670	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:51:52 GMT Content-Type: application/x-javascript Content-Length: 49990 Connection: close last-modified: Wed, 29 Jan 2025 22:54:06 GMT accept-ranges: bytes etag: "0x8DD40B7D5C9F36B" x-ms-request-id: c664c6e9-601e-0016-068c-76a219000000 x-ms-version: 2018-03-28 access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version access-control-allow-origin: * cache-control: public, max-age=27362764 vary: Accept-Encoding akamai-grn: 0.afb20f17.1742795511.129547c4 content-encoding: gzip
2025-03-24 05:51:52 UTC	15709	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 6d 5b e3 38 d2 30 fa fd fe 15 c1 bb 0f 1d 4f 4c c8 0b d0 e0 b4 3b 77 1a d2 dd cc 00 61 08 4c cf 2e b0 5c 4e ac 80 a7 83 9d b5 1d 68 06 72 7e fb a9 17 c9 96 1d 87 ee d9 3d d7 f9 f2 cc 0b b1 a5 92 5c 92 aa 4a 55 a5 92 b4 f9 d3 da ff 54 7e aa 6c fc f8 3f 95 e1 79 ef ec bc 32 f8 58 39 ff 7c 78 76 50 39 85 b7 7f 54 4e 06 e7 87 fb fd 1f af 07 3f 8a ff 9f df f9 71 65 e2 4f 45 05 7e 47 6e 2c bc 4a 18 54 c2 a8 e2 07 e3 30 9a 85 91 9b 88 b8 72 0f 7f 23 df 9d 56 26 51 78 5f 49 ee 44 65 16 85 7f 88 71 12 57 a6 7e 9c 40 a1 91 98 86 8f 95 2a 54 17 79 95 53 37 4a 9e 2a 87 a7 66 1d ea 17 50 9b 7f eb 07 50 7a 1c ce 9e e0 f9 2e a9 04 61 e2 8f 45 c5 0d 3c aa 6d 0a 2f 41 2c 2a f3 c0 13 51 e5 f1 ce 1f df 55 8e fd 71 14 c6 e1 24 a9 44 62 2c Data Ascii: m[80OL;waL.\Nhr~=\JUT~l?y2X9\|xvP9TN?qeOE~Gn,JT0r#V&Qx_IDeqW~@TyS7JfPPz.aE<m/A,*QUq$Db,
2025-03-24 05:51:52 UTC	16384	IN	Data Raw: 0e 2b a7 73 9c 09 3c b1 87 34 0e 7c c0 13 82 cf c4 83 50 a7 67 ac d8 21 42 ed 4d eb 90 1b 4e 38 90 99 77 8e e0 d0 a6 2f bd 49 a2 b4 57 da 5c 87 47 2c cd 61 58 8e c4 2d 4e ad 5b 1a 28 47 10 3f 71 b7 7c 88 78 cb 56 da 0f 1f 0a d7 cf 19 7f fb d8 fb b8 f7 71 d7 c8 2b 55 3c 6f 71 33 87 50 7e 2a 8d 43 db 88 b5 37 e0 02 a8 d2 57 59 f7 d9 0b cf d3 09 9e 61 25 e9 00 44 ba 0a c3 49 35 3f 35 2f c3 28 a0 df 97 2e 21 06 a9 a4 7d 01 d1 15 1e 72 b9 b5 ff 61 70 86 50 1c bf 4d 22 45 4d 42 a9 6e 08 ca 1a e3 2c 85 fb 76 23 93 e9 db 4d f2 e3 d0 59 33 d4 58 e0 8d c8 e5 1d 9b 9a d8 b6 0d 91 bd b0 65 64 d3 a1 48 86 45 82 d1 c0 2b a0 8c 95 e7 d2 06 d5 16 de 4c 47 47 58 5d 04 60 90 78 30 22 fd 6f 78 58 08 c0 0e c0 3a fe 83 49 3d 77 2c a9 b8 34 e8 50 24 e3 ba 5a 72 ac a5 e8 e0 8d Data Ascii: +s<4\|Pg!BMN8w/IW\G,aX-N[(G?q\|xVq+U<oq3P~*C7WYa%DI5?5/(.!}rapPM"EMBn,v#MY3XedHE+LGGX]`x0"oxX:I=w,4P$Zr
2025-03-24 05:51:52 UTC	16384	IN	Data Raw: 56 6f 58 4b 65 79 1d 68 8a 6a 35 98 af 55 b7 94 cb d4 0d e7 db 85 d0 f8 31 6a a7 87 ce 9b d0 e6 2f da 06 19 cd e5 34 23 e1 8d b6 41 31 2d 82 bf 24 d3 be 4a a6 44 60 b4 59 be 3c f7 43 4b 72 a0 58 cd 0d da f8 3f b6 a1 40 d4 c2 cf 20 02 fb c5 1c 7b c1 5a 22 92 aa 59 05 b2 f2 88 33 d1 f9 e8 75 ef e2 f4 e7 27 f8 d1 7f ca 08 1d 07 31 5c b2 9e 9a 66 49 f9 1f 3b d4 a4 9b 57 5a a4 b5 96 e8 cd 7e 78 15 c4 db 58 a6 01 0e cf 44 6d 1e 01 75 2e d0 3a 00 64 0e 09 70 54 bd c4 49 e5 63 3d d6 fe ba 2b 64 7c 0c 8a b9 ec b5 77 ea 3d de 6a 75 67 ab c5 a6 da 08 6c 86 da dd 61 06 35 3a 57 9c 6f af f8 57 dd 86 e1 9a 8f e6 c7 dd 3a 3b 96 b7 e1 68 25 95 d8 2b b4 d4 b5 c8 c6 c9 ae 2d 62 2a 76 b4 6a a4 5f 48 7c 83 75 29 d5 f1 90 c1 6d 15 f3 46 e2 9d 67 bd 75 10 37 0f 86 52 85 36 65 Data Ascii: VoXKeyhj5U1j/4#A1-$JD`Y<CKrX?@ {Z"Y3u'1\fI;WZ~xXDmu.:dpTIc=+d\|w=jugla5:WoW:;h%+-b*vj_H\|u)mFgu7R6e
2025-03-24 05:51:52 UTC	1513	IN	Data Raw: 74 ae d6 c4 46 e5 44 f0 4b 62 a1 0a e2 a0 88 35 98 45 7b c4 2a f1 b9 7b 28 7f 0e e4 cf b3 8e 23 ef 95 71 32 a9 04 0e 1c 79 23 b5 7d 47 d2 53 e5 9c bf 11 38 89 79 9e 2e 91 65 03 97 9a 16 bd 48 e0 9a 83 3b 80 d8 a3 b1 61 17 11 01 53 9b 70 fe 35 4e c3 08 8a ed 48 c0 c6 1b 49 2f 26 1e 74 e0 37 49 02 76 4c dc 06 ae 3d d0 c1 c6 21 c2 a5 a7 f3 34 bb 4c 93 91 d2 5d b1 07 97 7c 63 e4 8c 33 4f e5 9d bb 3c 2a 8f 27 4a 5b 89 df fe 16 da 52 b9 85 69 3f 2b 51 59 d7 b5 b1 8e f2 37 ad 38 28 10 c8 ac 1d 48 a1 1c 5c d4 a0 90 28 de 8c 47 38 1e cf 7c 0c 46 98 12 f3 0f 27 06 09 ef 10 63 5a 54 7b 3e b5 cd 1a bf 63 9a bc 76 77 0f 53 8e 3b 1a ee ad ab f4 be 72 03 dc 22 0e 14 38 b7 eb f7 4b 76 82 32 2e 00 43 71 b0 5a 24 b3 4c 04 d3 0c 6d 2a 96 97 ca 3c b0 5e 32 06 a8 17 66 b6 43 Data Ascii: tFDKb5E{{(#q2y#}GS8y.eH;aSp5NHI/&t7IvL=!4L]\|c3O<'J[Ri?+QY78(H\(G8\|F'cZT{>cvwS;r"8Kv2.CqZ$Lm*<^2fC

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:53 UTC	686	OUT	GET /6147603af5fa48568d9cedc5a7aac02f/ HTTP/1.1 Host: lgn-rncrisoftonline.fabservs.com Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://lgn-rncrisoftonline.fabservs.com Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw==" Sec-WebSocket-Key: 9ZhgeYoahwVqGpUeUOtU6g== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2025-03-24 05:51:55 UTC	740	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 24 Mar 2025 05:51:55 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 80a19085-46db-42eb-973b-fd0bad8c1600 x-ms-ests-server: 2.1.20329.5 - NEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2025-03-24 05:51:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:53 UTC	920	OUT	GET /?iWjx=d3WGM&sso_reload=true HTTP/1.1 Host: lgn-rncrisoftonline.fabservs.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2025-03-24 05:51:56 UTC	778	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:51:56 GMT Content-Type: text/html; charset=utf-8 Content-Length: 63013 Connection: close cache-control: no-store, no-cache pragma: no-cache vary: Accept-Encoding p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 6d2a91e4-266e-4a9f-bcb9-7615ba6d9a00 x-ms-ests-server: 2.1.20329.5 - SEC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: *
2025-03-24 05:51:56 UTC	6442	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ec bd db 7a e2 48 b6 30 78 5f 4f 41 f2 d7 36 b0 0d 98 b3 c1 4e 95 37 96 b1 93 34 a7 04 7c c0 6e 8f 7f 21 05 20 5b 48 58 12 36 38 d3 dc cd 93 cc c5 7c fb 62 ee e6 0d fa c5 66 ad 15 a1 03 d8 64 55 75 f7 bf 67 cf 7c 55 5f 77 5a 11 8a c3 8a 15 eb 1c 2b c4 e7 4f 27 6d b9 3f e8 d4 22 13 77 6a fc f6 cb 67 fc 13 51 0d c5 71 a4 68 34 a2 e9 b6 14 35 5c 3b 1a 31 14 73 2c 45 99 19 fd ed 97 c8 e7 09 53 34 f8 1b f9 ec ea ae c1 f0 29 d2 d3 c7 66 44 37 23 ae 15 59 5a 73 3b a2 a8 aa 35 37 5d 6c b4 e7 b7 fa 3c 65 ae 12 51 2d d3 65 a6 2b 45 5d b6 70 f7 70 c2 c3 88 3a 51 6c 87 b9 d2 dc 1d a5 ca 51 00 c6 9d a5 d8 d3 5c 7f 96 a2 32 6f 9e ea 2f 67 2c ba f7 c1 30 f5 9a c4 b4 31 5b ef 75 9d ba a8 a6 64 6b 3a 53 5c 7d 68 7c dc f1 45 d7 dc 89 a4 b1 67 Data Ascii: zH0x_OA6N74\|n! [HX68\|bfdUug\|U_wZ+O'm?"wjgQqh45\;1s,ES4)fD7#YZs;57]l<eQ-e+E]pp:QlQ\2o/g,01[udk:S\}h\|Eg
