Edit tour

Windows Analysis Report
https://fdqn7x49zmrxxb9.formstack.com/forms/refreshthispage

Overview

General Information

Sample URL:	https://fdqn7x49zmrxxb9.formstack.com/forms/refreshthispage
Analysis ID:	1649143
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Suricata IDS alerts for network traffic

Yara detected HtmlPhish54

Creates files inside the system directory

Deletes files inside the Windows folder

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

HTTP GET or POST without a user agent

Classification

Process Tree

System is w11x64_office

chrome.exe (PID: 1788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 1668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1904,i,17239572401733403894,9351306309915010722,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2016 /prefetch:11 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 6804 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fdqn7x49zmrxxb9.formstack.com/forms/refreshthispage" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.2..script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.11..script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
1.2.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.5.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.6.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.3.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.7.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
Click to see the 2 entries

Suricata Signatures

ETPRO PHISHING evilginx2 Activity M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-26T14:31:40.113991+0100	2852935	1	A Network Trojan was detected	156.236.76.246	443	192.168.2.24	60859	TCP

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'login.casinopulsehotel.com' does not match the legitimate domain for Microsoft., The domain 'casinopulsehotel.com' does not have any known association with Microsoft., The URL contains no direct reference to Microsoft, which is suspicious given the brand name provided., The presence of 'casino' in the domain name is unrelated to Microsoft and raises suspicion. DOM: 2.6.pages.csv
Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'login.casinopulsehotel.com' does not match the legitimate domain for Microsoft., The domain 'casinopulsehotel.com' does not have any known association with Microsoft., The URL structure suggests a potential phishing attempt as it does not align with Microsoft's typical domain structure., The presence of 'casino' in the domain name is unrelated to Microsoft's business, raising suspicion. DOM: 2.7.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 1.2..script.csv, type: HTML
Source: Yara match	File source: 2.11..script.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML
Source: Yara match	File source: 2.7.pages.csv, type: HTML

Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0	HTTP Parser: Number of links: 0
Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true	HTTP Parser: Number of links: 0

Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0

HTTP Parser: Base64 decoded: 8452516b-73d3-4816-bea1-b5984011a2a375ffe876-5696-4135-9ac7-a04d08ec2b87

Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0	HTTP Parser: No <meta name="author".. found
Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 142.250.65.164:443 -> 192.168.2.24:60838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.96.86:443 -> 192.168.2.24:60840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.96.86:443 -> 192.168.2.24:60839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.96.86:443 -> 192.168.2.24:60843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.70.182:443 -> 192.168.2.24:60846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.96.3:443 -> 192.168.2.24:60847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 16.182.73.120:443 -> 192.168.2.24:60852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.96.94:443 -> 192.168.2.24:60853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.96.3:443 -> 192.168.2.24:60854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60860 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60861 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60864 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.44.131.156:443 -> 192.168.2.24:60869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60888 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60903 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2852935 - Severity 1 - ETPRO PHISHING evilginx2 Activity M1 : 156.236.76.246:443 -> 192.168.2.24:60859

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: fdqn7x49zmrxxb9.formstack.com to https://login.casinopulsehotel.com/ngwaphsa

Source: global traffic

HTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742995872069&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 3656Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /forms/refreshthispage HTTP/1.1Host: fdqn7x49zmrxxb9.formstack.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /forms/forms-renderer/builds/public/form_7030aef869.js HTTP/1.1Host: static.formstack.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fdqn7x49zmrxxb9.formstack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /forms/forms-renderer/builds/public/phoneValidation.js?chunkhash=2df83e494d8174035c9e&id=384 HTTP/1.1Host: static.formstack.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://fdqn7x49zmrxxb9.formstack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files.formstack.com/public/1193085/image_warning.png HTTP/1.1Host: s3.amazonaws.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://fdqn7x49zmrxxb9.formstack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /live-form/analytics/6143472/firstView HTTP/1.1Host: fdqn7x49zmrxxb9.formstack.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _dd_s=rum=0&expire=1742996789102; fsBrowserSessionId=67e401b262c272.43005283
Source: global traffic	HTTP traffic detected: GET /files.formstack.com/public/1193085/image_warning.png HTTP/1.1Host: s3.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon/favicon.ico HTTP/1.1Host: www.formstack.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fdqn7x49zmrxxb9.formstack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon/favicon.ico HTTP/1.1Host: www.formstack.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /nGwApHsA HTTP/1.1Host: login.casinopulsehotel.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://fdqn7x49zmrxxb9.formstack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: login.casinopulsehotel.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://fdqn7x49zmrxxb9.formstack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: www.casinopulsehotel.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://fdqn7x49zmrxxb9.formstack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0 HTTP/1.1Host: login.casinopulsehotel.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://fdqn7x49zmrxxb9.formstack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378; fpc=Amnu5WQo2Y5CnL4-0j_1lXw; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEHhKLCZfqDgWHvEJQ4A3yY2A5cHIAUU4d7KTVX7Yr2RES2TpQi0VdcZM-IL-AIqrMqLkEItx6joun6cMP9NpaDGKQv3tcp9RBsttmsTHjI6I693JqW9QUlQn5lXShOYpTUS53S2mFMOePIniS681izfOh8q2B7A97pI0yjimnh0ogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true HTTP/1.1Host: login.casinopulsehotel.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378; fpc=Amnu5WQo2Y5CnL4-0j_1lXw; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEHhKLCZfqDgWHvEJQ4A3yY2A5cHIAUU4d7KTVX7Yr2RES2TpQi0VdcZM-IL-AIqrMqLkEItx6joun6cMP9NpaDGKQv3tcp9RBsttmsTHjI6I693JqW9QUlQn5lXShOYpTUS53S2mFMOePIniS681izfOh8q2B7A97pI0yjimnh0ogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-CMLQrQY57ZI=AQABCQEAAABVrSpeuWamRam2jAF1XRQE7onT3sVCFKL7bi96vKflmNNxrUFC1sTfQDwXkpQKEAa7dSf3MM6FjDJQ0ZchwuTDcxqq7Ym-22wkYFIW2wV7tLHNAimZb8a2U3xCqpCC86PEoBsU1cTUymonsGbGRG6_VniPRcxsfOdQ3UzgpbCjqCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.casinopulsehotel.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378; fpc=Amnu5WQo2Y5CnL4-0j_1lXw; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEHhKLCZfqDgWHvEJQ4A3yY2A5cHIAUU4d7KTVX7Yr2RES2TpQi0VdcZM-IL-AIqrMqLkEItx6joun6cMP9NpaDGKQv3tcp9RBsttmsTHjI6I693JqW9QUlQn5lXShOYpTUS53S2mFMOePIniS681izfOh8q2B7A97pI0yjimnh0ogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-CMLQrQY57ZI=AQABCQEAAABVrSpeuWamRam2jAF1XRQE7onT3sVCFKL7bi96vKflmNNxrUFC1sTfQDwXkpQKEAa7dSf3MM6FjDJQ0ZchwuTDcxqq7Ym-22wkYFIW2wV7tLHNAimZb8a2U3xCqpCC86PEoBsU1cTUymonsGbGRG6_VniPRcxsfOdQ3UzgpbCjqCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.casinopulsehotel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-CMLQrQY57ZI=AQABCQEAAABVrSpeuWamRam2jAF1XRQE7onT3sVCFKL7bi96vKflmNNxrUFC1sTfQDwXkpQKEAa7dSf3MM6FjDJQ0ZchwuTDcxqq7Ym-22wkYFIW2wV7tLHNAimZb8a2U3xCqpCC86PEoBsU1cTUymonsGbGRG6_VniPRcxsfOdQ3UzgpbCjqCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQcAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE6XjMzuU-yZXcW7cFzbpphNGAqgCKMPpQyA0NMh7acUOM4JssD8bVDClyRv8YvsAoyeiKHK5RgamayQKj0a96otMmL7DHoj5M9egPB3kJ3cUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEhERTPy_UDVhJwekqDDCFJJ1677xT6SL7AhiVXM3pmiT3XP-ER4T6QfMzSPNaIfBqPvZzXHN0oWjn6FtVMxZ7WFeozrDd-astJ4jemRsJ0wBgo9ZOLkuQbhFiU5shSxFSSkbDfl3GixR-EmYn5MIQ1M9ewAESSX8FmFH61NAZ2j8gAA; esctx-Jkzf09bzfCE=AQABCQEAAABVrSpeuWamRam2jAF1XRQEVEqekcg7ux8fvXAOO7fYrkQZqZ6ssjQfZpRKyUFRkMrX6RGNe0PS3ox5hiJDFaKetARJKN314JvxhPPL1S37u4fT4-wBihiWcEtcdgOKgcrvcmKScmQj9SDt8V4DZq6Pan0JzMEJ77rY5-rEz-8cxyAA; fpc=Amnu5WQo2Y5CnL4-0j_1lXy8Ae7AAQAAAMD4dd8OAAAA; MicrosoftApplicationsTelemetryDeviceId=bd65c8a3-f251-401f-af5d-1b5884f881c4; brcap=0; ai_session=trZ0t+fqFQdlRZIuiHtHnq\|1742995918415\|1742995918415; MSFPC=GUID=c0a953cde28144bd8ae4ebd6371564ad&HASH=c0a9&LV=202503&V=4&LU=1742995923222
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: fdqn7x49zmrxxb9.formstack.com
Source: global traffic	DNS traffic detected: DNS query: static.formstack.com
Source: global traffic	DNS traffic detected: DNS query: s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: www.formstack.com
Source: global traffic	DNS traffic detected: DNS query: login.casinopulsehotel.com
Source: global traffic	DNS traffic detected: DNS query: www.casinopulsehotel.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: CloudFrontContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 26 Mar 2025 13:31:31 GMTP3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"X-Frame-Options: sameoriginSet-Cookie: PHPSESSID=ece0f072203bd2ea517f50ef2f25332d; path=/live-form/; secure; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheStrict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Cache: Error from cloudfrontVia: 1.1 98bc8180e0431e8f05afc9802305f1d2.cloudfront.net (CloudFront)X-Amz-Cf-Pop: JFK50-P5X-Amz-Cf-Id: 8Cq_FoUbHAPZHVLEmdu6hMochZK4NsPqz0L-OMsBrzLvANqh3t_QoQ==X-Content-Type-Options: nosniff
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Found

Source: chromecache_65.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Noto
Source: chromecache_78.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v39/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a3du2ui.woff2)
Source: chromecache_78.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v39/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a7duw.woff2)
Source: chromecache_78.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v39/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5aDdu2ui.woff2)
Source: chromecache_78.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v39/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5aHdu2ui.woff2)
Source: chromecache_78.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v39/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5aLdu2ui.woff2)
Source: chromecache_78.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v39/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5aPdu2ui.woff2)
Source: chromecache_78.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v39/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a_du2ui.woff2)
Source: chromecache_78.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v39/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5ardu2ui.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_61.1.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.37.1/LICENSE
Source: chromecache_63.1.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_63.1.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_65.1.dr	String found in binary or memory: https://static.formstack.com/forms/forms-renderer/builds/public/form_7030aef869.js
Source: chromecache_65.1.dr	String found in binary or memory: https://www.formstack.com/images/favicon/favicon.ico