2025-03-24 05:51:56 UTC	16384	IN	Data Raw: 76 65 a9 97 e6 8e 33 9c 2e 4f 1f 9a df f2 05 fb f8 21 37 3d ae 3f 35 17 ec aa 7e f1 5a ac 57 aa b5 ba d6 6a 6b 55 bb 5e ad 72 5a 11 0e 1b aa 3b 0a 7e f0 5a 7e ad 5a bc ab f5 fa bd 2b b9 7f 7d da 68 5f f5 db e7 b5 16 b6 11 47 fd 75 0a 6e 8f 74 66 8b c6 2a 0f 43 3b b2 bb 80 d2 5f b2 e4 bf 8b 2c b1 2d 6d ae ba 5c 9c a4 b2 be cf d7 06 d7 b2 27 93 01 dd 67 06 f8 17 6e 90 33 84 36 aa ae f6 99 a9 98 ee b1 ad 98 1a 05 f2 cc b9 61 24 a3 16 f8 b2 b2 35 f4 6b bf bf c1 24 98 19 32 b6 ad b9 a9 d5 d1 cf a2 58 89 62 db 82 54 bc 9c 1e 4c d1 c1 94 21 a4 1e d3 c1 ac 26 e7 5d 30 6d 7b 9b 0e b3 31 bf 93 86 cf 88 a4 13 f7 84 0d e7 e3 e6 3f 76 82 a2 61 df 29 a7 5a cf 69 77 9c aa 09 ae e2 9a 3f 4f f1 b9 33 5b 59 b6 e7 6e 03 21 3a b6 16 e1 58 05 7e 6f 60 2d fd c5 0f 1b f8 a1 04 Data Ascii: ve3.O!7=?5~ZWjkU^rZ;~Z~Z+}h_Guntf*C;_,-m\'gn36a$5k$2XbTL!&]0m{1?va)Ziw?O3[Yn!:X~o`-
2025-03-24 05:51:56 UTC	16384	IN	Data Raw: a4 90 3b 20 db d9 e2 c4 b1 22 a3 75 58 a3 49 2f a9 bf 7d bc 67 cd 55 54 a1 12 d2 87 b2 c1 0e 98 ca 1e 25 4b 40 a1 83 1e 38 49 b3 ae 27 90 c3 a7 79 b8 07 35 85 79 0b bd d3 23 df d4 fe 01 5b a4 4e c0 f9 6c a8 34 66 13 e5 87 53 04 19 51 31 a2 16 f0 7b 14 b3 d7 9b c2 a3 35 cf a6 a2 6b 8f c3 65 86 6d c0 0a af f6 c7 ff f1 eb bf bf 1b 5b af ff fe fe 47 d2 46 99 04 b8 72 71 ee 13 d9 ce 86 5d 56 ba bd 0f 43 1a b2 db a1 9b 23 c6 3d 4e 1e ef 00 d5 7b f2 09 b5 82 10 bf 70 b8 76 fb 07 98 f2 4a 2d 29 23 96 e6 ce 82 83 a5 2e 57 db bd df 2a f2 07 c0 2a f5 12 eb 09 c9 8c 9c 93 4a f1 90 89 56 9c d5 6a 2b 12 2c b1 07 2b 2b 62 d2 a4 b2 d2 70 0b 0e 02 1e ce 6c dd 82 5a 89 12 7b 1e ee c4 a5 65 22 35 96 5f 75 92 71 f3 5a 03 ca 83 35 06 94 1a aa 04 ae d5 bd e5 b6 86 a8 59 af d7 Data Ascii: ; "uXI/}gUT%K@8I'y5y#[Nl4fSQ1{5kem[GFrq]VC#=N{pvJ-)#.W**JVj+,++bplZ{e"5_uqZ5Y
2025-03-24 05:51:56 UTC	16384	IN	Data Raw: e8 55 71 7b 4a 64 3e 50 3c 55 78 73 7d 07 5d 05 3b d1 86 13 c6 40 17 b4 74 2f e5 19 22 bd 0c 85 f2 3b 0e 41 6a 03 f3 c9 3c cb e2 ea 06 e1 00 7c 5f 19 16 83 41 88 d8 dc 83 09 e8 8f 90 e4 8f 0c f2 13 2b 46 2e 07 37 0b 94 80 f8 6b a4 cc 0d 1f b7 15 07 87 b4 15 60 65 69 46 4f 55 4a 11 b6 8d f8 9a 5e 31 08 31 5d 09 3d cd 77 e4 21 33 7e 92 57 12 38 a9 4b 66 26 c8 23 fe 90 2a 6d cc b9 8c 40 ed 89 6e 46 52 47 c9 a7 46 03 93 f0 ab ee 3d 91 5d 08 45 fa 16 c5 ac b9 9d 67 00 7f db 05 46 41 6f f7 75 06 3a e0 36 a9 6e 7c 32 a1 db a5 c8 b1 e7 ae a5 d3 ae 98 1f 5f 04 e1 84 07 a2 54 1e 9a 43 53 64 86 bd 0b c7 e1 e2 42 b2 91 13 8a df 4a fc e4 47 11 83 2a c6 40 5d d2 98 51 be a9 67 be ba 97 ed b4 bb 99 2d 4f bd fa 09 5d 8d 0c 94 9f b5 5e 64 96 22 e1 52 a9 13 51 ba 13 ba 17 Data Ascii: Uq{Jd>P<Uxs}];@t/";Aj<\|_A+F.7k`eiFOUJ^11]=w!3~W8Kf&#m@nFRGF=]EgFAou:6n\|2_TCSdBJG@]Qg-O]^d"RQ
2025-03-24 05:51:56 UTC	7419	IN	Data Raw: c5 e7 52 96 5f 1c 74 cf 5e e9 25 8a b8 00 c1 24 cc 6b b8 ac db 9b cf 38 95 27 7a f0 a3 2b 54 40 62 a5 6e 78 7c 81 02 c4 f1 d8 36 d3 90 89 f4 06 4a 36 42 6d 54 1f 92 bd 33 72 b6 9d 21 80 15 e6 d7 39 07 39 0a ca 18 60 92 5d 31 b4 c8 33 ab 1c 36 6e 3a 08 dc 4f 63 fd 11 04 83 6e 56 2a be 0c 9b 91 4f 84 4d 85 87 61 98 bc 91 81 de 1b 1c 26 9d f3 46 b3 37 2e e6 46 0e db 37 b4 50 bd 75 4f 6f 90 5c 72 b9 5c 7e c1 a0 ff fd 95 95 2e aa 6b 6a 0e 65 ed f0 b6 45 c6 dc 4d bb 85 50 39 b0 b7 7c c2 52 d0 e6 97 47 42 5c 60 59 14 56 7d 94 75 7c 55 df 3e c0 d1 1e 9c ff 38 db a9 d6 cf b6 59 bc 76 51 26 38 38 54 d5 8b ef d1 5a 48 e2 13 2c 1c af c7 76 14 c2 56 ab 96 a5 96 87 f3 d3 e7 63 87 98 8f 51 16 54 b7 b6 10 ad e1 41 f0 82 7f 17 17 17 fd ad ad ee 55 8b 61 86 04 7c ee be 5c Data Ascii: R_t^%$k8'z+T@bnx\|6J6BmT3r!99`]136n:OcnV*OMa&F7.F7PuOo\r\~.kjeEMP9\|RGB\`YV}u\|U>8YvQ&88TZH,vVcQTAUa\|\

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:53 UTC	757	OUT	GET /favicon.ico HTTP/1.1 Host: lgn-rncrisoftonline.fabservs.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
2025-03-24 05:51:55 UTC	740	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 24 Mar 2025 05:51:55 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 9fc846be-9a5e-4f94-a88b-8f1ddc9a4a00 x-ms-ests-server: 2.1.20329.5 - NEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2025-03-24 05:51:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:56 UTC	448	OUT	OPTIONS /api/report?catId=GW+estsfd+ams2 HTTP/1.1 Host: 187f9077-6147603a.fabservs.com Connection: keep-alive Origin: https://lgn-rncrisoftonline.fabservs.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 05:51:58 UTC	336	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:51:58 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding access-control-allow-headers: content-type access-control-allow-credentials: false access-control-allow-methods: , GET, OPTIONS, POST access-control-allow-origin:
2025-03-24 05:51:58 UTC	12	IN	Data Raw: 37 0d 0a 4f 50 54 49 4f 4e 53 0d 0a Data Ascii: 7OPTIONS
2025-03-24 05:51:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:56 UTC	691	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1 Host: df594c69-6147603a.fabservs.com Connection: keep-alive Origin: https://lgn-rncrisoftonline.fabservs.com sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://lgn-rncrisoftonline.fabservs.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 05:51:59 UTC	653	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:51:59 GMT Content-Type: text/css Content-Length: 20410 Connection: close last-modified: Wed, 04 Dec 2024 23:52:00 GMT accept-ranges: bytes etag: "0x8DD14BEA5012AB1" x-ms-request-id: 015ace25-c01e-00e5-589c-66d025000000 x-ms-version: 2018-03-28 access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version access-control-allow-origin: * cache-control: public, max-age=25610277 vary: Accept-Encoding akamai-grn: 0.96b20f17.1742795518.ec6f408 content-encoding: gzip
2025-03-24 05:51:59 UTC	15731	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d 6b 93 db 36 b2 e8 77 ff 0a ee a4 52 eb c9 4a 8c 48 3d 47 53 49 ad e3 78 93 39 c7 af b2 9d 7d 54 2a b5 c5 91 a8 11 8f 29 51 97 a4 66 3c ab a3 ff 7e f1 46 03 68 90 d4 78 b2 d9 7b 2b eb 8d 2d a2 1b 0d a0 d1 68 a0 81 6e e0 eb af fe 10 3c 2f 76 f7 65 76 b3 ae 83 a7 cf cf 83 57 d9 a2 2c aa 62 55 93 f4 72 57 94 49 9d 15 db 30 78 96 e7 01 43 aa 82 32 ad d2 f2 36 5d 86 c1 57 5f 7f fd d5 1f 9e f4 bb ff 2f 78 ff e1 d9 bb 0f c1 9b bf 04 1f 7e bc 7a f7 7d f0 96 7c fd 23 78 fd e6 c3 d5 f3 17 41 67 2a 4f 9e 7c 58 67 55 b0 ca f2 34 20 ff 5e 27 55 ba 0c 8a 6d 50 94 41 b6 5d 88 5a a7 55 b0 21 7f 97 59 92 07 ab b2 d8 04 f5 3a 0d 76 65 f1 3f e9 82 b4 21 cf aa 9a 64 ba 4e f3 e2 2e 78 4a c8 95 cb e0 6d 52 d6 f7 c1 d5 db f3 30 f8 40 70 0b d2 Data Ascii: }k6wRJH=GSIx9}T)Qf<~Fhx{+-hn</vevW,bUrWI0xC26]W_/x~z}\|#xAgO\|XgU4 ^'UmPA]ZU!Y:ve?!dN.xJmR0@p
2025-03-24 05:51:59 UTC	4679	IN	Data Raw: 8e 36 04 a6 86 1b 02 93 e3 0d 14 66 70 df 93 6e 56 08 83 b4 76 40 43 45 db f0 b0 2e 10 57 99 1b 46 0a 7a 9a 6c 5e eb 5b 91 85 43 fa 34 bc 98 9d 23 97 02 03 20 96 48 ba 89 37 5f 87 50 e3 87 e3 60 22 80 5b d9 23 19 93 28 7f 18 bb 0c ee 13 f6 9e b3 cc 4f 7d b0 93 e5 be fa 81 1c e1 db 81 87 f8 c3 85 9e 97 26 d9 ad e4 e2 f9 d0 f9 26 d9 66 bb 7d ce d8 eb 5e a9 2b 2e 5f 31 9e 3c 14 8e 66 b6 29 6a 84 19 ff 16 73 31 e4 bd 7d b5 80 7d 3b 31 dc 4f b3 45 e0 11 a6 59 9b e2 6f 30 17 da 55 f8 2d 47 97 9c 1b 9d 47 1f 3b 4e 93 ed 9d d7 79 6a 32 d1 1f 5f eb 9b f4 7f 13 a6 a3 1e a1 60 c3 fb 18 66 4b 1a ec 5b df 7f c7 cf a6 e1 66 b8 e1 3c 49 fa 09 1e a6 bb 4e 99 7d 83 9c 71 6f 0c a3 d6 41 73 e1 3a 8a 7b d0 7d c7 b8 09 57 f6 9c 2a 6f d7 c8 38 69 61 9f 30 8a 5b ee fe 36 be 3a Data Ascii: 6fpnVv@CE.WFzl^[C4# H7_P`"[#(O}&&f}^+._1<f)js1}};1OEYo0U-GG;Nyj2_`fK[f<IN}qoAs:{}W*o8ia0[6:

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:56 UTC	668	OUT	GET /shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js HTTP/1.1 Host: df594c69-6147603a.fabservs.com Connection: keep-alive Origin: https://lgn-rncrisoftonline.fabservs.com sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://lgn-rncrisoftonline.fabservs.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 05:52:00 UTC	670	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:52:00 GMT Content-Type: application/x-javascript Content-Length: 122924 Connection: close last-modified: Tue, 25 Feb 2025 19:14:31 GMT accept-ranges: bytes etag: "0x8DD55D0A1E1E362" x-ms-request-id: f23039aa-e01e-0074-3a3d-89b597000000 x-ms-version: 2018-03-28 access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version access-control-allow-origin: * cache-control: public, max-age=29417913 vary: Accept-Encoding akamai-grn: 0.96b20f17.1742795518.ec6f457 content-encoding: gzip
2025-03-24 05:52:00 UTC	13790	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 7b 77 e3 38 8e 38 fa ff fd 14 8e 66 6e da ee 28 2e cb 6f 2b ad ce ba 9c a4 2a db 49 9c 89 93 ea de 4d 65 72 64 89 76 d4 b1 25 af 24 e7 31 8e f7 b3 ff 00 90 94 28 59 4e 55 f5 ee b9 f7 dc 73 e7 51 b1 48 f0 05 82 20 00 82 e0 87 9f 77 fe af d2 cf a5 fd ef ff 4f 69 74 dd bf ba 2e 0d 4f 4a d7 9f 4f af 8e 4a 97 f0 f5 1f a5 8b e1 f5 e9 e0 f8 fb eb c1 46 f1 ff d7 0f 5e 54 9a 78 33 56 82 bf 63 3b 62 6e 29 f0 4b 41 58 f2 7c 27 08 17 41 68 c7 2c 2a cd e1 df d0 b3 67 a5 49 18 cc 4b f1 03 2b 2d c2 e0 4f e6 c4 51 69 e6 45 31 14 1a b3 59 f0 5c 2a 43 75 a1 5b ba b4 c3 f8 b5 74 7a 59 a9 42 fd 0c 6a f3 a6 9e 0f a5 9d 60 f1 0a bf 1f e2 92 1f c4 9e c3 4a b6 ef 52 6d 33 f8 f0 23 56 5a fa 2e 0b 4b cf 0f 9e f3 50 3a f7 9c 30 88 82 49 5c 0a 99 Data Ascii: {w88fn(.o+IMerdv%$1(YNUsQH wOit.OJOJF^Tx3Vc;bn)KAX\|'Ah,gIK+-OQiE1Y\*Cu[tzYBj`JRm3#VZ.KP:0I\
2025-03-24 05:52:00 UTC	16384	IN	Data Raw: d7 ab d6 5a d3 b9 46 7d 5c 4d c9 55 9f e9 4b c5 c6 f1 3f ae df 2b aa 7f ad 3f 87 5e bc c9 bf 75 5b 0f 84 8e bf e2 ef c5 05 87 80 5a 44 ca cc 52 0e a7 b0 71 65 4a 0e 40 e0 9c d1 37 2c ed 9a 7e 0e 1d aa ce ed 17 f8 39 13 33 b5 5f af 70 8e b5 b4 dc bd 19 67 81 54 f2 b8 4a 3d 41 1b 3e dd fe b5 d5 ee 1c d2 3c 5c f2 f5 89 9d 2f 73 17 01 7d 29 3a 29 c6 91 2d 9d 1f 95 1c d3 8c 2c b7 9c b7 56 8e 85 42 03 30 41 e5 80 1e 1d 4f df 5b b4 3c 60 5f 24 3b 0b b9 31 25 64 31 0a 7d 61 d9 40 34 12 e3 40 7c 88 a3 09 a2 4b ce 8d b6 17 60 da d4 0a 39 39 ce ad 38 43 66 07 4b 2b da dd e5 4f 81 80 ac 1e e5 3c 35 b4 03 49 78 50 53 64 be 4f 91 c2 0e 37 ce d2 89 a0 0c 63 0d c4 c1 69 02 ba a8 4f f5 85 3e 07 1a 40 61 03 50 22 6d 45 4f 56 93 35 f6 c7 72 be a4 43 c9 be a1 3f 58 34 a1 0e Data Ascii: ZF}\MUK?+?^u[ZDRqeJ@7,~93_pgTJ=A><\/s}):)-,VB0AO[<`_$;1%d1}a@4@\|K`998CfK+O<5IxPSdO7ciO>@aP"mEOV5rC?X4
2025-03-24 05:52:00 UTC	16384	IN	Data Raw: b7 37 e5 00 8b 96 0a b7 a7 a9 b9 f5 03 69 a8 c4 4e 35 1f 90 64 5e 5e e6 99 50 c4 09 ec 51 dc a6 55 4c 85 37 88 55 3f b9 b7 94 65 56 a9 ec f1 f1 54 a8 e9 11 f9 6c 88 f9 33 ca 22 8a e0 17 91 76 8a 4c 28 28 d2 82 93 c3 1f ba f9 e2 23 c3 1f 21 68 22 4c 42 53 0f ed da 22 7b 7c e4 a4 26 7d 15 85 9b 69 b2 40 34 4c 33 e7 08 57 1b 31 78 c0 21 ed 10 98 e6 a1 3a 4e 83 3f 60 da 7e 8f 7b 0f a1 cc e0 6b 99 5d 18 d5 0f f9 90 f4 21 3b 93 89 70 29 84 1c a8 56 99 66 79 ce a7 cc 5e 38 d1 3c 0e d5 47 69 34 cd 92 a8 e9 db 85 af 5d 8a 90 3e be 7f e6 fb 27 b3 cc fd bf b7 3f 73 bf b9 30 20 33 48 ff 04 ff 55 86 f7 77 f3 7a 0a b4 ef b5 ac c2 36 6f cc b6 79 73 8a 36 09 19 3f c4 45 88 9e 66 c1 0c 75 a9 7b 5a 4a cf 7c f4 51 6f 4d be 42 e6 6d 02 57 4c 2d 1e a2 7d eb f6 dd 2b a4 ea f1 Data Ascii: 7iN5d^^PQUL7U?eVTl3"vL((#!h"LBS"{\|&}i@4L3W1x!:N?`~{k]!;p)Vfy^8<Gi4]>'?s0 3HUwz6oys6?Efu{ZJ\|QoMBmWL-}+
2025-03-24 05:52:00 UTC	16384	IN	Data Raw: 86 7a 4e e0 80 dc 19 8f 39 c3 51 43 06 06 a0 41 cf 57 ce 73 62 8e 85 92 54 8a 06 ee 55 5e d3 6a e0 bb e9 78 ca c2 20 31 64 66 46 96 49 f3 2b fe 6d bc 1e d2 4e 3f e0 6d 1f 7d 4a 8a 6b 0c 46 76 92 c9 21 fe d1 1c 17 b8 96 60 7e 6e f8 7c 10 93 60 e6 e0 23 42 0d cd 3b b3 35 93 38 fe 7c ac cc df 39 4b df 2c 00 f7 1a b6 81 5f 1e 9b cd a5 db a1 7c 7b 64 be 6d 32 00 e5 8c bb 46 3e 75 60 96 25 5d 9b 8d 98 92 51 04 cf 8b 59 47 91 8d 46 e3 78 3f bb c1 b9 d9 cb f3 3d 24 82 39 e7 1b 73 96 0d e6 93 32 bc 35 33 cc d2 2f d3 70 52 1d 8e 61 c3 70 1a 7b e2 c4 5c 4b 11 d9 03 9a 6b e9 c8 1c 75 dc b0 30 f7 7b 6c 67 2e 46 44 b5 85 5a a1 ea 96 57 ae a6 c2 43 9e 1d 48 f5 05 6f 1a bc 81 09 b5 12 65 7f 18 3e 4c 0a 93 2a 91 a2 eb 4e ea a9 d2 ec 68 02 28 e1 9e 5b d5 2a e6 28 2e 66 fe Data Ascii: zN9QCAWsbTU^jx 1dfFI+mN?m}JkFv!`~n\|`#B;58\|9K,_\|{dm2F>u`%]QYGFx?=$9s253/pRap{\Kku0{lg.FDZWCHoe>LNh([(.f
2025-03-24 05:52:00 UTC	16384	IN	Data Raw: a3 17 bc b1 fe 6a b5 4a 79 2d 20 eb 04 f4 37 e9 34 31 9e 34 b6 eb 6e af d7 44 23 d9 22 a7 6e aa 46 26 b5 94 13 88 7c 3f f3 16 41 ab a2 c8 16 4d f3 7a 21 28 fa 08 09 18 69 74 da a4 70 4a 5d 09 f0 24 7f fa 34 57 04 54 8b 8b 10 0d 46 6e be 54 b3 a8 d5 27 09 bb d0 fa f9 c3 43 c4 27 8e 7c 19 7a 06 69 2b cc 0a ba 20 ec b4 8d fa bf 2c 3b c2 b7 a9 bf 01 8c 08 34 eb 15 2c 67 1e 7b c8 e6 ee f4 8f 08 96 fd 15 f5 54 a3 c0 db 19 0a e1 de f6 e8 81 27 e4 e3 e2 a9 4c a5 a6 53 29 82 d6 bf d6 73 c5 4f 43 22 a4 19 27 83 55 12 23 fc 93 a7 d1 1d d4 0f ab ec d2 67 df c5 82 81 2d 32 15 7d 4d f3 11 57 a4 25 97 cb 74 32 49 b2 47 1c 58 54 43 ff 90 07 8b cd 16 f5 db f6 2c 07 6c cb 42 cf 12 17 1b fa ad 54 d7 99 df b6 a1 65 75 ee 9d 95 0c 95 57 c8 1f 08 80 1c 09 21 a6 43 55 f9 81 f1 Data Ascii: jJy- 7414nD#"nF&\|?AMz!(itpJ]$4WTFnT'C'\|zi+ ,;4,g{T'LS)sOC"'U#g-2}MW%t2IGXTC,lBTeuW!CU
2025-03-24 05:52:00 UTC	16384	IN	Data Raw: 16 7e 4f e1 65 56 95 56 ba a5 21 d5 1d 59 1b 22 41 fb ca 5e 8d 2c 9a d9 95 1d 6e b4 ff b7 c9 87 fa d2 b7 43 79 55 07 8f 0a 55 31 ad 65 db 64 73 d3 26 d7 ce 67 07 ba d5 e4 be bc ec 6e 4d 27 b4 fe b6 bf ff b7 e5 3d 74 57 fd 87 d3 b5 77 a4 f5 c2 24 34 bc 26 1b e2 c8 3a a7 e3 0d ff 9a 3c e8 dc ac 7d 3e 83 02 c0 84 68 0e b9 1f a3 24 d9 ba 8f e9 ad ca 31 d5 7c 3a b1 06 e7 10 e8 b0 85 06 d6 bf 67 cb 2c 89 fd be 90 a3 e1 f5 69 16 17 d6 ff b5 9e 8d 1b f3 6a 64 fd cf e4 31 05 c0 bd 39 3d 3e 3f 6d c5 93 5a ff 57 aa db 40 b0 78 62 a4 03 90 f4 cd a7 e0 37 ff 54 1a d3 05 5a 7b 31 ae 4f 29 2d ef 1c ea 5c b8 f3 b1 29 40 37 98 d2 ae 19 de 1c 57 4f 55 64 92 d2 6f f5 78 28 b7 f1 99 bc 77 86 b5 a1 3d e4 e1 c0 1a 8c 28 ab 67 b6 9a 01 27 83 21 78 8e ff 9f aa 4c ec 74 ef f1 e8 Data Ascii: ~OeVV!Y"A^,nCyUU1eds&gnM'=tWw$4&:<}>h$1\|:g,ijd19=>?mZW@xb7TZ{1O)-\)@7WOUdox(w=(g'!xLt