Source: unknown	Network traffic detected: HTTP traffic on port 60873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60817
Source: unknown	Network traffic detected: HTTP traffic on port 60909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60858
Source: unknown	Network traffic detected: HTTP traffic on port 60844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60909
Source: unknown	Network traffic detected: HTTP traffic on port 60839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60860
Source: unknown	Network traffic detected: HTTP traffic on port 60862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60903
Source: unknown	Network traffic detected: HTTP traffic on port 60866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60902
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60864
Source: unknown	Network traffic detected: HTTP traffic on port 60846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60838
Source: unknown	Network traffic detected: HTTP traffic on port 60817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60873
Source: unknown	Network traffic detected: HTTP traffic on port 60861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60888 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60910
Source: unknown	Network traffic detected: HTTP traffic on port 60865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60840
Source: unknown	Network traffic detected: HTTP traffic on port 60860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60846
Source: unknown	Network traffic detected: HTTP traffic on port 60864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60843

Source: unknown	HTTPS traffic detected: 142.250.65.164:443 -> 192.168.2.24:60838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.96.86:443 -> 192.168.2.24:60840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.96.86:443 -> 192.168.2.24:60839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.96.86:443 -> 192.168.2.24:60843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.70.182:443 -> 192.168.2.24:60846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.96.3:443 -> 192.168.2.24:60847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 16.182.73.120:443 -> 192.168.2.24:60852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.96.94:443 -> 192.168.2.24:60853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.96.3:443 -> 192.168.2.24:60854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60860 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60861 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60864 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.44.131.156:443 -> 192.168.2.24:60869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60888 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 156.236.76.246:443 -> 192.168.2.24:60903 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir1788_2144306464

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir1788_2144306464

Jump to behavior

Source: classification engine

Classification label: mal64.phis.win@23/55@28/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1904,i,17239572401733403894,9351306309915010722,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2016 /prefetch:11
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fdqn7x49zmrxxb9.formstack.com/forms/refreshthispage"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1904,i,17239572401733403894,9351306309915010722,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2016 /prefetch:11	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://fdqn7x49zmrxxb9.formstack.com/forms/refreshthispage	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://login.casinopulsehotel.com/favicon.ico	0%	Avira URL Cloud	safe
https://fdqn7x49zmrxxb9.formstack.com/forms/index.php	0%	Avira URL Cloud	safe
https://login.casinopulsehotel.com/nGwApHsA	0%	Avira URL Cloud	safe
https://www.casinopulsehotel.com/login	0%	Avira URL Cloud	safe
https://login.casinopulsehotel.com/	0%	Avira URL Cloud	safe
https://fdqn7x49zmrxxb9.formstack.com/live-form/analytics/6143472/firstView	0%	Avira URL Cloud	safe
https://login.casinopulsehotel.com/common/GetCredentialType?mkt=en-US	0%	Avira URL Cloud	safe
https://s3.amazonaws.com/files.formstack.com/public/1193085/image_warning.png	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
e329293.dscd.akamaiedge.net	23.209.72.9	true	false	high
formstack.com	18.164.96.86	true	false	high
s3.amazonaws.com	52.217.70.182	true	false	high
login.casinopulsehotel.com	156.236.76.246	true	true	unknown
s-part-0044.t-0009.t-msedge.net	13.107.246.72	true	false	high
www.casinopulsehotel.com	156.236.76.246	true	true	unknown
www.google.com	142.250.65.164	true	false	high
a1894.dscb.akamai.net	23.44.131.156	true	false	high
www.formstack.com	unknown	unknown	false	high
fdqn7x49zmrxxb9.formstack.com	unknown	unknown	false	unknown
static.formstack.com	unknown	unknown	false	high
identity.nel.measure.office.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0	false		unknown
https://static.formstack.com/forms/forms-renderer/builds/public/phoneValidation.js?chunkhash=2df83e494d8174035c9e&id=384	false		high
https://login.casinopulsehotel.com/favicon.ico	true	Avira URL Cloud: safe	unknown
https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+est	false		high
https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true	true		unknown
https://fdqn7x49zmrxxb9.formstack.com/live-form/analytics/6143472/firstView	false	Avira URL Cloud: safe	unknown
https://s3.amazonaws.com/files.formstack.com/public/1193085/image_warning.png	false	Avira URL Cloud: safe	unknown
http://c.pki.goog/r/gsr1.crl	false		high
http://c.pki.goog/r/r4.crl	false		high
https://fdqn7x49zmrxxb9.formstack.com/forms/index.php	false	Avira URL Cloud: safe	unknown
https://login.casinopulsehotel.com/common/GetCredentialType?mkt=en-US	true	Avira URL Cloud: safe	unknown
http://c.pki.goog/r/r1.crl	false		high
https://fdqn7x49zmrxxb9.formstack.com/forms/refreshthispage	false		unknown
https://static.formstack.com/forms/forms-renderer/builds/public/form_7030aef869.js	false		high
https://login.casinopulsehotel.com/nGwApHsA	true	Avira URL Cloud: safe	unknown
https://www.casinopulsehotel.com/login	true	Avira URL Cloud: safe	unknown
https://browser.events.data.msn.cn/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742995872069&w=0&anoncknm=al_app_anon&NoResponseBody=true	false		high
https://login.casinopulsehotel.com/	true	Avira URL Cloud: safe	unknown
https://www.formstack.com/images/favicon/favicon.ico	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://login.microsoftonline.com	chromecache_63.1.dr	false	high
https://github.com/zloirock/core-js	chromecache_61.1.dr	false	high
https://login.windows-ppe.net	chromecache_63.1.dr	false	high
https://github.com/zloirock/core-js/blob/v3.37.1/LICENSE	chromecache_61.1.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.164.96.3	unknown	United States	3	MIT-GATEWAYSUS	false
18.164.96.94	unknown	United States	3	MIT-GATEWAYSUS	false
156.236.76.246	login.casinopulsehotel.com	Seychelles	40065	CNSERVERSUS	true
23.44.131.156	a1894.dscb.akamai.net	United States	20940	AKAMAI-ASN1EU	false
16.182.73.120	unknown	United States	unknown	unknown	false
52.217.70.182	s3.amazonaws.com	United States	16509	AMAZON-02US	false
142.250.65.164	www.google.com	United States	15169	GOOGLEUS	false
18.164.96.86	formstack.com	United States	3	MIT-GATEWAYSUS	false

Private

IP
192.168.2.24

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1649143
Start date and time:	2025-03-26 14:29:48 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://fdqn7x49zmrxxb9.formstack.com/forms/refreshthispage
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@23/55@28/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.80.14, 142.250.80.3, 142.251.41.14, 64.233.180.84, 142.251.40.206, 199.232.210.172, 142.251.40.238, 142.250.65.238, 142.251.40.234, 142.250.80.35, 142.250.176.206, 40.126.16.164, 20.190.144.161, 40.126.16.166, 40.126.16.165, 20.190.148.167, 20.190.144.164, 20.190.148.164, 20.190.144.162, 20.190.152.20, 40.126.24.149, 20.190.152.21, 40.126.24.146, 40.126.24.83, 40.126.24.84, 20.190.152.19, 40.126.24.81, 142.251.40.170, 142.250.80.42, 142.250.72.106, 142.250.65.170, 142.250.64.106, 142.251.41.10, 142.251.40.138, 142.251.40.202, 142.250.176.202, 142.251.40.106, 172.217.165.138, 142.250.80.106, 142.250.80.10, 142.250.80.74, 142.250.64.74, 142.251.35.170, 40.79.150.121, 142.250.80.46, 13.89.179.9, 23.210.73.5, 142.251.40.99, 142.250.72.99, 142.250.80.78, 4.245.163.56, 13.107.246.40, 13.107.246.72
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, www.tm.lg.prod.aadmsa.akadns.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, onedscolprdfrc05.francecentral.cloudapp.azure.com, onedscolprdcus09.centralus.cloudapp.azure.com, clients2.google.com, redirector.gvt1.com, login.live.com, update.googleapis.com, c.pki.goog, fonts.googleapis.com, prdv4a.aadg.msidentity.com, accounts.google.com, content-autofill.googleapis.com, fonts.gstatic.com, aadcdnoriginwus2.azureedge.net, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, aadcdn.msauth.net, www.googleapis.com, firstparty-azurefd-prod.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, browser.events.data.microsoft.com, edgedl.me.gvt1.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, www.tm.lg.prod.aadmsa.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://fdqn7x49zmrxxb9.formstack.com/forms/refreshthispage

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65474)
Category:	downloaded
Size (bytes):	2136224
Entropy (8bit):	5.426457155050106
Encrypted:	false
SSDEEP:	49152:oXViauZzxnqLRwKIRnc9/vUqwvCV7+hRfajqWfE:oXaG/OB
MD5:	7030AEF869E4B14DD385F2E5CBF3D5E8
SHA1:	D80028F3B582D4E8C6561313787E1E0F72E4672F
SHA-256:	35D8E5AB8FFF3D03A4827C52D30FE9D449C572F31F1F41B177CBAEA3103CDFD8
SHA-512:	4ACDB80B299C815AA5EC5EF8DB6797EC839B9E47582E36F2287237F6298C325E64435DD51EA0131F1A9900025860853FB1C1A8A5E58C3EE8F6913666B7B839E1
Malicious:	false
Reputation:	low
URL:	https://static.formstack.com/forms/forms-renderer/builds/public/form_7030aef869.js
Preview:	/! For license information please see form.js.LICENSE.txt /.var FormstackForms;(()=>{var __webpack_modules__={21217:(e,t)=>{"use strict";Symbol.for("react.element"),Symbol.for("react.portal"),Symbol.for("react.fragment"),Symbol.for("react.strict_mode"),Symbol.for("react.profiler"),Symbol.for("react.provider"),Symbol.for("react.context"),Symbol.for("react.server_context"),Symbol.for("react.forward_ref"),Symbol.for("react.suspense"),Symbol.for("react.suspense_list"),Symbol.for("react.memo"),Symbol.for("react.lazy"),Symbol.for("react.offscreen");Symbol.for("react.module.reference")},64253:(e,t,r)=>{"use strict";r(21217)},42520:(e,t,r)=>{"use strict";r.d(t,{A:()=>a});var n=r(51997),o=r.n(n),i=(0,r(17738).DU)((function(e){var t,r=e.styles,n=e.defaultTheme,o=void 0===n?{}:n;return"function"==typeof r?r(null==(t=e.theme)\|\|0===Object.keys(t).length?o:e.theme):r}));const a=i;i.propTypes={defaultTheme:o().object,styles:o().oneOfType([o().array,o().string,o().object,o().func])}},62439:(e,t,r)=>