2025-03-24 05:52:00 UTC	16384	IN	Data Raw: 6d e9 0e 4f f1 a1 0e d1 6a 9f ca f9 a0 b7 38 4b e0 06 0d ba 1d 4e ce 0d 1a ef f1 b1 42 e4 55 67 77 57 90 f5 ec ba 52 b6 bb f1 ac 7c 7b cf fc 80 72 dc 97 06 6f 2d 32 62 a9 79 7e d6 5e ee 35 32 62 35 ec 62 5d f3 5c cf 8f aa f8 4f c7 ac 95 b5 86 6b 8f ae 8e ba eb cb 97 e9 ed 07 6f 8a aa c8 0a a0 d3 7b 13 94 db 5e f6 c1 59 21 60 d8 53 18 e4 b2 d2 78 59 e7 64 81 49 81 40 d0 69 ea 56 7a b1 06 e4 87 44 0b 68 74 b1 ea 26 ef 25 a4 f5 4d 5e 1d 70 51 a9 d3 b0 43 39 5e 68 bf f8 98 42 1b df a2 3e ab 24 85 67 70 fc bb 27 c6 3a 24 58 b6 35 bd 1f 9e ff f8 58 bd ae 7d eb f7 f4 66 24 88 00 88 49 61 c2 e4 27 6c de 98 88 61 20 3b 25 7d 56 ae 7c 29 ee 0d ea 1f 83 c3 01 e0 ab 7f 8f d6 3b d2 c1 c5 75 4f 4a 84 d5 5b 9f d4 b6 fe 78 4f 87 55 53 5b 6b bc 7d 9d a7 8e 8e b2 b9 64 af Data Ascii: mOj8KNBUgwWR\|{ro-2by~^52b5b]\Oko{^Y!`SxYdI@iVzDht&%M^pQC9^hB>$gp':$X5X}f$Ia'la ;%}V\|);uOJ[xOUS[k}d
2025-03-24 05:52:00 UTC	10830	IN	Data Raw: 41 ef 97 a1 0f d6 81 5e 2f a2 55 dd f9 ae 35 f2 f2 dd 56 b9 43 57 90 cd 7f 57 39 3c 7f 31 58 47 68 48 fc cd 9c 58 84 9a 14 86 01 5b af 43 38 72 0c b3 cf a1 41 9f fc 8f c4 91 b1 2f d6 09 98 a6 e1 49 42 ae db c1 3b 66 2f c2 10 a8 99 e5 41 46 09 0f af 73 c5 98 f6 d8 bf 61 42 d0 f2 86 5d f0 82 07 f8 f6 c4 59 bc f2 1d e0 87 b4 5d 8a e8 74 d9 f4 18 28 06 e1 52 0e 59 3e c5 cb d7 7c e8 31 05 52 07 a5 f8 f6 b2 99 e3 7e 85 55 b5 cb eb b1 7c f4 71 96 90 3e 5b d5 45 2b 12 26 fc e2 63 59 61 bb 65 c3 be 38 7d 57 5e 68 44 8c 23 89 2e 68 74 13 17 3a 98 67 77 7c c2 12 2c 77 51 76 11 e3 b7 9c d9 5b c4 47 31 01 38 17 56 d3 d7 15 a2 63 1e 23 65 e1 46 a2 48 6c 0e 02 49 1a f9 53 16 44 63 6a 4d 29 4c f7 9c b9 7c a3 2a bf c4 a0 f3 1e 59 ce 99 87 39 7f ae ab a9 e4 b4 27 f3 4f e4 Data Ascii: A^/U5VCWW9<1XGhHX[C8rA/IB;f/AFsaB]Y]t(RY>\|1R~U\|q>[E+&cYae8}W^hD#.ht:gw\|,wQv[G18Vc#eFHlISDcjM)L\|*Y9'O

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:56 UTC	687	OUT	GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js HTTP/1.1 Host: df594c69-6147603a.fabservs.com Connection: keep-alive Origin: https://lgn-rncrisoftonline.fabservs.com sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://lgn-rncrisoftonline.fabservs.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 05:51:59 UTC	669	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:51:59 GMT Content-Type: application/x-javascript Content-Length: 16623 Connection: close last-modified: Mon, 03 Mar 2025 20:34:05 GMT accept-ranges: bytes etag: "0x8DD5A92BDF0C136" x-ms-request-id: a0b723ab-201e-00d2-10f1-8f0289000000 x-ms-version: 2018-03-28 access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version access-control-allow-origin: * cache-control: public, max-age=30155020 vary: Accept-Encoding akamai-grn: 0.96b20f17.1742795518.ec6f45e content-encoding: gzip
2025-03-24 05:51:59 UTC	15715	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 7d 4d 73 23 c7 92 d8 dd bf 02 0f cf f1 86 5c f5 40 f8 e0 27 46 d0 18 04 c1 19 ec 90 00 04 80 33 52 48 32 a2 09 14 c0 7e 04 ba b1 dd 8d e1 f0 51 e3 78 37 1f f6 e0 ab 7d f3 c1 27 1f 7d f1 dd 3f 65 23 d6 bf c3 f9 51 55 5d d5 dd 00 c8 91 56 6f d7 0a c5 10 dd 5d 95 55 95 95 95 95 99 95 99 f5 87 d9 da 9f c4 5e e0 ef 89 fd 47 f5 bb 10 ec f9 fb 8f de 6c cf fb d1 ff 79 3f 14 f1 3a f4 0b f8 bb 24 3e ad 82 30 8e 5e 7d 74 c3 42 d8 c0 57 8d 47 f9 ae fe f8 d9 f1 a6 75 df 59 04 ee 54 4c eb 7f a8 7c 7e 25 ab 0a ac 3a 71 17 8b bd 50 41 70 42 27 f9 1d ec c3 03 57 6b fc a1 9c 7c f8 8c cd 78 8d 47 0d 28 28 2d 1b c2 09 4a 93 86 07 ff ae 1a c5 a2 13 ec 95 f7 3f ef fd 98 0c c3 09 1c 0f 3a bf 57 dd a7 5e fa 0d 6f af 02 f0 e1 cf e1 be 13 c3 9f a3 Data Ascii: }Ms#\@'F3RH2~Qx7}'}?e#QU]Vo]U^Gly?:$>0^}tBWGuYTL\|~%:qPApB'Wk\|xG((-J?:W^o
2025-03-24 05:51:59 UTC	908	IN	Data Raw: 47 9b f7 66 fd 20 8a 98 a5 35 1e ad a5 43 c2 c9 64 e5 16 1d 0e c2 a0 75 c0 2f e9 b9 e8 5c 51 e2 57 14 c7 a8 e0 98 13 c1 8e 6f e1 05 11 e0 f5 6a 1e ba 53 71 e5 cd 79 eb b8 fe 1e f1 a8 a4 98 b2 73 15 fc d9 c5 c0 23 da 57 cd 60 00 99 09 ed bd 1b a2 70 df 78 94 2c 08 ab 2c 3f e1 b6 ba fc c4 8e a5 48 42 80 7b 54 ec f0 d0 19 3d 42 6b ea a9 e9 eb 44 ff c0 7a a0 ca 1b 81 3b db 3a c6 54 c2 1c 43 cb c7 ca 75 0c 74 82 05 60 bd 3b a6 78 38 f7 01 ef e5 94 79 03 78 c9 52 5e 2e 8c 20 2d e3 06 84 b8 5a 50 d4 13 0f 83 7b ce 30 64 94 07 ce 1f 8e 3b ab f2 96 73 83 39 2a 3a 10 07 37 15 1d 80 44 4f 35 96 5b e8 b7 0c bf a5 df 87 39 e9 03 70 59 70 97 25 fa 72 be 63 17 e4 f1 56 ce c7 8a e4 57 86 6f f0 6a 8d e1 3d 80 8e 07 4b e6 18 08 bc 75 80 24 0e fc 81 59 dd 07 e2 a3 c0 60 02 Data Ascii: Gf 5Cdu/\QWojSqys#W`px,,?HB{T=BkDz;:TCut`;x8yxR^. -ZP{0d;s9*:7DO5[9pYp%rcVWoj=Ku$Y`

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:57 UTC	818	OUT	GET /Me.htm?v=3 HTTP/1.1 Host: l1ve.fabservs.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Purpose: prefetch Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://lgn-rncrisoftonline.fabservs.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
2025-03-24 05:52:00 UTC	514	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:52:00 GMT Content-Type: text/html; charset=utf-8 Content-Length: 1428 Connection: close cache-control: max-age=315360000 vary: Accept-Encoding p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" referrer-policy: strict-origin-when-cross-origin x-ms-route-info: C520_SN1 x-ms-request-id: 2a7dd57d-3ae1-4e3d-af77-74263070cb50 ppserver: PPV: 30 H: SN1PEPF0002F128 V: 0 content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: *
2025-03-24 05:52:00 UTC	1428	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 57 db 6e db 38 10 7d ef 57 d8 42 11 88 1b 56 91 6f 71 22 87 09 8a b6 8b ba 68 da a2 ea 62 1f 5c 2d 40 4b 94 cd ad 4c 0a 24 ed b6 70 f4 ef 3b ba 59 b2 ba 8d d1 87 3e 24 96 87 33 87 e7 8c 66 86 f4 8d 0e 15 4f 4d cf 7c 4f 19 b1 0c fb 66 2e fe a5 3b 5a 5a ad db 27 bd 7e bc 15 a1 e1 52 d8 06 33 b4 8f a5 b2 77 54 f5 74 8f 8b 1e 43 66 a1 03 c2 e0 5f 66 9b 35 d7 b8 71 06 d7 ea b9 c7 6c 81 f6 3c b6 f5 42 04 48 31 b3 55 a2 97 3f 3b ec 5b 2a 95 d1 b3 1c 90 93 dc 44 f6 95 cd db 67 98 47 9e c0 89 a4 11 8b bc fe 20 9b 55 a1 26 0f 0d 69 92 d8 bc 46 c0 1c 37 cf 0c c1 97 32 8c f4 dd 66 21 2b 78 93 fd 01 88 39 1b 02 a2 9c 90 40 90 93 12 cb c2 cc 76 51 66 2f 3a 9a 6b 21 ba 90 55 65 80 91 78 e1 07 58 13 17 0b c2 9c 84 89 95 59 cf f4 8d 98 9d Data Ascii: Wn8}WBVoq"hb\-@KL$p;Y>$3fOM\|Of.;ZZ'~R3wTtCf_f5ql<BH1U?;[*DgG U&iF72f!+x9@vQf/:k!UexXY

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:51:59 UTC	423	OUT	POST /api/report?catId=GW+estsfd+ams2 HTTP/1.1 Host: 187f9077-6147603a.fabservs.com Connection: keep-alive Content-Length: 466 Content-Type: application/reports+json Origin: https://lgn-rncrisoftonline.fabservs.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 05:51:59 UTC	466	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 33 31 32 31 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 67 6e 2d 72 6e 63 72 69 73 6f 66 74 6f 6e 6c 69 6e 65 2e 66 61 62 73 65 72 76 73 2e 63 6f 6d 2f 3f 69 57 6a 78 3d 64 33 57 47 4d 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 32 30 39 2e 37 34 2e 38 39 2e 31 37 39 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 Data Ascii: [{"age":0,"body":{"elapsed_time":3121,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://lgn-rncrisoftonline.fabservs.com/?iWjx=d3WGM","sampling_fraction":1.0,"server_ip":"209.74.89.179","status_code":404,"type":"http.error"},"