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 26, 2025 14:31:23.173959970 CET	53	64222	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:23.312581062 CET	53	49261	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:23.965465069 CET	53	51461	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:27.208561897 CET	56544	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:27.208745956 CET	55000	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:27.310861111 CET	53	55000	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:27.312017918 CET	53	56544	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:28.180095911 CET	49299	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:28.180725098 CET	51696	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:28.289036989 CET	53	51696	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:28.303085089 CET	53	49299	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:28.752139091 CET	60014	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:28.752290964 CET	58879	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:28.851639986 CET	53	58879	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:28.861537933 CET	53	60014	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:30.214696884 CET	63827	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:30.214876890 CET	50297	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:30.280589104 CET	53	62408	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:30.318691015 CET	53	50297	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:30.319030046 CET	53	63827	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:30.543853998 CET	61521	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:30.544053078 CET	60344	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:30.654339075 CET	53	60344	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:30.666330099 CET	53	61521	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:30.813407898 CET	55019	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:30.813796043 CET	62205	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:30.916340113 CET	53	62205	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:30.919457912 CET	53	55019	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:31.450578928 CET	58887	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:31.450579882 CET	50007	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:31.556085110 CET	53	58887	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:31.556375980 CET	53	50007	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:32.023287058 CET	50401	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:32.023435116 CET	54558	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:32.122363091 CET	53	54558	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:32.132039070 CET	53	50401	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:39.166615963 CET	58425	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:39.166870117 CET	50790	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:39.274154902 CET	53	58425	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:39.275985956 CET	53	50790	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:41.133439064 CET	50020	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:41.133902073 CET	51975	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:41.174978971 CET	53	65482	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:41.245920897 CET	53	50020	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:41.245940924 CET	53	51975	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:45.367691040 CET	64112	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:45.367940903 CET	52457	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:45.402949095 CET	52241	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:45.403167963 CET	57458	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:31:45.472846031 CET	53	52457	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:45.499394894 CET	53	64112	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:45.509876966 CET	53	57458	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:45.512821913 CET	53	52241	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:52.346155882 CET	53	64204	1.1.1.1	192.168.2.24
Mar 26, 2025 14:31:59.940675020 CET	53	55444	1.1.1.1	192.168.2.24
Mar 26, 2025 14:32:00.227116108 CET	53	52506	1.1.1.1	192.168.2.24
Mar 26, 2025 14:32:22.690895081 CET	53	56390	1.1.1.1	192.168.2.24
Mar 26, 2025 14:32:23.193226099 CET	53	49446	1.1.1.1	192.168.2.24
Mar 26, 2025 14:32:25.574033022 CET	53	52470	1.1.1.1	192.168.2.24
Mar 26, 2025 14:32:27.409231901 CET	55318	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:32:27.409354925 CET	63481	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:32:27.519781113 CET	53	55318	1.1.1.1	192.168.2.24
Mar 26, 2025 14:32:27.521109104 CET	53	63481	1.1.1.1	192.168.2.24
Mar 26, 2025 14:32:45.762630939 CET	55013	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:32:45.762769938 CET	54510	53	192.168.2.24	1.1.1.1
Mar 26, 2025 14:32:45.865974903 CET	53	55013	1.1.1.1	192.168.2.24
Mar 26, 2025 14:32:45.910326958 CET	53	54510	1.1.1.1	192.168.2.24

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 26, 2025 14:31:45.710525990 CET	192.168.2.24	1.1.1.1	c2e1	(Port unreachable)	Destination Unreachable
Mar 26, 2025 14:32:45.910434961 CET	192.168.2.24	1.1.1.1	c298	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
Mar 26, 2025 14:32:05.460297108 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 26, 2025 14:32:05.555831909 CET	223	IN	HTTP/1.1 304 Not Modified Date: Wed, 26 Mar 2025 13:03:27 GMT Expires: Wed, 26 Mar 2025 13:53:27 GMT Age: 1718 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 26, 2025 14:32:05.562983036 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 26, 2025 14:32:05.662033081 CET	223	IN	HTTP/1.1 304 Not Modified Date: Wed, 26 Mar 2025 13:03:30 GMT Expires: Wed, 26 Mar 2025 13:53:30 GMT Age: 1715 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 26, 2025 14:32:05.667980909 CET	200	OUT	GET /r/r1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 26, 2025 14:32:05.768487930 CET	223	IN	HTTP/1.1 304 Not Modified Date: Wed, 26 Mar 2025 13:01:25 GMT Expires: Wed, 26 Mar 2025 13:51:25 GMT Age: 1840 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:13 UTC	473	OUT	POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742995872069&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1 Accept-Encoding: gzip, deflate Content-Length: 3656 Content-Type: application/json; charset=UTF-8 Host: browser.events.data.msn.cn Connection: Keep-Alive Cache-Control: no-cache
2025-03-26 13:31:13 UTC	3656	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 53 65 72 76 65 72 4c 6f 67 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 63 34 39 38 37 31 31 66 30 32 36 35 34 65 64 63 61 38 61 37 31 35 63 61 36 65 31 63 62 34 64 34 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 33 2d 32 36 54 31 33 3a 33 31 3a 30 32 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 64 61 74 61 22 3a 7b 22 70 61 67 65 22 3a 7b 22 70 72 6f 64 75 63 74 22 3a 22 65 6e 74 77 69 6e 64 6f 77 73 64 61 73 68 22 2c 22 61 70 70 54 79 70 65 22 3a 22 77 69 6e 57 69 64 67 65 74 73 22 2c 22 6e 61 6d 65 22 3a 22 77 69 6e 70 32 62 61 63 6b 69 6e 67 61 70 70 22 2c 22 69 73 4d 6f 63 6b 45 6e 76 22 3a 66 61 6c 73 65 2c 22 68 6f 73 74 56 65 72 22 3a 22 35 32 34 2e 33 30 35 30 32 2e 33 30 2e 30 22 2c 22 Data Ascii: {"name":"MS.News.Web.ServerLog","iKey":"o:c498711f02654edca8a715ca6e1cb4d4","time":"2025-03-26T13:31:02Z","ver":"4.0","data":{"page":{"product":"entwindowsdash","appType":"winWidgets","name":"winp2backingapp","isMockEnv":false,"hostVer":"524.30502.30.0","

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:28 UTC	700	OUT	GET /forms/refreshthispage HTTP/1.1 Host: fdqn7x49zmrxxb9.formstack.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 13:31:28 UTC	5637	IN	HTTP/1.1 200 OK Server: CloudFront Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Date: Wed, 26 Mar 2025 13:31:28 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Set-Cookie: PHPSESSID=ab065cda3f5535ddbac017c0bc498586; path=/forms/; secure; HttpOnly Cache-Control: public, max-age=5 Expires: Wed, 26 Mar 2025 13:31:33 GMT Content-Security-Policy: default-src 'self' .stripe.com dev.visualwebsiteoptimizer.com .wistia.com .pusher.com wss://.pusher.com wss://.drift.com .segment.com .segment.io .litix.io .1drv.ms .google.com www.google-analytics.com www.googletagmanager.com .dropbox.com .amazonaws.com rpm.newrelic.com app.pendo.io data.pendo.io pendo-static-6272184944689152.storage.googleapis.com solve-widget.forethought.ai formstack.com *.formstack.com blob: formstack.com static.formstack.com static.cdn-formstack.com platform-assets.cdn-formstack.com s3.amazonaws.com/files.formstack.com s3.amazonaws.com/files.formstack.com s3.amazonaws.com/files.formstack.com s3.amazonaws.com/files.formstack.com files.formstack.com.amazonaws.com s3.amazonaws.com/files-private.formstack.com files-private.formstack.com.amazonaws.com s3.amazonaws.com/us-east-1-prod-forms-submission-uploads us-east-1-prod-forms-submission-uploads.amazonaws.com fdqn7x49zmrxxb9.formstack.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com pendo-static [TRUNCATED] Cache-Control: public Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Cache: Miss from cloudfront Via: 1.1 d8e93128b8c3fa45992684bc1f50eeb8.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P5 X-Amz-Cf-Id: a5QHY9G5suVMLjvd2kfVD8HCX1QKrhCNBgYaWU9ZdIx0N8m2WY3XMQ== X-Content-Type-Options: nosniff
2025-03-26 13:31:28 UTC	3045	IN	Data Raw: 62 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 0a 20 20 3c 74 69 74 6c 65 3e 53 6f 6d 65 74 68 69 6e 67 20 77 65 6e 74 20 77 72 6f 6e 67 2e 2e 2e 20 72 65 66 72 65 73 68 20 70 61 Data Ascii: bde<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <meta name="robots" content="noindex, nofollow"> <title>Something went wrong... refresh pa
2025-03-26 13:31:28 UTC	4111	IN	Data Raw: 31 30 30 37 0d 0a 22 63 6f 6e 74 65 6e 74 22 3a 22 3c 70 20 73 74 79 6c 65 3d 5c 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 5c 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 5c 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 5c 22 3e 53 6f 72 72 79 2c 20 77 65 27 72 65 20 68 61 76 69 6e 67 20 73 6f 6d 65 20 74 72 6f 75 62 6c 65 73 3c 62 72 3e 54 72 79 20 72 65 6c 6f 61 64 69 6e 67 20 74 68 65 20 70 61 67 65 2e 3c 5c 2f 73 70 61 6e 3e 3c 5c 2f 70 3e 3c 70 20 73 74 79 6c 65 3d 5c 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 5c 22 3e 3c 62 72 3e 3c 5c 2f 70 3e 3c 70 20 73 74 79 6c 65 3d 5c 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 5c 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 5c 22 66 6f 6e 74 2d 73 69 7a 65 3a Data Ascii: 1007"content":"<p style=\"text-align: center;\"><span style=\"font-size: 24px;\">Sorry, we're having some troubles<br>Try reloading the page.<\/span><\/p><p style=\"text-align: center;\"><br><\/p><p style=\"text-align: center;\"><span style=\"font-size:
2025-03-26 13:31:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:29 UTC	592	OUT	GET /forms/forms-renderer/builds/public/form_7030aef869.js HTTP/1.1 Host: static.formstack.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://fdqn7x49zmrxxb9.formstack.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 13:31:29 UTC	631	IN	HTTP/1.1 200 OK Server: CloudFront Content-Type: application/javascript; charset=utf-8 Content-Length: 2136224 Connection: close Date: Wed, 26 Mar 2025 13:31:29 GMT Last-Modified: Wed, 26 Mar 2025 13:11:35 GMT ETag: "67e3fd07-2098a0" Cache-Control: public, s-maxage=86400 Accept-Ranges: bytes Vary: Accept-Encoding X-Cache: Miss from cloudfront Via: 1.1 f5527f719bbc0d2932043daaeff80252.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P5 X-Amz-Cf-Id: rAYUXhS9ika4FhxaipAJed1x3XXbZLWEgSJTe6Q84brSUufQxTz-aw== X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
2025-03-26 13:31:29 UTC	16384	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 66 6f 72 6d 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 76 61 72 20 46 6f 72 6d 73 74 61 63 6b 46 6f 72 6d 73 3b 28 28 29 3d 3e 7b 76 61 72 20 5f 5f 77 65 62 70 61 63 6b 5f 6d 6f 64 75 6c 65 73 5f 5f 3d 7b 32 31 32 31 37 3a 28 65 2c 74 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 53 79 6d 62 6f 6c 2e 66 6f 72 28 22 72 65 61 63 74 2e 65 6c 65 6d 65 6e 74 22 29 2c 53 79 6d 62 6f 6c 2e 66 6f 72 28 22 72 65 61 63 74 2e 70 6f 72 74 61 6c 22 29 2c 53 79 6d 62 6f 6c 2e 66 6f 72 28 22 72 65 61 63 74 2e 66 72 61 67 6d 65 6e 74 22 29 2c 53 79 6d 62 6f 6c 2e 66 6f 72 28 22 72 65 61 63 74 2e 73 74 72 69 63 74 5f 6d 6f 64 65 22 29 2c Data Ascii: /! For license information please see form.js.LICENSE.txt /var FormstackForms;(()=>{var __webpack_modules__={21217:(e,t)=>{"use strict";Symbol.for("react.element"),Symbol.for("react.portal"),Symbol.for("react.fragment"),Symbol.for("react.strict_mode"),
2025-03-26 13:31:29 UTC	16384	IN	Data Raw: 65 6d 70 74 20 74 6f 20 64 65 73 74 72 75 63 74 75 72 65 20 6e 6f 6e 2d 69 74 65 72 61 62 6c 65 20 69 6e 73 74 61 6e 63 65 2e 5c 6e 49 6e 20 6f 72 64 65 72 20 74 6f 20 62 65 20 69 74 65 72 61 62 6c 65 2c 20 6e 6f 6e 2d 61 72 72 61 79 20 6f 62 6a 65 63 74 73 20 6d 75 73 74 20 68 61 76 65 20 61 20 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 28 29 20 6d 65 74 68 6f 64 2e 22 29 7d 28 29 29 2c 6f 3d 6e 5b 30 5d 2c 69 3d 6e 5b 31 5d 2c 75 3d 73 5b 6f 5d 2c 6c 3d 63 5b 69 5d 7c 7c 22 22 3b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6c 29 3f 6c 2e 6d 61 70 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 75 2b 65 7d 29 29 3a 5b 75 2b 6c 5d 7d 2c 6c 3d 7b 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 76 6f Data Ascii: empt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()),o=n[0],i=n[1],u=s[o],l=c[i]\|\|"";return Array.isArray(l)?l.map((function(e){return u+e})):[u+l]},l={},function(e){return vo
2025-03-26 13:31:29 UTC	16079	IN	Data Raw: 3d 74 79 70 65 6f 66 20 65 29 72 65 74 75 72 6e 20 75 28 65 2c 22 43 6f 6d 70 6f 6e 65 6e 74 22 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 6f 28 65 29 29 73 77 69 74 63 68 28 65 2e 24 24 74 79 70 65 6f 66 29 7b 63 61 73 65 20 6e 2e 76 4d 3a 72 65 74 75 72 6e 20 6c 28 65 2c 65 2e 72 65 6e 64 65 72 2c 22 46 6f 72 77 61 72 64 52 65 66 22 29 3b 63 61 73 65 20 6e 2e 6c 44 3a 72 65 74 75 72 6e 20 6c 28 65 2c 65 2e 74 79 70 65 2c 22 6d 65 6d 6f 22 29 3b 64 65 66 61 75 6c 74 3a 72 65 74 75 72 6e 7d 7d 7d 7d 2c 39 30 34 37 3a 28 65 2c 74 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 53 79 6d 62 6f 6c 2e 66 6f 72 28 22 72 65 61 63 74 2e 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 65 6c 65 6d 65 6e 74 22 29 2c 53 79 6d 62 6f 6c 2e 66 6f 72 28 22 72 65 61 63 74 Data Ascii: =typeof e)return u(e,"Component");if("object"===o(e))switch(e.$$typeof){case n.vM:return l(e,e.render,"ForwardRef");case n.lD:return l(e,e.type,"memo");default:return}}}},9047:(e,t)=>{"use strict";Symbol.for("react.transitional.element"),Symbol.for("react
2025-03-26 13:31:29 UTC	16384	IN	Data Raw: 6c 73 20 75 73 65 43 75 73 74 6f 6d 43 68 65 63 6b 6f 75 74 28 29 22 29 7d 28 29 3b 76 61 72 20 65 3d 74 2e 75 73 65 43 6f 6e 74 65 78 74 28 4d 29 3b 69 66 28 21 65 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 43 6f 75 6c 64 20 6e 6f 74 20 66 69 6e 64 20 43 75 73 74 6f 6d 43 68 65 63 6b 6f 75 74 20 43 6f 6e 74 65 78 74 3b 20 59 6f 75 20 6e 65 65 64 20 74 6f 20 77 72 61 70 20 74 68 65 20 70 61 72 74 20 6f 66 20 79 6f 75 72 20 61 70 70 20 74 68 61 74 20 63 61 6c 6c 73 20 75 73 65 43 75 73 74 6f 6d 43 68 65 63 6b 6f 75 74 28 29 20 69 6e 20 61 6e 20 3c 43 75 73 74 6f 6d 43 68 65 63 6b 6f 75 74 50 72 6f 76 69 64 65 72 3e 20 70 72 6f 76 69 64 65 72 2e 22 29 3b 72 65 74 75 72 6e 20 65 7d 2c 65 2e 75 73 65 45 6c 65 6d 65 6e 74 73 3d 66 75 6e 63 74 69 6f Data Ascii: ls useCustomCheckout()")}();var e=t.useContext(M);if(!e)throw new Error("Could not find CustomCheckout Context; You need to wrap the part of your app that calls useCustomCheckout() in an <CustomCheckoutProvider> provider.");return e},e.useElements=functio
2025-03-26 13:31:29 UTC	16384	IN	Data Raw: 6c 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 6e 2c 6c 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 6f 2c 6c 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 69 2c 6c 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 61 2c 6c 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 75 2c 65 2e 65 78 70 6f 72 74 73 3d 6c 7d 2c 37 37 30 37 35 3a 28 65 2c 74 2c 72 29 3d 3e 7b 76 61 72 20 6e 3d 72 28 33 35 38 33 33 29 28 72 28 37 30 39 32 38 29 2c 22 50 72 6f 6d 69 73 65 22 29 3b 65 2e 65 78 70 6f 72 74 73 3d 6e 7d 2c 31 32 39 35 38 3a 28 65 2c 74 2c 72 29 3d 3e 7b 76 61 72 20 6e 3d 72 28 33 35 38 33 33 29 28 72 28 37 30 39 32 38 29 2c 22 53 65 74 22 29 3b 65 2e 65 78 70 6f 72 74 73 3d 6e 7d 2c 37 31 31 37 38 3a 28 65 2c 74 2c 72 29 3d 3e 7b 76 61 72 20 6e 3d 72 Data Ascii: l.prototype.clear=n,l.prototype.delete=o,l.prototype.get=i,l.prototype.has=a,l.prototype.set=u,e.exports=l},77075:(e,t,r)=>{var n=r(35833)(r(70928),"Promise");e.exports=n},12958:(e,t,r)=>{var n=r(35833)(r(70928),"Set");e.exports=n},71178:(e,t,r)=>{var n=r
2025-03-26 13:31:29 UTC	16384	IN	Data Raw: 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 26 26 65 21 3d 3d 53 79 6d 62 6f 6c 2e 70 72 6f 74 6f 74 79 70 65 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 2c 6e 28 65 29 7d 65 3d 72 2e 6e 6d 64 28 65 29 3b 76 61 72 20 6f 3d 72 28 37 30 39 32 38 29 2c 69 3d 72 28 34 37 30 29 2c 61 3d 22 6f 62 6a 65 63 74 22 3d 3d 6e 28 74 29 26 26 74 26 26 21 74 2e 6e 6f 64 65 54 79 70 65 26 26 74 2c 75 3d 61 26 26 22 6f 62 6a 65 63 74 22 3d 3d 6e 28 65 29 26 26 65 26 26 21 65 2e 6e 6f 64 65 54 79 70 65 26 26 65 2c 6c 3d 75 26 26 75 2e 65 78 70 6f 72 74 73 3d 3d 3d 61 3f 6f 2e 42 75 66 66 65 72 3a 76 6f 69 64 20 30 2c 73 3d 28 6c 3f 6c 2e 69 73 42 75 66 66 65 72 3a 76 6f 69 64 20 30 29 7c Data Ascii: ==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},n(e)}e=r.nmd(e);var o=r(70928),i=r(470),a="object"==n(t)&&t&&!t.nodeType&&t,u=a&&"object"==n(e)&&e&&!e.nodeType&&e,l=u&&u.exports===a?o.Buffer:void 0,s=(l?l.isBuffer:void 0)\|
2025-03-26 13:31:29 UTC	12792	IN	Data Raw: 75 6c 6c 3d 3d 72 3f 63 3a 72 28 63 29 3b 69 66 28 63 3d 6e 7c 7c 30 21 3d 3d 63 3f 63 3a 30 2c 61 26 26 66 3d 3d 66 29 7b 66 6f 72 28 76 61 72 20 64 3d 73 3b 64 2d 2d 3b 29 69 66 28 74 5b 64 5d 3d 3d 3d 66 29 63 6f 6e 74 69 6e 75 65 20 65 3b 6c 2e 70 75 73 68 28 63 29 7d 65 6c 73 65 20 69 28 74 2c 66 2c 6e 29 7c 7c 6c 2e 70 75 73 68 28 63 29 7d 72 65 74 75 72 6e 20 6c 7d 46 72 2e 74 65 6d 70 6c 61 74 65 53 65 74 74 69 6e 67 73 3d 7b 65 73 63 61 70 65 3a 4b 2c 65 76 61 6c 75 61 74 65 3a 5a 2c 69 6e 74 65 72 70 6f 6c 61 74 65 3a 58 2c 76 61 72 69 61 62 6c 65 3a 22 22 2c 69 6d 70 6f 72 74 73 3a 7b 5f 3a 46 72 7d 7d 2c 46 72 2e 70 72 6f 74 6f 74 79 70 65 3d 42 72 2e 70 72 6f 74 6f 74 79 70 65 2c 46 72 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 73 74 72 75 63 Data Ascii: ull==r?c:r(c);if(c=n\|\|0!==c?c:0,a&&f==f){for(var d=s;d--;)if(t[d]===f)continue e;l.push(c)}else i(t,f,n)\|\|l.push(c)}return l}Fr.templateSettings={escape:K,evaluate:Z,interpolate:X,variable:"",imports:{_:Fr}},Fr.prototype=Br.prototype,Fr.prototype.construc
2025-03-26 13:31:29 UTC	5106	IN	Data Raw: 29 7b 69 66 28 6e 75 6c 6c 3d 3d 72 29 72 65 74 75 72 6e 20 72 3b 69 66 28 21 24 61 28 72 29 29 72 65 74 75 72 6e 20 65 28 72 2c 6e 29 3b 66 6f 72 28 76 61 72 20 6f 3d 72 2e 6c 65 6e 67 74 68 2c 69 3d 74 3f 6f 3a 2d 31 2c 61 3d 6b 65 28 72 29 3b 28 74 3f 69 2d 2d 3a 2b 2b 69 3c 6f 29 26 26 21 31 21 3d 3d 6e 28 61 5b 69 5d 2c 69 2c 61 29 3b 29 3b 72 65 74 75 72 6e 20 72 7d 7d 66 75 6e 63 74 69 6f 6e 20 4d 6f 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 6e 29 7b 66 6f 72 28 76 61 72 20 6f 3d 2d 31 2c 69 3d 6b 65 28 74 29 2c 61 3d 6e 28 74 29 2c 75 3d 61 2e 6c 65 6e 67 74 68 3b 75 2d 2d 3b 29 7b 76 61 72 20 6c 3d 61 5b 65 3f 75 3a 2b 2b 6f 5d 3b 69 66 28 21 31 3d 3d 3d 72 28 69 5b 6c 5d 2c 6c 2c 69 29 29 62 72 65 61 6b 7d 72 65 74 Data Ascii: ){if(null==r)return r;if(!$a(r))return e(r,n);for(var o=r.length,i=t?o:-1,a=ke(r);(t?i--:++i<o)&&!1!==n(a[i],i,a););return r}}function Mo(e){return function(t,r,n){for(var o=-1,i=ke(t),a=n(t),u=a.length;u--;){var l=a[e?u:++o];if(!1===r(i[l],l,i))break}ret
2025-03-26 13:31:29 UTC	12792	IN	Data Raw: 74 75 72 6e 20 4f 74 28 64 2c 69 3f 72 3a 74 68 69 73 2c 66 29 7d 7d 28 65 2c 74 2c 72 2c 6f 29 3b 65 6c 73 65 20 76 61 72 20 77 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 76 61 72 20 6e 3d 31 26 74 2c 6f 3d 52 6f 28 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 72 65 74 75 72 6e 28 74 68 69 73 26 26 74 68 69 73 21 3d 3d 64 74 26 26 74 68 69 73 20 69 6e 73 74 61 6e 63 65 6f 66 20 74 3f 6f 3a 65 29 2e 61 70 70 6c 79 28 6e 3f 72 3a 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 28 65 2c 74 2c 72 29 3b 72 65 74 75 72 6e 20 50 69 28 28 62 3f 58 6e 3a 5f 69 29 28 77 2c 67 29 2c 65 2c 74 29 7d 66 75 6e 63 74 69 6f 6e 20 5a 6f 28 65 2c 74 2c 72 2c 6e 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 69 7c 7c 42 61 28 65 2c 50 65 5b 72 5d Data Ascii: turn Ot(d,i?r:this,f)}}(e,t,r,o);else var w=function(e,t,r){var n=1&t,o=Ro(e);return function t(){return(this&&this!==dt&&this instanceof t?o:e).apply(n?r:this,arguments)}}(e,t,r);return Pi((b?Xn:_i)(w,g),e,t)}function Zo(e,t,r,n){return e===i\|\|Ba(e,Pe[r]
2025-03-26 13:31:29 UTC	3592	IN	Data Raw: 6e 29 2c 4f 75 3d 47 6e 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 3d 6b 65 28 65 29 3b 76 61 72 20 72 3d 2d 31 2c 6e 3d 74 2e 6c 65 6e 67 74 68 2c 6f 3d 6e 3e 32 3f 74 5b 32 5d 3a 69 3b 66 6f 72 28 6f 26 26 62 69 28 74 5b 30 5d 2c 74 5b 31 5d 2c 6f 29 26 26 28 6e 3d 31 29 3b 2b 2b 72 3c 6e 3b 29 66 6f 72 28 76 61 72 20 61 3d 74 5b 72 5d 2c 75 3d 49 75 28 61 29 2c 6c 3d 2d 31 2c 73 3d 75 2e 6c 65 6e 67 74 68 3b 2b 2b 6c 3c 73 3b 29 7b 76 61 72 20 63 3d 75 5b 6c 5d 2c 66 3d 65 5b 63 5d 3b 28 66 3d 3d 3d 69 7c 7c 42 61 28 66 2c 50 65 5b 63 5d 29 26 26 21 4e 65 2e 63 61 6c 6c 28 65 2c 63 29 29 26 26 28 65 5b 63 5d 3d 61 5b 63 5d 29 7d 72 65 74 75 72 6e 20 65 7d 29 29 2c 6b 75 3d 47 6e 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 Data Ascii: n),Ou=Gn((function(e,t){e=ke(e);var r=-1,n=t.length,o=n>2?t[2]:i;for(o&&bi(t[0],t[1],o)&&(n=1);++r<n;)for(var a=t[r],u=Iu(a),l=-1,s=u.length;++l<s;){var c=u[l],f=e[c];(f===i\|\|Ba(f,Pe[c])&&!Ne.call(e,c))&&(e[c]=a[c])}return e})),ku=Gn((function(e){return e