2025-03-24 05:52:06 UTC	458	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:52:06 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 70 Connection: close vary: Accept-Encoding x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 request-context: appId=cid-v1:20c536d6-d891-4743-bdc8-f66a2e341114 access-control-allow-credentials: false access-control-allow-methods: , GET, OPTIONS, POST access-control-allow-origin: content-encoding: gzip
2025-03-24 05:52:06 UTC	70	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 f3 73 f5 51 70 4c 4f 2f 4a 4d 4f 2c c9 2f 52 c8 48 2c 56 28 2e 4d 4e 4e 2d 2e 4e 2b cd c9 a9 54 28 28 ca 07 71 52 53 14 4a 32 52 15 8a 52 0b 4b 53 8b 4b 00 48 8c 5e 6b 35 00 00 00 Data Ascii: sQpLO/JMO,/RH,V(.MNN-.N+T((qRSJ2RRKSKH^k5

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:52:00 UTC	722	OUT	GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1 Host: df594c69-6147603a.fabservs.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://lgn-rncrisoftonline.fabservs.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
2025-03-24 05:52:03 UTC	669	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:52:03 GMT Content-Type: application/x-javascript Content-Length: 61131 Connection: close last-modified: Thu, 05 Dec 2024 00:06:38 GMT accept-ranges: bytes etag: "0x8DD14C0B0989681" x-ms-request-id: bdebf93a-901e-0060-3e4e-672851000000 x-ms-version: 2018-03-28 access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version access-control-allow-origin: * cache-control: public, max-age=28169464 vary: Accept-Encoding akamai-grn: 0.96b20f17.1742795522.ec6fc93 content-encoding: gzip
2025-03-24 05:52:03 UTC	15710	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cc bd 7b 5b db 48 b2 38 fc ff f9 14 46 cf 1e 56 5a 14 c7 86 24 93 b1 a3 f1 21 e0 24 9e e1 b6 5c e6 b2 84 e5 11 72 03 4a 6c c9 23 c9 10 16 fc dd 7f 55 d5 77 5d 0c cc cc 79 cf fb cc 04 4b ad ea 7b 75 75 75 75 5d dc db 38 19 a7 b7 ed 82 4d d8 94 15 d9 dd f9 2d bb 98 85 d1 d7 1f f3 34 99 05 4b bf 3e 3c 9c 9e 79 ed d9 3c bf 76 4f 4f d7 cf fc 53 df f7 2f e7 49 54 c4 69 e2 32 bf f0 13 ef de 99 e7 ac 95 17 59 1c 15 4e 3f 69 67 6e e1 f9 49 7b ec 16 be f3 73 38 99 b3 9f a0 02 c7 77 55 36 ef 3e 63 c5 3c 4b 5a 59 9b 2d 3c 05 3b bc 61 49 b1 13 16 2c 89 ee 1a c0 c3 32 f8 01 cb f2 38 c7 2c ac 21 cb 85 91 e5 38 0b 23 b6 c3 6e d8 a4 01 78 6c 00 6f ce 66 a3 24 8f af ae 8b 7c 2b cd ea 8b 8f ad 16 bd 0f 73 d6 08 6a 16 7d 3e fc 06 4d 1e b3 f1 28 Data Ascii: {[H8FVZ$!$\rJl#Uw]yK{uuuu]8M-4K><y<vOOS/ITi2YN?ignI{s8wU6>c<KZY-<;aI,28,!8#nxlof$\|+sj}>M(
2025-03-24 05:52:03 UTC	16384	IN	Data Raw: 1b eb c7 c1 df 50 0d 05 b7 40 c1 19 f0 d0 3f c3 6f c5 d6 e5 15 de 9b a9 8b 0c 33 ec 52 9d bb 6d f2 b4 9d 70 69 0d 16 04 ec 27 f9 64 56 3c 3f 02 90 3a 72 61 3a 1c 0a 17 ee 35 90 92 c2 bd a5 20 7f 80 d2 bf 30 89 33 28 7a 82 84 0f cc dd f7 6f 1b 45 cf a2 6f e4 87 94 e0 7f b5 b7 71 b7 cc 26 94 ad 02 2c ee e1 fe 40 dc 04 c1 b2 3d e0 97 40 bd 64 d1 b7 4e c8 2e bf dd 70 2c de 09 48 0a 34 10 57 6c 46 06 58 19 19 63 65 3e 89 9a d9 16 19 68 75 17 78 df 28 2a c4 a9 b4 c9 30 f7 5b d4 2c 2d 46 ef 05 cb be fb 86 74 0c 97 44 0e bc a0 e4 a3 4f 9d 97 17 3a e3 51 7c 05 7b fe e1 4b c7 77 5e 9e 9f 1b 1f 5e 3a 67 fd e6 e5 69 a1 29 d4 30 47 e1 9d 72 db 1e 04 b7 7a f3 d0 4e 52 a4 27 77 6e ce 29 55 b4 b8 0b c4 c2 74 81 48 31 a6 b8 85 12 9a 77 f0 27 ed da ee 34 3b f3 7e 08 3a 4a Data Ascii: P@?o3Rmpi'dV<?:ra:5 03(zoEoq&,@=@dN.p,H4WlFXce>hux(*0[,-FtDO:Q\|{Kw^^:gi)0GrzNR'wn)UtH1w'4;~:J
2025-03-24 05:52:04 UTC	16384	IN	Data Raw: b7 e5 5a dc 5a c8 41 d4 fd e4 3e 1d 82 da 8f 3c 15 aa a8 02 27 5f eb 0a 69 e7 9e 8a 73 ab 65 64 09 18 b0 07 f0 47 1a e5 af 1f a1 b3 aa 6f 4a be 45 d8 0b 7b 11 7c 72 79 14 0f bd 57 cd 6e 76 d1 ec b5 e1 b3 8d 9d 95 66 c2 ca 10 cd 0f a3 7c 90 c5 ac c9 5a ae fa 7f c2 e6 88 97 22 c9 e1 52 b2 22 5d 8a f0 0f 96 12 40 d3 a5 e8 7c be 94 98 1b 2d 25 d5 4c 26 46 3d 61 3a 5c 4a 00 f5 97 a2 e2 77 4b d1 f9 c9 52 72 ef 6a 29 b9 77 6c 21 fc db 40 f8 5d c6 fc 1b 37 be c9 6d fc 7a 4e 9b e8 e0 a1 68 5f 34 7d d6 b3 76 7a fe 9b e8 2e 1e 44 9c d8 a2 fa f9 8d 92 11 d2 4d a4 6e 0a 47 ef 48 fc 1c f5 39 69 8b 0e 7f d4 a7 84 bd c9 84 13 b6 7d e8 5d 53 c2 f1 29 bf ef 10 a1 8e 78 15 a7 c3 1b 7e df 25 92 7a 78 43 09 74 69 a8 4a 7e a4 d5 4d 0a 51 cf 79 31 e0 b4 e7 d4 ad 62 80 40 17 a9 Data Ascii: ZZA><'_isedGoJE{\|ryWnvf\|Z"R"]@\|-%L&F=a:\JwKRrj)wl!@]7mzNh_4}vz.DMnGH9i}]S)x~%zxCtiJ~MQy1b@
2025-03-24 05:52:04 UTC	12653	IN	Data Raw: 28 f8 94 6c f7 4e 4a 5d 2b a7 e0 8e 56 55 15 39 08 74 f6 c5 5d af c4 61 4f e9 d3 d3 97 07 ea 93 53 75 70 8e 82 83 8b 53 66 5d bf 15 09 27 c1 91 76 b4 72 64 3a 5a e9 d0 16 38 81 c5 6f 22 f4 eb d8 d1 8a e3 ef d3 3e 95 19 59 e9 8e 46 66 26 b5 99 38 80 d0 b8 21 18 45 57 ca 11 af d3 5e 51 44 b7 93 e2 55 b3 6b bd af af b7 ad 77 a2 31 e9 3e d2 43 f4 5b d1 d6 3a 04 2c 4d 16 c9 1a 98 32 2f c9 5e f0 95 75 ad ad 5d e6 6b fa a3 7d 8b a3 e0 4b a2 8d de 18 80 1b e4 4a bb f0 2f ad 5b 4a 52 58 ed e3 79 09 2b 1f 3d f7 0c 5a 44 7b 15 7a 92 76 ef 99 07 dd 12 f7 92 f2 14 65 e8 0c 42 ea f8 06 58 c4 59 3a 76 c4 87 32 f3 a2 92 d9 0b 9c 24 dd e0 34 7f 85 9e e0 7f 0a ec 2a bb 3e 93 d9 5c ad ce cc a3 da 9e 66 3d 4b f9 e2 8d d0 e0 21 4c ca b5 1d fa dc 2f 28 f2 b9 0b e0 3a 81 c6 c3 Data Ascii: (lNJ]+VU9t]aOSupSf]'vrd:Z8o">YFf&8!EW^QDUkw1>C[:,M2/^u]k}KJ/[JRXy+=ZD{zveBXY:v2$4*>\f=K!L/(:

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:52:01 UTC	728	OUT	GET /6147603af5fa48568d9cedc5a7aac02f/ HTTP/1.1 Host: lgn-rncrisoftonline.fabservs.com Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://lgn-rncrisoftonline.fabservs.com Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1 Sec-WebSocket-Key: nDNYcFqPBj+IsJvYrnT8Lg== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2025-03-24 05:52:04 UTC	740	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 24 Mar 2025 05:52:03 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 809935af-af58-4199-900d-90f9931f5401 x-ms-ests-server: 2.1.20329.5 - WEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2025-03-24 05:52:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:52:04 UTC	763	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js HTTP/1.1 Host: df594c69-6147603a.fabservs.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://lgn-rncrisoftonline.fabservs.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
2025-03-24 05:52:08 UTC	670	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:52:07 GMT Content-Type: application/x-javascript Content-Length: 116407 Connection: close last-modified: Wed, 15 Jan 2025 20:06:58 GMT accept-ranges: bytes etag: "0x8DD35A02A89D1D1" x-ms-request-id: 3d7c637c-d01e-0039-2486-723130000000 x-ms-version: 2018-03-28 access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version access-control-allow-origin: * cache-control: public, max-age=26920518 vary: Accept-Encoding akamai-grn: 0.96b20f17.1742795526.ec70441 content-encoding: gzip
2025-03-24 05:52:08 UTC	13790	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ec 7d 5b 5b db 48 b6 e8 fb fe 15 b6 a6 c7 2d c5 85 b1 8d 31 20 23 3c 24 21 3d cc 24 81 0d a4 7b 7a 88 27 9f b0 cb 58 89 91 3c ba 70 69 ec fd db cf 5a ab aa a4 92 2c 83 49 f7 3e e7 e1 4c 7f 1d ac 4b a9 ee b5 ee 97 cd 57 d5 ff aa bc aa 6c ac ff 5f e5 fc e2 f0 ec a2 72 f2 ae 72 f1 d7 e3 b3 b7 95 53 b8 fb b5 f2 f1 e4 e2 f8 cd d1 fa f5 60 a3 f8 ef 62 e2 45 95 b1 37 e5 15 f8 bd 72 23 3e aa 04 7e 25 08 2b 9e 3f 0c c2 59 10 ba 31 8f 2a 37 f0 37 f4 dc 69 65 1c 06 37 95 78 c2 2b b3 30 f8 ca 87 71 54 99 7a 51 0c 1f 5d f1 69 70 57 31 a1 ba 70 54 39 75 c3 f8 a1 72 7c 6a 35 a0 7e 0e b5 79 d7 9e 0f 5f 0f 83 d9 03 5c 4f e2 8a 1f c4 de 90 57 5c 7f 44 b5 4d e1 c6 8f 78 25 f1 47 3c ac dc 4d bc e1 a4 f2 c1 1b 86 41 14 8c e3 4a c8 87 dc bb 85 46 Data Ascii: }[[H-1 #<$!=${z'X<piZ,I>LKWl_rrS`bE7r#>~%+?Y1*77ie7x+0qTzQ]ipW1pT9ur\|j5~y_\OW\DMx%G<MAJF
2025-03-24 05:52:08 UTC	16384	IN	Data Raw: 16 25 74 f6 76 28 28 e0 f3 29 72 14 73 88 4a 68 dc 4f 28 ef 54 46 e5 48 80 c6 5a 6c 19 e9 ef 3f 44 55 21 4a 7d 29 77 9a 58 1d 12 0c 6b 28 07 a3 22 d2 a7 b9 28 7a a2 ec 9f b0 2d 19 31 a8 82 f2 79 9f 78 da 18 55 68 95 90 0f 39 1c 9d d0 78 76 01 52 39 cf ff 2f 61 e3 fe af 05 8a c9 ef 10 5d 4e b9 c2 9d 2c 8b 32 f1 bd a1 41 be 23 28 08 f5 a5 24 2e 48 69 24 3b 2a fc fb 23 84 e4 47 ba f8 4f 40 9d 3f 38 a0 0e ea b3 80 1c 71 ff a8 80 3a c9 ca 80 3a 2e b6 13 95 06 d4 49 5e 16 50 c7 95 02 9b 28 17 50 c7 fb df 0e 19 a3 ab 10 ff 13 87 f0 3f 71 08 ff 13 87 f0 3f 71 08 ff 13 87 f0 3f 71 08 5f 14 87 10 d7 75 c6 46 94 67 af db da c5 24 01 fa 40 d2 6e f1 d4 4c 65 65 88 b0 3f 30 c4 6e 1a ac 0c 4d 46 54 bc 32 4c d8 64 91 51 bf 23 8c fc 59 28 8c f4 91 64 4d 5d 27 d1 ec 4c 85 Data Ascii: %tv(()rsJhO(TFHZl?DU!J})wXk("(z-1yxUh9xvR9/a]N,2A#($.Hi$;*#GO@?8q::.I^P(P?q?q?q_uFg$@nLee?0nMFT2LdQ#Y(dM]'L
2025-03-24 05:52:08 UTC	16384	IN	Data Raw: 4b f0 0a c6 1f 59 a3 6d 82 9d a4 56 42 fc e8 5c 22 56 72 c2 4b 47 03 de 4c 31 64 fb e0 cb 3a 58 38 5f e6 a9 1f 1d b6 ac 70 61 8d 88 84 51 c6 97 98 0c 43 c9 c0 81 52 6c b7 bf 18 85 7d 65 f2 33 88 5d c0 86 ad 5d 94 a2 a6 f2 61 df 14 a3 c6 cf 14 a3 e6 b5 e7 6d 51 be 88 32 0f 9e 79 2a 31 cb 33 1e 99 27 46 4e 2b 47 49 02 d7 34 e6 32 0e 60 2e a9 f5 98 18 b7 0a 79 9b ff 32 6a fd 9f aa c5 58 54 9d fd 4b 2a 32 fe a9 30 0e 01 26 68 18 06 20 fe 55 60 ab 0c dd 17 a4 fc a9 88 01 55 a5 01 23 2e 51 23 31 92 b4 6a 97 b1 aa 4c ba e8 1f f3 60 56 ce 5e a6 8f 2d 1f 10 47 2a 42 dd 8e ca 5c 18 c1 40 52 1a e8 8c cf 52 14 a3 fd ce c6 2e 46 f4 e5 c1 eb cd be bb fd db 6f f6 e7 e1 df 03 4c 4e 29 d0 ef c1 6e eb 97 62 df aa 27 da ef c9 4a 8a 6c a4 c8 44 8a 93 02 8b a7 3b 36 35 77 c6 Data Ascii: KYmVB\"VrKGL1d:X8_paQCRl}e3]]amQ2y13'FN+GI42`.y2jXTK20&h U`U#.Q#1jL`V^-G*B\@RR.FoLN)nb'JlD;65w
2025-03-24 05:52:08 UTC	16384	IN	Data Raw: ef 28 9b 90 30 65 b7 fc c5 75 78 f7 72 01 e0 40 a1 a4 ee 15 1a 4c bf 49 0a 98 c0 05 3d e6 e2 d1 58 44 17 2e 91 21 ca d3 ea 04 b0 0c 23 44 16 08 ab c8 e2 5a 52 1f 6f 0a 98 c2 fa 25 5c 41 97 c2 6e b2 b4 d7 70 64 af 61 9c a3 3c 1f 53 36 8c b8 bf c4 98 ac 0d 30 a9 f8 43 91 85 49 0e 95 fc 7e 31 c0 a0 82 68 b1 8b be 59 8f 8f 37 66 e2 4f 54 80 1f d1 9b 75 fe 2a 09 48 02 cd 62 23 ac e0 15 3a ae ae 03 55 79 db 7b b0 40 e3 a3 18 72 6e 24 2c 4d 08 09 4d dc 98 5d 69 cc 74 4c 85 33 9c f5 99 f8 99 a0 f2 e0 de c5 a0 80 ec 33 60 ab cf 87 a7 dd cf 48 dd b9 67 ec 33 bb 73 8f d9 67 4f 45 75 42 70 e2 c7 c9 33 a8 37 a1 0c ea c8 9d f7 82 ef 3c da 70 e3 a0 5c d8 70 40 0c 58 1b 0e f8 ca a6 08 80 77 32 09 93 24 9a c2 1e e4 b9 36 87 9e 1d 94 64 bc 08 ee b9 32 79 99 92 34 72 f2 f8 Data Ascii: (0euxr@LI=XD.!#DZRo%\Anpda<S60CI~1hY7fOTu*Hb#:Uy{@rn$,MM]itL33`Hg3sgOEuBp37<p\p@Xw2$6d2y4r
2025-03-24 05:52:08 UTC	16384	IN	Data Raw: 31 88 61 29 b3 2d ac dc f6 65 fc 64 6e 7e b2 b2 2b d3 81 fc 8d 9b d5 82 05 f3 12 a8 43 66 b5 5a 46 99 50 68 b5 e2 61 45 35 bb 59 38 73 09 f0 32 75 ff e8 59 66 1c e3 5f f9 46 ca dd be c9 03 6a 7b 9b 72 ea 08 f6 45 c7 05 41 b8 08 71 95 e9 7c 25 a2 dc 20 96 b7 6f 4c b7 69 ec b0 f9 7d 15 ff 40 65 b9 35 39 2b e0 a7 0a 2a f3 8b df 82 b3 ba f2 af 4c db eb ab 3b 33 5a 0d c6 8a a1 ed 7a 65 74 6e e2 8b 74 5c 62 d4 18 fc 43 dc 42 8b f0 b9 11 f3 06 7d 0f ec 5f 88 62 56 77 cf c4 fb bf 87 a9 fb 6d 69 e9 ba 41 ea ef 89 65 2c 5a 59 c6 e2 5f 2c e3 2f 61 19 97 eb 18 36 45 7c d4 03 17 3f 06 ca a2 8a 4e dc 9b c0 d2 e8 93 3c 32 5f 04 2c 53 ce 6c c3 4a ce cc 23 3e 45 62 cc 40 ec 0b e5 e7 81 1b 42 f9 92 35 24 cc 54 98 63 92 f0 a7 57 3a 14 1d eb 59 4d d5 be a0 56 d2 b5 a6 96 36 Data Ascii: 1a)-edn~+CfZFPhaE5Y8s2uYf_Fj{rEAq\|% oLi}@e59+*L;3Zzetnt\bCB}_bVwmiAe,ZY_,/a6E\|?N<2_,SlJ#>Eb@B5$TcW:YMV6
2025-03-24 05:52:08 UTC	15170	IN	Data Raw: e8 20 dc b0 b7 4b 22 0a 94 46 d0 cb 3a 68 8e f1 fd 4f 3a 50 74 08 bd 11 39 f6 05 f6 24 4d d3 46 b4 73 0d 99 2f ca da 80 dc 0e a7 9d 0f 05 ed 0c 84 24 3a ca d8 3d 18 89 86 64 34 c5 0b 57 ec ff 56 50 6b 94 ba 95 4b 8f 51 96 aa 80 10 d3 3d dd e6 e5 e4 d0 e0 aa b6 0a 06 20 54 87 1e 8b a8 f2 50 cb c6 00 19 fc 85 38 aa 3c 86 13 52 97 65 06 74 ca d6 8c 02 b2 3a 8e 24 f9 03 49 ce cf 24 89 6d 11 b1 7c 84 8c c2 4c ca c0 0b a1 27 88 ca 82 6f 0f 1d 28 9c 6b c8 40 cc 24 f9 49 15 78 d5 b8 42 6b 03 78 47 30 d4 e0 46 cb 10 46 07 42 95 05 c4 04 8b 15 2a 3d cc 50 c2 8f 6a 2f a6 c4 15 12 0b 2b 98 3e 1b 60 ea 12 98 8f e5 72 7b 5e 0a 67 c6 21 08 69 f0 29 aa 21 ff bd 6e 8a be 7f 06 ee ec f9 6b cf 4f 3b fc 00 15 15 1a 99 c1 e4 71 66 f2 5a 7c 78 0a cb 0d 9e 39 0c 66 2b 54 66 2b Data Ascii: K"F:hO:Pt9$MFs/$:=d4WVPkKQ= TP8<Ret:$I$m\|L'o(k@$IxBkxG0FFB*=Pj/+>`r{^g!i)!nkO;qfZ\|x9f+Tf+
2025-03-24 05:52:08 UTC	16384	IN	Data Raw: 2c e1 85 4e d8 d5 79 88 37 96 46 ac ae 94 1b 32 8f 30 1f 8d 0e 63 40 78 5c 5d cf 43 34 44 96 84 51 f0 8d 7d b7 c8 d5 1a b1 ed 34 bd c3 29 6e b7 08 d4 13 6e 6b 4c a0 66 05 e1 25 6e 15 58 61 09 05 03 38 77 3a 98 c0 01 f0 08 97 e7 ea 03 93 b7 60 b4 78 c7 e6 88 f1 c9 86 7a da e9 77 cd 39 57 08 ce 71 e9 95 26 51 f4 34 53 4b d0 c1 16 ce b1 7c 3e 4a b9 02 6f 01 8a 87 af 34 a7 cb ee 72 7b e9 61 64 50 16 1d b8 f5 ea b1 74 a3 ab 27 82 be 09 70 18 48 70 18 4b 90 19 49 90 99 4a 9d 07 19 b1 a0 59 cb 5c 8a 98 ef 25 c8 ac 33 62 a9 ca 4c 97 75 83 1b af 20 58 5d 0b b0 22 e3 15 0a 87 74 25 8f f6 0b f3 56 80 1a aa 0d d1 7e e5 8c e2 17 dd c0 af 12 e0 48 e8 2d f8 5e de 93 a4 a6 86 51 94 56 64 de ef 63 05 8c b4 6c 89 4c 57 84 69 8b fc 20 da b6 ec ef 7f 81 83 3d 69 44 f2 45 47 Data Ascii: ,Ny7F20c@x\]C4DQ}4)nnkLf%nXa8w:`xzw9Wq&Q4SK\|>Jo4r{adPt'pHpKIJY\%3bLu X]"t%V~H-^QVdclLWi =iDEG