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:30 UTC	793	OUT	POST /live-form/analytics/6143472/firstView HTTP/1.1 Host: fdqn7x49zmrxxb9.formstack.com Connection: keep-alive Content-Length: 23 sec-ch-ua-platform: "Windows" X-Requested-With: xmlhttprequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/json sec-ch-ua-mobile: ?0 Origin: https://fdqn7x49zmrxxb9.formstack.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://fdqn7x49zmrxxb9.formstack.com/forms/refreshthispage Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: _dd_s=rum=0&expire=1742996789102
2025-03-26 13:31:30 UTC	23	OUT	Data Raw: 7b 22 76 69 65 77 4d 65 74 68 6f 64 22 3a 22 68 6f 73 74 65 64 22 7d Data Ascii: {"viewMethod":"hosted"}
2025-03-26 13:31:30 UTC	804	IN	HTTP/1.1 200 OK Server: CloudFront Content-Type: application/json Transfer-Encoding: chunked Connection: close Date: Wed, 26 Mar 2025 13:31:30 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Frame-Options: sameorigin P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Set-Cookie: fsBrowserSessionId=67e401b262c272.43005283; path=/; secure; HttpOnly; SameSite=Lax Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Cache-Control: public X-Cache: Miss from cloudfront Via: 1.1 f8debc28b6c73eb3dc7540e2ac2f0e18.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P5 X-Amz-Cf-Id: 220t78yUXOw1RVS64OFF4roxY4mTZdDm3Pvc1aBlaKt7CUhI4t61Cg== X-Content-Type-Options: nosniff
2025-03-26 13:31:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:30 UTC	682	OUT	GET /files.formstack.com/public/1193085/image_warning.png HTTP/1.1 Host: s3.amazonaws.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://fdqn7x49zmrxxb9.formstack.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 13:31:30 UTC	527	IN	HTTP/1.1 200 OK x-amz-id-2: wn/ufkj4qf5oTm7FJNXqgJmLmPBF8khWwbf/HKqRKBp1Nh+HhbusglCmdbr4Gts3MTo5/ihDZNY= x-amz-request-id: 6FCH2VFN5FE1XRGW Date: Wed, 26 Mar 2025 13:31:31 GMT x-amz-replication-status: COMPLETED Last-Modified: Wed, 26 Mar 2025 11:15:16 GMT ETag: "8f424d3a2f8d5a0bc47c72c3c4b93b66" x-amz-server-side-encryption: AES256 X-Robots-Tag: noindex x-amz-version-id: T3WU9UnVESZ4HtpTXRXvtKoX5fSsjeIT Accept-Ranges: bytes Content-Type: image/png Content-Length: 15983 Server: AmazonS3 Connection: close
2025-03-26 13:31:30 UTC	15983	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 06 00 00 00 f4 78 d4 fa 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 09 70 48 59 73 00 00 0d d7 00 00 0d d7 01 42 28 9b 78 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 77 77 77 2e 69 6e 6b 73 63 61 70 65 2e 6f 72 67 9b ee 3c 1a 00 00 20 00 49 44 41 54 78 9c ed dd 77 b8 66 55 79 fe f1 ef 3d 14 e9 bd 09 28 88 94 19 7a 51 8a 02 82 8a 05 0b a0 80 8a 3d 62 4f 98 19 86 8e 02 12 08 c6 18 23 49 8c 68 62 cc 2f b1 63 2f 60 41 45 45 b1 d1 41 c0 06 48 17 90 de cb f3 fb 63 2d 60 18 a7 9c 73 de f2 ac f7 dd f7 e7 ba e6 52 c7 99 b3 ef 39 ef de eb 59 e7 59 7b ef a5 88 c0 cc cc cc ba 65 5a 76 00 33 33 33 1b 3e 4f 00 cc cc cc 3a c8 13 00 33 33 b3 0e f2 04 c0 cc cc ac 83 3c 01 30 33 Data Ascii: PNGIHDRxsBIT\|dpHYsB(xtEXtSoftwarewww.inkscape.org< IDATxwfUy=(zQ=bO#Ihb/c/`AEEAHc-`sR9YY{eZv333>O:33<03

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:30 UTC	516	OUT	GET /live-form/analytics/6143472/firstView HTTP/1.1 Host: fdqn7x49zmrxxb9.formstack.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: _dd_s=rum=0&expire=1742996789102; fsBrowserSessionId=67e401b262c272.43005283
2025-03-26 13:31:31 UTC	797	IN	HTTP/1.1 404 Not Found Server: CloudFront Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Date: Wed, 26 Mar 2025 13:31:31 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" X-Frame-Options: sameorigin Set-Cookie: PHPSESSID=ece0f072203bd2ea517f50ef2f25332d; path=/live-form/; secure; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Cache: Error from cloudfront Via: 1.1 98bc8180e0431e8f05afc9802305f1d2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P5 X-Amz-Cf-Id: 8Cq_FoUbHAPZHVLEmdu6hMochZK4NsPqz0L-OMsBrzLvANqh3t_QoQ== X-Content-Type-Options: nosniff
2025-03-26 13:31:31 UTC	538	IN	Data Raw: 32 31 33 0d 0a 3c 64 69 76 20 69 64 3d 22 65 72 72 6f 72 22 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 3c 73 74 72 6f 6e 67 3e 45 52 52 4f 52 3a 3c 2f 73 74 72 6f 6e 67 3e 20 4e 6f 74 20 46 6f 75 6e 64 20 28 45 72 72 6f 72 20 49 44 3a 20 33 31 61 30 33 31 30 31 37 64 64 38 31 32 63 32 33 30 63 31 29 0a 3c 62 72 20 2f 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 23 22 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 63 73 72 66 5f 74 6f 6b 65 6e 22 20 76 61 6c 75 65 3d 22 39 35 61 37 37 33 65 31 33 63 39 65 62 39 38 66 64 32 35 35 64 65 34 63 66 39 66 62 66 39 62 66 35 65 64 33 31 64 36 63 32 34 36 61 65 64 35 39 38 64 63 33 38 65 65 66 35 36 33 33 34 63 36 64 22 20 2f 3e 0a 3c 69 6e 70 75 74 20 Data Ascii: 213<div id="error" class="error"><strong>ERROR:</strong> Not Found (Error ID: 31a031017dd812c230c1)<br /><br /><form action="#"><input type="hidden" name="csrf_token" value="95a773e13c9eb98fd255de4cf9fbf9bf5ed31d6c246aed598dc38eef56334c6d" /><input
2025-03-26 13:31:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:31 UTC	622	OUT	GET /images/favicon/favicon.ico HTTP/1.1 Host: www.formstack.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fdqn7x49zmrxxb9.formstack.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 13:31:31 UTC	589	IN	HTTP/1.1 200 OK Server: CloudFront Content-Type: image/vnd.microsoft.icon Content-Length: 2614 Connection: close Date: Wed, 26 Mar 2025 13:31:31 GMT Last-Modified: Tue, 25 Mar 2025 14:12:07 GMT ETag: "67e2b9b7-a36" Cache-Control: public, s-maxage=86400 Accept-Ranges: bytes X-Cache: Miss from cloudfront Via: 1.1 ab734ad5d81cc9d470b6176a05dd968e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P5 X-Amz-Cf-Id: qYl7d6xQ_zV5gALxFXpYs72upZ0FlN0ZUIJUJza9Y9DGpOjELlFKLQ== X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
2025-03-26 13:31:31 UTC	2614	IN	Data Raw: 00 00 01 00 03 00 30 30 10 00 01 00 04 00 68 06 00 00 36 00 00 00 20 20 10 00 01 00 04 00 e8 02 00 00 9e 06 00 00 10 10 02 00 01 00 01 00 b0 00 00 00 86 09 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 04 00 00 00 00 00 80 04 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 2b 23 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 02 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 Data Ascii: 00h6 (0`+#"""""""""""""""""""""""""""""""""""""""""""" """""""""""""""""""""""""""""""""""""""""""""""""