2025-03-24 05:52:08 UTC	5527	IN	Data Raw: be 80 c1 43 4d d7 37 a2 8b f5 00 78 79 1e d1 c0 12 0a 55 c7 14 b0 d7 78 c7 80 84 dc d7 cc a1 80 9f 52 cf 58 56 86 76 2b 42 42 9b 28 e7 b7 f3 c5 82 d6 01 e3 94 f0 6f e1 0a 5d 8a 73 95 87 23 5b 1b 3e e6 79 78 3e cb f1 ce 64 14 2a 57 63 b5 38 89 9b b4 16 e8 9e 5f c6 3e 68 7d 8c 0f 60 d3 a4 78 d9 02 f9 4f e1 8b c8 e2 52 81 00 77 8a f0 d7 96 d5 ce 01 9e d6 26 c1 45 58 0b 6a 4b cb 6d 3b b5 73 40 46 c9 08 25 a5 b6 b1 25 a3 52 00 d0 a5 a0 3c d2 a4 af c6 e4 94 70 88 28 a8 ba 65 f1 92 dc 11 c2 d3 ec 0e ea 40 4b 77 35 6f a4 fb 1e 3f 2d 1d 2c 8a 36 5e 48 61 87 dc 2e 39 d6 c4 02 b7 b7 e4 22 13 1f fb 7c 52 90 72 43 b5 24 6b 5f 82 2c 91 71 fd 17 bb ef bd 8f 6e 0f 9c 38 87 a7 9d db ce d6 ed 46 d7 81 47 e1 62 db e1 1a be 5e 6f e5 b0 04 b0 f3 fa 3c 36 8f 09 e0 85 9e 1d 4e Data Ascii: CM7xyUxRXVv+BB(o]s#[>yx>d*Wc8_>h}`xORw&EXjKm;s@F%%R<p(e@Kw5o?-,6^Ha.9"\|RrC$k_,qn8FGb^o<6N

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://tr.ee/s0lXXyulSF

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
https://tr.ee/s0lXXyulSF

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:52:04 UTC	856	OUT	GET /Prefetch/Prefetch.aspx HTTP/1.1 Host: 1c83ef0a-6147603a.fabservs.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://lgn-rncrisoftonline.fabservs.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
2025-03-24 05:52:07 UTC	489	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 24 Mar 2025 05:52:06 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: no-store, no-cache x-ms-correlation-id: a8468ac6-280d-4478-94bc-bbb477553252 x-ua-compatible: IE=Edge x-cache: CONFIG_NOCACHE x-msedge-ref: Ref A: 3CD404EC36FD4C6D8DFF69EB43FC92FF Ref B: LAX311000112021 Ref C: 2025-03-24T05:52:06Z access-control-allow-origin: * access-control-allow-headers: *
2025-03-24 05:52:07 UTC	1252	IN	Data Raw: 34 64 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 Data Ascii: 4dd<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404
2025-03-24 05:52:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:52:06 UTC	814	OUT	GET /6147603af5fa48568d9cedc5a7aac02f/ HTTP/1.1 Host: lgn-rncrisoftonline.fabservs.com Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://lgn-rncrisoftonline.fabservs.com Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=45c39137-77b2-4990-b67d-65268916deef; brcap=0 Sec-WebSocket-Key: ku708eXScjcF8cbcgJi4hw== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2025-03-24 05:52:09 UTC	737	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 24 Mar 2025 05:52:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 43cec674-0f22-412f-9bda-86ef56c97300 x-ms-ests-server: 2.1.20329.5 - FRC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2025-03-24 05:52:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:52:09 UTC	807	OUT	GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: df594c69-6147603a.fabservs.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://lgn-rncrisoftonline.fabservs.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
2025-03-24 05:52:11 UTC	663	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:52:11 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close last-modified: Thu, 05 Dec 2024 00:02:42 GMT accept-ranges: bytes etag: "0x8DD14C0239E1898" x-ms-request-id: 74029fdb-b01e-004d-779c-6605c0000000 x-ms-version: 2018-03-28 access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version access-control-allow-origin: * cache-control: public, max-age=25610656 vary: Accept-Encoding akamai-grn: 0.96b20f17.1742795531.ec70f5e content-encoding: gzip
2025-03-24 05:52:11 UTC	680	IN	Data Raw: 32 61 31 0d 0a 1f 8b 08 00 00 00 00 00 00 ff b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 Data Ascii: 2a1Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9
2025-03-24 05:52:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:52:09 UTC	808	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: df594c69-6147603a.fabservs.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://lgn-rncrisoftonline.fabservs.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
2025-03-24 05:52:11 UTC	663	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:52:11 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close last-modified: Thu, 05 Dec 2024 00:02:53 GMT accept-ranges: bytes etag: "0x8DD14C02A8563EB" x-ms-request-id: 740326de-b01e-004d-3a9c-6605c0000000 x-ms-version: 2018-03-28 access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version access-control-allow-origin: * cache-control: public, max-age=25610641 vary: Accept-Encoding akamai-grn: 0.96b20f17.1742795531.ec70f6c content-encoding: gzip
2025-03-24 05:52:11 UTC	1442	IN	Data Raw: 35 39 62 0d 0a 1f 8b 08 00 00 00 00 00 00 ff bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 Data Ascii: 59bWMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#
2025-03-24 05:52:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:52:09 UTC	794	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: df594c69-6147603a.fabservs.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://lgn-rncrisoftonline.fabservs.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
2025-03-24 05:52:11 UTC	621	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:52:11 GMT Content-Type: image/x-icon Transfer-Encoding: chunked Connection: close last-modified: Thu, 05 Dec 2024 00:02:51 GMT accept-ranges: bytes etag: "0x8DD14C0292CD581" x-ms-request-id: fa268c55-301e-00c0-029c-66acf0000000 x-ms-version: 2018-03-28 access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version access-control-allow-origin: * cache-control: public, max-age=25610483 vary: Accept-Encoding akamai-grn: 0.96b20f17.1742795531.ec70f84
2025-03-24 05:52:11 UTC	2286	IN	Data Raw: 38 65 37 0d 0a 00 00 01 00 06 00 10 10 00 00 00 00 20 00 16 01 00 00 66 00 00 00 18 18 00 00 00 00 20 00 24 01 00 00 7c 01 00 00 20 20 00 00 00 00 20 00 35 01 00 00 a0 02 00 00 30 30 00 00 00 00 20 00 6a 01 00 00 d5 03 00 00 40 40 00 00 00 00 20 00 f3 01 00 00 3f 05 00 00 80 80 00 00 00 00 20 00 b5 01 00 00 32 07 00 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 06 00 00 00 1f f3 ff 61 00 00 00 dd 49 44 41 54 78 9c dd 92 31 4e 43 41 10 43 df cc 8e 44 40 b0 22 2d 65 6e c4 21 90 68 c3 15 38 40 ce c4 39 68 a8 11 22 e4 ff 00 05 93 35 4d 1a b2 bf 89 68 10 2e 2d 8d c7 b6 6c 9b eb 85 4c fc 80 50 d6 59 09 5e 6c 75 77 ff c8 95 d9 72 dc 28 cd 08 0e e0 87 c7 c7 c2 7f 77 fe 17 04 42 28 7b da 12 04 f2 26 01 46 02 a9 89 be a2 ce 4e ba 66 Data Ascii: 8e7 f $\| 500 j@@ ? 2PNGIHDRaIDATx1NCACD@"-en!h8@9h"5Mh.-lLPY^luwr(wB({&FNf
2025-03-24 05:52:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:52:09 UTC	808	OUT	GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1 Host: df594c69-6147603a.fabservs.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://lgn-rncrisoftonline.fabservs.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
2025-03-24 05:52:11 UTC	663	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:52:11 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close last-modified: Thu, 05 Dec 2024 00:03:00 GMT accept-ranges: bytes etag: "0x8DD14C02EE2769A" x-ms-request-id: eb983134-601e-0027-779d-6696a3000000 x-ms-version: 2018-03-28 access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version access-control-allow-origin: * cache-control: public, max-age=25610791 vary: Accept-Encoding akamai-grn: 0.96b20f17.1742795531.ec70f92 content-encoding: gzip