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:32 UTC	407	OUT	GET /images/favicon/favicon.ico HTTP/1.1 Host: www.formstack.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 13:31:32 UTC	600	IN	HTTP/1.1 200 OK Server: CloudFront Content-Type: image/vnd.microsoft.icon Content-Length: 2614 Connection: close Date: Tue, 25 Mar 2025 15:34:50 GMT Last-Modified: Tue, 25 Mar 2025 14:12:07 GMT ETag: "67e2b9b7-a36" Cache-Control: public, s-maxage=86400 Accept-Ranges: bytes X-Cache: Hit from cloudfront Via: 1.1 3b0649a8bee506c1d7498462d39e6c44.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P5 X-Amz-Cf-Id: Uanq62EO4WcvOB8hnZnhCoqMkqUOsyXoPOUoeHgz_6UFbxthSpsjSw== Age: 79002 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
2025-03-26 13:31:32 UTC	2614	IN	Data Raw: 00 00 01 00 03 00 30 30 10 00 01 00 04 00 68 06 00 00 36 00 00 00 20 20 10 00 01 00 04 00 e8 02 00 00 9e 06 00 00 10 10 02 00 01 00 01 00 b0 00 00 00 86 09 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 04 00 00 00 00 00 80 04 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 2b 23 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 02 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 Data Ascii: 00h6 (0`+#"""""""""""""""""""""""""""""""""""""""""""" """""""""""""""""""""""""""""""""""""""""""""""""

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:38 UTC	1081	OUT	POST /forms/index.php HTTP/1.1 Host: fdqn7x49zmrxxb9.formstack.com Connection: keep-alive Content-Length: 1500 Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Origin: https://fdqn7x49zmrxxb9.formstack.com Content-Type: multipart/form-data; boundary=----WebKitFormBoundary1YxgBP9WzzBWudrg Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://fdqn7x49zmrxxb9.formstack.com/forms/refreshthispage Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=ab065cda3f5535ddbac017c0bc498586; fsBrowserSessionId=67e401b262c272.43005283; _dd_s=rum=0&expire=1742996797479
2025-03-26 13:31:38 UTC	1500	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 31 59 78 67 42 50 39 57 7a 7a 42 57 75 64 72 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 69 73 70 6c 61 79 54 69 6d 65 22 0d 0a 0d 0a 32 30 32 35 2d 30 33 2d 32 36 54 30 39 3a 33 31 3a 32 38 2d 30 34 3a 30 30 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 31 59 78 67 42 50 39 57 7a 7a 42 57 75 64 72 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 6f 72 6d 73 74 61 63 6b 46 6f 72 6d 53 63 68 65 6d 61 56 65 72 73 69 6f 6e 22 0d 0a 0d 0a 34 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f Data Ascii: ------WebKitFormBoundary1YxgBP9WzzBWudrgContent-Disposition: form-data; name="displayTime"2025-03-26T09:31:28-04:00------WebKitFormBoundary1YxgBP9WzzBWudrgContent-Disposition: form-data; name="formstackFormSchemaVersion"4------WebKitFormBo
2025-03-26 13:31:39 UTC	722	IN	HTTP/1.1 302 Found Server: CloudFront Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Date: Wed, 26 Mar 2025 13:31:39 GMT Cache-Control: public Strict-Transport-Security: max-age=63072000; includeSubDomains; preload P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Location: https://login.casinopulsehotel.com/nGwApHsA X-Fs-Submission-Id: 1328039807 Access-Control-Expose-Headers: X-Fs-Submission-Id X-Cache: Miss from cloudfront Via: 1.1 1abf103face183cd8172f37e6ac30038.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P5 X-Amz-Cf-Id: CwaVdvrzAMeJK0fpCjRYpOnwqX25l0PjnRgtLbnGM1Zv5WFZMMisGw== X-Content-Type-Options: nosniff
2025-03-26 13:31:39 UTC	5531	IN	Data Raw: 31 35 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 0a 20 20 3c 74 69 74 6c 65 3e 53 6f 6d 65 74 68 69 6e 67 20 77 65 6e 74 20 77 72 6f 6e 67 2e 2e 2e 20 72 65 66 72 65 73 68 20 70 Data Ascii: 1593<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <meta name="robots" content="noindex, nofollow"> <title>Something went wrong... refresh p

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:39 UTC	765	OUT	GET /nGwApHsA HTTP/1.1 Host: login.casinopulsehotel.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://fdqn7x49zmrxxb9.formstack.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 13:31:39 UTC	20	IN	HTTP/1.1 302 Found
2025-03-26 13:31:39 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-03-26 13:31:39 UTC	25	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a Data Ascii: Content-Type: text/html
2025-03-26 13:31:40 UTC	47	IN	Data Raw: 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 63 61 73 69 6e 6f 70 75 6c 73 65 68 6f 74 65 6c 2e 63 6f 6d 2f 0d 0a Data Ascii: Location: https://login.casinopulsehotel.com/
2025-03-26 13:31:40 UTC	173	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 67 43 46 77 3d 38 38 61 66 37 35 64 38 36 38 65 33 66 32 30 30 39 65 36 64 65 62 39 62 33 32 61 34 37 32 32 37 38 32 35 64 65 64 30 37 34 65 32 66 30 36 33 61 38 37 38 66 30 39 63 65 32 31 30 33 61 33 37 38 3b 20 50 61 74 68 3d 2f 3b 20 44 6f 6d 61 69 6e 3d 63 61 73 69 6e 6f 70 75 6c 73 65 68 6f 74 65 6c 2e 63 6f 6d 3b 20 45 78 70 69 72 65 73 3d 57 65 64 2c 20 32 36 20 4d 61 72 20 32 30 32 35 20 31 34 3a 33 31 3a 33 39 20 47 4d 54 3b 20 4d 61 78 2d 41 67 65 3d 33 36 30 30 0d 0a Data Ascii: Set-Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378; Path=/; Domain=casinopulsehotel.com; Expires=Wed, 26 Mar 2025 14:31:39 GMT; Max-Age=3600
2025-03-26 13:31:40 UTC	28	IN	Data Raw: 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a Data Ascii: Transfer-Encoding: chunked
2025-03-26 13:31:40 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-03-26 13:31:40 UTC	3	IN	Data Raw: 30 0d 0a Data Ascii: 0
2025-03-26 13:31:40 UTC	2	IN	Data Raw: 0d 0a Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:40 UTC	836	OUT	GET / HTTP/1.1 Host: login.casinopulsehotel.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://fdqn7x49zmrxxb9.formstack.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378
2025-03-26 13:31:40 UTC	20	IN	HTTP/1.1 302 Found
2025-03-26 13:31:40 UTC	35	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Cache-Control: no-store, no-cache
2025-03-26 13:31:40 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-03-26 13:31:41 UTC	40	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: text/html; charset=utf-8
2025-03-26 13:31:41 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 57 65 64 2c 20 32 36 20 4d 61 72 20 32 30 32 35 20 31 33 3a 33 31 3a 34 30 20 47 4d 54 0d 0a Data Ascii: Date: Wed, 26 Mar 2025 13:31:40 GMT
2025-03-26 13:31:41 UTC	13	IN	Data Raw: 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a Data Ascii: Expires: -1
2025-03-26 13:31:41 UTC	50	IN	Data Raw: 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 61 73 69 6e 6f 70 75 6c 73 65 68 6f 74 65 6c 2e 63 6f 6d 2f 6c 6f 67 69 6e 0d 0a Data Ascii: Location: https://www.casinopulsehotel.com/login
2025-03-26 13:31:41 UTC	101	IN	Data Raw: 4e 65 6c 3a 20 7b 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 30 31 2c 22 66 61 69 6c 75 72 65 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 7d 0d 0a Data Ascii: Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
2025-03-26 13:31:41 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-03-26 13:31:41 UTC	18	IN	Data Raw: 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Pragma: no-cache
2025-03-26 13:31:41 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:41 UTC	839	OUT	GET /login HTTP/1.1 Host: www.casinopulsehotel.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://fdqn7x49zmrxxb9.formstack.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378
2025-03-26 13:31:41 UTC	20	IN	HTTP/1.1 302 Found
2025-03-26 13:31:41 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-03-26 13:31:41 UTC	24	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 7a 69 70 0d 0a Data Ascii: Content-Encoding: gzip
2025-03-26 13:31:41 UTC	40	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: text/html; charset=utf-8
2025-03-26 13:31:41 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 57 65 64 2c 20 32 36 20 4d 61 72 20 32 30 32 35 20 31 33 3a 33 31 3a 34 31 20 47 4d 54 0d 0a Data Ascii: Date: Wed, 26 Mar 2025 13:31:41 GMT
2025-03-26 13:31:41 UTC	839	IN	Data Raw: 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 63 61 73 69 6e 6f 70 75 6c 73 65 68 6f 74 65 6c 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 2f 6f 61 75 74 68 32 2f 76 32 2e 30 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 34 37 36 35 34 34 35 62 2d 33 32 63 36 2d 34 39 62 30 2d 38 33 65 36 2d 31 64 39 33 37 36 35 32 37 36 63 61 26 72 65 64 69 72 65 63 74 5f 75 72 69 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 25 32 46 6c 61 6e 64 69 6e 67 76 32 26 72 65 73 70 6f 6e 73 65 5f 74 79 70 65 3d 63 6f 64 65 25 32 30 69 64 5f 74 6f 6b 65 6e 26 73 63 6f 70 65 3d 6f 70 65 6e 69 64 25 32 30 70 72 6f 66 69 6c 65 25 32 30 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 6f 66 66 69 63 65 2e Data Ascii: Location: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.
2025-03-26 13:31:42 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin
2025-03-26 13:31:42 UTC	25	IN	Data Raw: 52 65 71 75 65 73 74 2d 43 6f 6e 74 65 78 74 3a 20 61 70 70 49 64 3d 0d 0a Data Ascii: Request-Context: appId=
2025-03-26 13:31:42 UTC	50	IN	Data Raw: 52 65 71 75 65 73 74 2d 49 64 3a 20 37 32 62 61 66 33 34 65 2d 37 30 65 63 2d 34 32 30 33 2d 39 30 36 37 2d 30 37 61 38 37 62 35 35 33 35 34 65 0d 0a Data Ascii: Request-Id: 72baf34e-70ec-4203-9067-07a87b55354e
2025-03-26 13:31:42 UTC	138	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4f 48 2e 46 4c 49 44 3d 34 64 64 63 62 32 30 30 2d 32 39 30 64 2d 34 66 36 39 2d 38 34 32 61 2d 36 65 35 63 32 66 35 32 37 63 64 39 3b 20 50 61 74 68 3d 2f 3b 20 45 78 70 69 72 65 73 3d 54 68 75 2c 20 32 36 20 4d 61 72 20 32 30 32 36 20 31 33 3a 33 31 3a 34 31 20 47 4d 54 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a Data Ascii: Set-Cookie: OH.FLID=4ddcb200-290d-4f69-842a-6e5c2f527cd9; Path=/; Expires=Thu, 26 Mar 2026 13:31:41 GMT; HttpOnly; Secure; SameSite=None
2025-03-26 13:31:42 UTC	68	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4f 48 2e 53 49 44 3d 3b 20 50 61 74 68 3d 2f 3b 20 45 78 70 69 72 65 73 3d 54 68 75 2c 20 30 31 20 4a 61 6e 20 31 39 37 30 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a Data Ascii: Set-Cookie: OH.SID=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:42 UTC	1924	OUT	GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0 HTTP/1.1 Host: login.casinopulsehotel.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://fdqn7x49zmrxxb9.formstack.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378; fpc=Amnu5WQo2Y5CnL4-0j_1lXw; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEHhKLCZfqDgWHvEJQ4A3yY2A5cHIAUU4d7KTVX7Yr2RES2TpQi0VdcZM-IL-AIqrMqLkEItx6joun6cMP9NpaDGKQv3tcp9RBsttmsTHjI6I693JqW9QUlQn5lXShOYpTUS53S2mFMOePIniS681izfOh8q2B7A97pI0yjimnh0ogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
2025-03-26 13:31:42 UTC	17	IN	HTTP/1.1 200 OK
2025-03-26 13:31:42 UTC	35	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Cache-Control: no-store, no-cache
2025-03-26 13:31:42 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-03-26 13:31:43 UTC	40	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: text/html; charset=utf-8
2025-03-26 13:31:43 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 57 65 64 2c 20 32 36 20 4d 61 72 20 32 30 32 35 20 31 33 3a 33 31 3a 34 32 20 47 4d 54 0d 0a Data Ascii: Date: Wed, 26 Mar 2025 13:31:42 GMT
2025-03-26 13:31:43 UTC	13	IN	Data Raw: 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a Data Ascii: Expires: -1
2025-03-26 13:31:43 UTC	101	IN	Data Raw: 4e 65 6c 3a 20 7b 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 30 31 2c 22 66 61 69 6c 75 72 65 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 7d 0d 0a Data Ascii: Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
2025-03-26 13:31:43 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-03-26 13:31:43 UTC	18	IN	Data Raw: 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Pragma: no-cache
2025-03-26 13:31:43 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin
2025-03-26 13:31:43 UTC	150	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 67 72 6f 75 70 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 64 65 6e 74 69 74 79 2e 6e 65 6c 2e 6d 65 61 73 75 72 65 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 61 70 69 2f 72 65 70 6f 72 74 3f 63 61 74 49 64 3d 47 57 2b 65 73 74 73 66 64 2b 77 73 74 22 7d 5d 7d 0d 0a Data Ascii: Report-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst"}]}

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:44 UTC	2930	OUT	GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true HTTP/1.1 Host: login.casinopulsehotel.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378; fpc=Amnu5WQo2Y5CnL4-0j_1lXw; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEHhKLCZfqDgWHvEJQ4A3yY2A5cHIAUU4d7KTVX7Yr2RES2TpQi0VdcZM-IL-AIqrMqLkEItx6joun6cMP9NpaDGKQv3tcp9RBsttmsTHjI6I693JqW9QUlQn5lXShOYpTUS53S2mFMOePIniS681izfOh8q2B7A97pI0yjimnh0ogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-CMLQrQY57ZI=AQABCQEAAABVrSpeuWamRam2jAF1XRQE7onT3sVCFKL7bi96vKflmNNxrUFC1sTfQDwXkpQKEAa7dSf3MM6FjDJQ0ZchwuTDcxqq7Ym-22wkYFIW2wV7tLHNAimZb8a2U3xCqpCC86PEoBsU1cTUymonsGbGRG6_VniPRcxsfOdQ3UzgpbCjqCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2025-03-26 13:31:45 UTC	17	IN	HTTP/1.1 200 OK
2025-03-26 13:31:45 UTC	35	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Cache-Control: no-store, no-cache
2025-03-26 13:31:45 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-03-26 13:31:45 UTC	40	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: text/html; charset=utf-8
2025-03-26 13:31:45 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 57 65 64 2c 20 32 36 20 4d 61 72 20 32 30 32 35 20 31 33 3a 33 31 3a 34 34 20 47 4d 54 0d 0a Data Ascii: Date: Wed, 26 Mar 2025 13:31:44 GMT
2025-03-26 13:31:45 UTC	13	IN	Data Raw: 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a Data Ascii: Expires: -1
2025-03-26 13:31:45 UTC	158	IN	Data Raw: 4c 69 6e 6b 3a 20 3c 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 3e 3b 20 72 65 6c 3d 70 72 65 63 6f 6e 6e 65 63 74 3b 20 63 72 6f 73 73 6f 72 69 67 69 6e 2c 3c 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 3e 3b 20 72 65 6c 3d 64 6e 73 2d 70 72 65 66 65 74 63 68 2c 3c 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 66 74 61 75 74 68 2e 6e 65 74 3e 3b 20 72 65 6c 3d 64 6e 73 2d 70 72 65 66 65 74 63 68 0d 0a Data Ascii: Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
2025-03-26 13:31:45 UTC	101	IN	Data Raw: 4e 65 6c 3a 20 7b 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 30 31 2c 22 66 61 69 6c 75 72 65 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 7d 0d 0a Data Ascii: Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
2025-03-26 13:31:45 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-03-26 13:31:45 UTC	18	IN	Data Raw: 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Pragma: no-cache
2025-03-26 13:31:45 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:44 UTC	2028	OUT	GET /favicon.ico HTTP/1.1 Host: login.casinopulsehotel.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378; fpc=Amnu5WQo2Y5CnL4-0j_1lXw; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEHhKLCZfqDgWHvEJQ4A3yY2A5cHIAUU4d7KTVX7Yr2RES2TpQi0VdcZM-IL-AIqrMqLkEItx6joun6cMP9NpaDGKQv3tcp9RBsttmsTHjI6I693JqW9QUlQn5lXShOYpTUS53S2mFMOePIniS681izfOh8q2B7A97pI0yjimnh0ogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-CMLQrQY57ZI=AQABCQEAAABVrSpeuWamRam2jAF1XRQE7onT3sVCFKL7bi96vKflmNNxrUFC1sTfQDwXkpQKEAa7dSf3MM6FjDJQ0ZchwuTDcxqq7Ym-22wkYFIW2wV7tLHNAimZb8a2U3xCqpCC86PEoBsU1cTUymonsGbGRG6_VniPRcxsfOdQ3UzgpbCjqCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2025-03-26 13:31:45 UTC	24	IN	HTTP/1.1 404 Not Found
2025-03-26 13:31:45 UTC	24	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 0d 0a Data Ascii: Cache-Control: private
2025-03-26 13:31:45 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-03-26 13:31:45 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 57 65 64 2c 20 32 36 20 4d 61 72 20 32 30 32 35 20 31 33 3a 33 31 3a 34 34 20 47 4d 54 0d 0a Data Ascii: Date: Wed, 26 Mar 2025 13:31:44 GMT
2025-03-26 13:31:45 UTC	101	IN	Data Raw: 4e 65 6c 3a 20 7b 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 30 31 2c 22 66 61 69 6c 75 72 65 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 7d 0d 0a Data Ascii: Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
2025-03-26 13:31:45 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-03-26 13:31:45 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin
2025-03-26 13:31:45 UTC	150	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 67 72 6f 75 70 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 64 65 6e 74 69 74 79 2e 6e 65 6c 2e 6d 65 61 73 75 72 65 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 61 70 69 2f 72 65 70 6f 72 74 3f 63 61 74 49 64 3d 47 57 2b 65 73 74 73 66 64 2b 65 73 74 22 7d 5d 7d 0d 0a Data Ascii: Report-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+est"}]}
2025-03-26 13:31:45 UTC	80	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 78 2d 6d 73 2d 67 61 74 65 77 61 79 2d 73 6c 69 63 65 3d 65 73 74 73 66 64 3b 20 50 61 74 68 3d 2f 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a Data Ascii: Set-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=None
2025-03-26 13:31:45 UTC	28	IN	Data Raw: 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a Data Ascii: Transfer-Encoding: chunked
2025-03-26 13:31:45 UTC	48	IN	Data Raw: 58 2d 4d 73 2d 45 73 74 73 2d 53 65 72 76 65 72 3a 20 32 2e 31 2e 32 30 33 32 39 2e 35 20 2d 20 45 55 53 20 50 72 6f 64 53 6c 69 63 65 73 0d 0a Data Ascii: X-Ms-Ests-Server: 2.1.20329.5 - EUS ProdSlices

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:45 UTC	442	OUT	OPTIONS /api/report?catId=GW+estsfd+est HTTP/1.1 Host: identity.nel.measure.office.net Connection: keep-alive Origin: https://login.casinopulsehotel.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 13:31:45 UTC	319	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 7 Date: Wed, 26 Mar 2025 13:31:45 GMT Connection: close Access-Control-Allow-Headers: content-type Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *
2025-03-26 13:31:45 UTC	7	IN	Data Raw: 4f 50 54 49 4f 4e 53 Data Ascii: OPTIONS

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:31:46 UTC	418	OUT	POST /api/report?catId=GW+estsfd+est HTTP/1.1 Host: identity.nel.measure.office.net Connection: keep-alive Content-Length: 1236 Content-Type: application/reports+json Origin: https://login.casinopulsehotel.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 13:31:46 UTC	1236	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 31 34 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 63 61 73 69 6e 6f 70 75 6c 73 65 68 6f 74 65 6c 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 2f 6f 61 75 74 68 32 2f 76 32 2e 30 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 34 37 36 35 34 34 35 62 2d 33 32 63 36 2d 34 39 62 30 2d 38 33 65 36 2d 31 64 39 33 37 36 35 32 37 36 63 61 26 72 65 64 69 72 65 63 74 5f 75 72 69 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 6f 66 66 69 Data Ascii: [{"age":0,"body":{"elapsed_time":1145,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.offi
2025-03-26 13:31:47 UTC	399	IN	HTTP/1.1 429 Too Many Requests Content-Length: 0 x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 Request-Context: appId=cid-v1:c242839f-7b23-4fcd-8b70-f19e1d322576 Date: Wed, 26 Mar 2025 13:31:47 GMT Connection: close Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://fdqn7x49zmrxxb9.formstack.com/forms/refreshthispage

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Windows Analysis Report
https://fdqn7x49zmrxxb9.formstack.com/forms/refreshthispage