2025-03-24 05:52:11 UTC	628	IN	Data Raw: 32 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 ff 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b Data Ascii: 26d}UMo"1+G; 8lM$UAWUaX`'=\|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;
2025-03-24 05:52:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:52:09 UTC	769	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js HTTP/1.1 Host: df594c69-6147603a.fabservs.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://lgn-rncrisoftonline.fabservs.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
2025-03-24 05:52:12 UTC	669	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:52:12 GMT Content-Type: application/x-javascript Content-Length: 35195 Connection: close last-modified: Wed, 15 Jan 2025 20:06:59 GMT accept-ranges: bytes etag: "0x8DD35A02B887015" x-ms-request-id: e4c683cf-001e-0062-527f-6896e9000000 x-ms-version: 2018-03-28 access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version access-control-allow-origin: * cache-control: public, max-age=25817783 vary: Accept-Encoding akamai-grn: 0.96b20f17.1742795531.ec71022 content-encoding: gzip
2025-03-24 05:52:12 UTC	15710	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c4 bd 6b 43 db 48 b2 30 fc fd f9 15 e0 9d 65 ac b5 00 df 30 18 70 58 06 92 49 76 33 93 9c 5c 66 cf 2e 30 59 59 96 6d 0d b2 65 24 99 4b 02 cf 6f 7f eb d2 97 6a c9 90 cc 9c 67 df 33 e7 6c 70 57 df aa ab ab ab ab aa ab 5b db 7f 59 ff 3f 6b 7f 59 db fc f6 ff d6 de 7f 38 7e f7 61 ed cd 8b b5 0f 2f 5f bd 3b 5d 7b 0b a9 7f ae fd fc e6 c3 ab 93 e7 df de 0e 76 8a ff fb 30 8d f3 b5 71 9c 44 6b f0 77 18 e4 d1 68 2d 9d af a5 d9 5a 3c 0f d3 6c 91 66 41 11 e5 6b 33 f8 37 8b 83 64 6d 9c a5 b3 b5 62 1a ad 2d b2 f4 b7 28 2c f2 b5 24 ce 0b a8 34 8c 92 f4 66 ad 0e cd 65 a3 b5 b7 41 56 dc ad bd 7a eb 6d 41 fb 11 b4 16 4f e2 39 d4 0e d3 c5 1d fc 9e 16 6b f3 b4 88 c3 68 2d 98 8f a8 b5 04 12 f3 3c 5a 5b ce 47 51 b6 76 33 8d c3 e9 da 4f 71 98 a5 79 Data Ascii: kCH0e0pXIv3\f.0YYme$Kojg3lpW[Y?kY8~a/_;]{v0qDkwh-Z<lfAk37dmb-(,$4feAVzmAO9kh-<Z[GQv3Oqy
2025-03-24 05:52:12 UTC	12561	IN	Data Raw: b4 81 b3 3b 4e f6 87 b8 48 22 ce e8 32 a5 db bf df 30 b0 fe 41 63 b8 e3 1e 15 92 32 9e ff 14 dc 82 b2 47 3f 49 14 d3 af 01 5a e8 f3 41 eb 80 52 87 e1 01 b1 61 bf 03 b2 1f 14 0c 60 ef 2c 94 72 95 4a e1 56 86 de c3 cd cd b9 f7 05 b7 77 25 c1 a0 62 cc ed 03 8b cf 46 20 13 f0 3d 84 ad fc 32 5e 7c 48 2f 23 5c 6e 7e 1f 77 bb d4 a3 a2 03 2e bc d9 f2 e6 8d 86 f1 7c 65 86 e5 09 bf a5 bf d9 7a d0 5e 0c 58 4e 01 57 42 67 06 67 07 c4 f7 fd ce b7 b8 86 32 30 f6 fa 1e 48 ed 08 2f 7c 46 c7 49 f2 15 3a 12 15 07 05 d0 f1 4b 7a b9 bf de f2 a1 cf fd a6 8f e3 c2 bf d0 3a 98 35 0f b8 b1 f4 9a 34 1e c7 5f c3 1b 57 01 83 2b 0e 33 a6 6c 0b 8b d5 f3 4a 49 3d e8 c0 b4 95 bb a0 b6 03 32 53 17 6c 01 0e 83 b9 31 c2 63 74 b8 80 e4 09 b6 d2 4b 98 19 3f 38 e8 53 4d b4 fc 5b 87 19 5a 70 Data Ascii: ;NH"20Ac2G?IZARa`,rJVw%bF =2^\|H/#\n~w.\|ez^XNWBgg20H/\|FI:Kz:54_W+3lJI=2Sl1ctK?8SM[Zp
2025-03-24 05:52:12 UTC	6924	IN	Data Raw: 47 ef f2 bd 06 8c 1a b3 68 3d 5b 0b cc 4d f2 b4 fc de 0f 21 fe 44 d9 f1 32 4a 0b d0 96 bd 19 41 50 f9 1d a4 34 46 28 49 a2 62 01 9b bd f9 00 1f fd e4 db e0 c4 90 8b d2 85 cb 7c de 8f 2b 2b 8b b5 7f 31 bc 74 e0 97 63 f1 85 88 9d bb 67 42 87 0c 55 3f 6c b7 e4 56 51 25 19 97 5c 1c 73 54 b2 b9 b8 8e 87 c1 24 13 ad 86 e4 8f ed 4c 32 d0 fa f8 a9 2f ca 8a 76 c0 9d 58 90 bc c3 65 7c 15 1e 6f 01 4f 6a a9 0c 9c dc 34 4e b9 d3 93 55 34 af 9b d9 e8 51 91 f2 fb 79 46 85 e8 3e 27 b3 a1 c5 19 7c 46 fa af 05 53 ff 07 85 b5 a9 68 2d 27 de 5a d0 08 f2 39 82 d5 df e1 c8 38 52 fd 6d 29 54 ff 96 56 81 10 83 4b 85 87 61 17 17 76 2f a3 15 32 1b 50 54 eb 7d ed 68 ab 49 ca 0a b5 8f 53 06 b1 9a 9f a2 33 d1 82 2f a6 72 9a b2 88 d9 98 7a 0c 88 4f 10 79 f3 13 5f 4e 67 fd b7 93 84 fb Data Ascii: Gh=[M!D2JAP4F(Ib\|++1tcgBU?lVQ%\sT$L2/vXe\|oOj4NU4QyF>'\|FSh-'Z98Rm)TVKav/2PT}hIS3/rzOy_Ng

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:52:12 UTC	589	OUT	GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: df594c69-6147603a.fabservs.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="
2025-03-24 05:52:14 UTC	663	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 24 Mar 2025 05:52:14 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close last-modified: Thu, 05 Dec 2024 00:02:42 GMT accept-ranges: bytes etag: "0x8DD14C0239E1898" x-ms-request-id: 74029fdb-b01e-004d-779c-6605c0000000 x-ms-version: 2018-03-28 access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version access-control-allow-origin: * cache-control: public, max-age=25610653 vary: Accept-Encoding akamai-grn: 0.96b20f17.1742795534.ec71623 content-encoding: gzip
2025-03-24 05:52:14 UTC	680	IN	Data Raw: 32 61 31 0d 0a 1f 8b 08 00 00 00 00 00 00 ff b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 Data Ascii: 2a1Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9
2025-03-24 05:52:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:52:14 UTC	814	OUT	GET /6147603af5fa48568d9cedc5a7aac02f/ HTTP/1.1 Host: lgn-rncrisoftonline.fabservs.com Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://lgn-rncrisoftonline.fabservs.com Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=45c39137-77b2-4990-b67d-65268916deef; brcap=0 Sec-WebSocket-Key: 5VyaLkLpCNaaNSCBBP/9cg== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2025-03-24 05:52:18 UTC	737	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 24 Mar 2025 05:52:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 01781eac-03f8-46ea-8254-d8280fc77b00 x-ms-ests-server: 2.1.20329.5 - SEC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2025-03-24 05:52:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-24 05:52:24 UTC	814	OUT	GET /6147603af5fa48568d9cedc5a7aac02f/ HTTP/1.1 Host: lgn-rncrisoftonline.fabservs.com Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://lgn-rncrisoftonline.fabservs.com Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 97Fvcl="NjE0NzYwM2EtZjVmYS00ODU2LThkOWMtZWRjNWE3YWFjMDJmOmYzNDRhZDlhLTYxYjQtNDFkMi04YTlhLWU5YzRhZjE0NWJjYw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=45c39137-77b2-4990-b67d-65268916deef; brcap=0 Sec-WebSocket-Key: jPqQw30ZkF9HagWmHqvyiw== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2025-03-24 05:52:27 UTC	737	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 24 Mar 2025 05:52:27 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 37a4eff5-9e1e-4a00-8646-c748901a7700 x-ms-ests-server: 2.1.20329.5 - FRC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://187f9077-6147603a.fabservs.com/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2025-03-24 05:52:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0