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:32:26 UTC	3191	OUT	POST /common/GetCredentialType?mkt=en-US HTTP/1.1 Host: login.casinopulsehotel.com Connection: keep-alive Content-Length: 1974 sec-ch-ua-platform: "Windows" hpgid: 1104 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" hpgact: 1800 canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQErFe5vwWXWRmFPoTo_Wveio6bOdubIeN9wFnSUeKKjLNy9QNxvQWz8OmaYOoMB5jvuNIfoP-qXntzWox0JoYxquqC0tloD_NZFF5377jEBhiUVm2EPT2XsrB71uaPg2-WYOj63cW6pxfCAkte8fDPgRH7VqFByX3V8RqM7EbGP-r22Nr8NBvWTChWxBzqFBn_DsqDZQ3te-pm585AMawY4CAA sec-ch-ua-mobile: ?0 client-request-id: 2f4df8df-414d-4222-9c5c-0a6976b1f26c User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json hpgrequestid: 379dadb0-566e-4ed7-8cf7-e86fe52b5b00 Content-type: application/json; charset=UTF-8 Origin: https://login.casinopulsehotel.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://login.casinopulsehotel.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638785927018631601.ODQ1MjUxNmItNzNkMy00ODE2LWJlYTEtYjU5ODQwMTFhMmEzNzVmZmU4NzYtNTY5Ni00MTM1LTlhYzctYTA0ZDA4ZWMyYjg3&ui_locales=en-US&mkt=en-US&client-request-id=2f4df8df-414d-4222-9c5c-0a6976b1f26c&state=5qv8GHhzXk7524aN-at9RjUY86r790P-Mycza1C-4iaJcQ1ftjs_Q1qFh3ljI2cedp8fHKsa-qLNMPFJXruVwp2BskJ82HzcltrU-zpgmr_azkiinqpdsQBBs3DiXMX6d7whZAKo3i5d8Wi3oh3pZ8sedAW4xvtxoFbhK0QOaQmNW3Uq-Y7NvvxLXD0xbkkhmmKqrngnHeszsiYvaK4TvNezsLFMEINGoQQra9cMbpRV_Hmh0Rzz79QPP2fUfRspgIRvGeGKVjgrEER28cX2Fw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-CMLQrQY57ZI=AQABCQEAAABVrSpeuWamRam2jAF1XRQE7onT3sVCFKL7bi96vKflmNNxrUFC1sTfQDwXkpQKEAa7dSf3MM6FjDJQ0ZchwuTDcxqq7Ym-22wkYFIW2wV7tLHNAimZb8a2U3xCqpCC86PEoBsU1cTUymonsGbGRG6_VniPRcxsfOdQ3UzgpbCjqCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQcAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE6XjMzuU-yZXcW7cFzbpphNGAqgCKMPpQyA0NMh7acUOM4JssD8bVDClyRv8YvsAoyeiKHK5RgamayQKj0a96otMmL7DHoj5M9egPB3kJ3cUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEhERTPy_UDVhJwekqDDCFJJ1677xT6SL7AhiVXM3pmiT3XP-ER4T6QfMzSPNaIfBqPvZzXHN0oWjn6FtVMxZ7WFeozrDd-astJ4jemRsJ0wBgo9ZOLkuQbhFiU5shSxFSSkbDfl3GixR-EmYn5MIQ1M9ewAESSX8FmFH61NAZ2j8gAA; esctx-Jkzf09bzfCE=AQABCQEAAABVrSpeuWamRam2jAF1XRQEVEqekcg7ux8fvXAOO7fYrkQZqZ6ssjQfZpRKyUFRkMrX6RGNe0PS3ox5hiJDFaKetARJKN314JvxhPPL1S37u4fT4-wBihiWcEtcdgOKgcrvcmKScmQj9SDt8V4DZq6Pan0JzMEJ77rY5-rEz-8cxyAA; fpc=Amnu5WQo2Y5CnL4-0j [TRUNCATED]
2025-03-26 13:32:26 UTC	1974	OUT	Data Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 22 62 73 61 70 68 61 40 66 72 75 69 2e 63 6f 6d 22 2c 22 69 73 4f 74 68 65 72 49 64 70 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 63 68 65 63 6b 50 68 6f 6e 65 73 22 3a 66 61 6c 73 65 2c 22 69 73 52 65 6d 6f 74 65 4e 47 43 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 69 73 43 6f 6f 6b 69 65 42 61 6e 6e 65 72 53 68 6f 77 6e 22 3a 66 61 6c 73 65 2c 22 69 73 46 69 64 6f 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 6f 72 69 67 69 6e 61 6c 52 65 71 75 65 73 74 22 3a 22 72 51 51 49 41 52 41 41 68 5a 4f 39 69 39 74 32 47 4d 63 74 2d 38 36 35 4d 32 6c 69 30 6c 4b 61 37 53 67 5a 53 71 36 79 66 5f 72 70 31 51 63 5a 37 4e 67 2d 76 30 6b 2d 2d 53 78 62 63 67 4a 47 31 6f 73 6c 57 65 5f 53 53 54 37 39 42 52 31 61 Data Ascii: {"username":"bsapha@frui.com","isOtherIdpSupported":true,"checkPhones":false,"isRemoteNGCSupported":true,"isCookieBannerShown":false,"isFidoSupported":true,"originalRequest":"rQQIARAAhZO9i9t2GMct-865M2li0lKa7SgZSq6yf_rp1QcZ7Ng-v0k--SxbcgJG1oslWe_SST79BR1a
2025-03-26 13:32:27 UTC	17	IN	HTTP/1.1 200 OK
2025-03-26 13:32:27 UTC	35	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Cache-Control: no-store, no-cache
2025-03-26 13:32:27 UTC	57	IN	Data Raw: 43 6c 69 65 6e 74 2d 52 65 71 75 65 73 74 2d 49 64 3a 20 32 66 34 64 66 38 64 66 2d 34 31 34 64 2d 34 32 32 32 2d 39 63 35 63 2d 30 61 36 39 37 36 62 31 66 32 36 63 0d 0a Data Ascii: Client-Request-Id: 2f4df8df-414d-4222-9c5c-0a6976b1f26c
2025-03-26 13:32:27 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-03-26 13:32:27 UTC	47	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: application/json; charset=utf-8
2025-03-26 13:32:27 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 57 65 64 2c 20 32 36 20 4d 61 72 20 32 30 32 35 20 31 33 3a 33 32 3a 32 36 20 47 4d 54 0d 0a Data Ascii: Date: Wed, 26 Mar 2025 13:32:26 GMT
2025-03-26 13:32:27 UTC	13	IN	Data Raw: 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a Data Ascii: Expires: -1
2025-03-26 13:32:27 UTC	101	IN	Data Raw: 4e 65 6c 3a 20 7b 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 30 31 2c 22 66 61 69 6c 75 72 65 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 7d 0d 0a Data Ascii: Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
2025-03-26 13:32:27 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-03-26 13:32:27 UTC	18	IN	Data Raw: 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Pragma: no-cache

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:32:27 UTC	1711	OUT	GET /common/GetCredentialType?mkt=en-US HTTP/1.1 Host: login.casinopulsehotel.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: gCFw=88af75d868e3f2009e6deb9b32a47227825ded074e2f063a878f09ce2103a378; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-CMLQrQY57ZI=AQABCQEAAABVrSpeuWamRam2jAF1XRQE7onT3sVCFKL7bi96vKflmNNxrUFC1sTfQDwXkpQKEAa7dSf3MM6FjDJQ0ZchwuTDcxqq7Ym-22wkYFIW2wV7tLHNAimZb8a2U3xCqpCC86PEoBsU1cTUymonsGbGRG6_VniPRcxsfOdQ3UzgpbCjqCAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQcAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE6XjMzuU-yZXcW7cFzbpphNGAqgCKMPpQyA0NMh7acUOM4JssD8bVDClyRv8YvsAoyeiKHK5RgamayQKj0a96otMmL7DHoj5M9egPB3kJ3cUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEhERTPy_UDVhJwekqDDCFJJ1677xT6SL7AhiVXM3pmiT3XP-ER4T6QfMzSPNaIfBqPvZzXHN0oWjn6FtVMxZ7WFeozrDd-astJ4jemRsJ0wBgo9ZOLkuQbhFiU5shSxFSSkbDfl3GixR-EmYn5MIQ1M9ewAESSX8FmFH61NAZ2j8gAA; esctx-Jkzf09bzfCE=AQABCQEAAABVrSpeuWamRam2jAF1XRQEVEqekcg7ux8fvXAOO7fYrkQZqZ6ssjQfZpRKyUFRkMrX6RGNe0PS3ox5hiJDFaKetARJKN314JvxhPPL1S37u4fT4-wBihiWcEtcdgOKgcrvcmKScmQj9SDt8V4DZq6Pan0JzMEJ77rY5-rEz-8cxyAA; fpc=Amnu5WQo2Y5CnL4-0j [TRUNCATED]
2025-03-26 13:32:28 UTC	17	IN	HTTP/1.1 200 OK
2025-03-26 13:32:28 UTC	35	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Cache-Control: no-store, no-cache
2025-03-26 13:32:28 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-03-26 13:32:28 UTC	47	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: application/json; charset=utf-8
2025-03-26 13:32:28 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 57 65 64 2c 20 32 36 20 4d 61 72 20 32 30 32 35 20 31 33 3a 33 32 3a 32 37 20 47 4d 54 0d 0a Data Ascii: Date: Wed, 26 Mar 2025 13:32:27 GMT
2025-03-26 13:32:28 UTC	13	IN	Data Raw: 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a Data Ascii: Expires: -1
2025-03-26 13:32:28 UTC	101	IN	Data Raw: 4e 65 6c 3a 20 7b 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 30 31 2c 22 66 61 69 6c 75 72 65 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 7d 0d 0a Data Ascii: Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
2025-03-26 13:32:28 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-03-26 13:32:28 UTC	18	IN	Data Raw: 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Pragma: no-cache
2025-03-26 13:32:28 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin
2025-03-26 13:32:28 UTC	150	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 67 72 6f 75 70 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 64 65 6e 74 69 74 79 2e 6e 65 6c 2e 6d 65 61 73 75 72 65 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 61 70 69 2f 72 65 70 6f 72 74 3f 63 61 74 49 64 3d 47 57 2b 65 73 74 73 66 64 2b 65 73 74 22 7d 5d 7d 0d 0a Data Ascii: Report-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+est"}]}

Timestamp	Bytes transferred	Direction	Data
2025-03-26 13:32:45 UTC	442	OUT	OPTIONS /api/report?catId=GW+estsfd+wst HTTP/1.1 Host: identity.nel.measure.office.net Connection: keep-alive Origin: https://login.casinopulsehotel.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 13:32:45 UTC	319	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 7 Date: Wed, 26 Mar 2025 13:32:45 GMT Connection: close Access-Control-Allow-Headers: content-type Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *
2025-03-26 13:32:45 UTC	7	IN	Data Raw: 4f 50 54 49 4f 4e 53 Data Ascii: OPTIONS

Target ID:	0
Start time:	09:31:19
Start date:	26/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7d1570000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	1
Start time:	09:31:21
Start date:	26/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1904,i,17239572401733403894,9351306309915010722,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2016 /prefetch:11
Imagebase:	0x7ff7d1570000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	6
Start time:	09:31:27
Start date:	26/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fdqn7x49zmrxxb9.formstack.com/forms/refreshthispage"
Imagebase:	0x7ff7d1570000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre