Edit tour

Windows Analysis Report
https://e.pcloud.link/publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX

Overview

General Information

Sample URL:https://e.pcloud.link/publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX
Analysis ID:1653611
Infos:

Detection

HTMLPhisher
Score:68
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish54
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
AI detected suspicious URL
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 6328 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1732,i,933166427512680041,7235051845479042876,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://e.pcloud.link/publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
SourceRuleDescriptionAuthorStrings
3.17..script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    4.27..script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      3.9.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
        4.10.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
          4.12.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
            No Sigma rule has matched
            No Suricata rule has matched

            Click to jump to signature section

            Show All Signature Results

            Phishing

            barindex
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The URL 'login.greennway.com' does not match the legitimate domain 'microsoft.com'., The domain 'greennway.com' does not have any known association with Microsoft., The presence of input fields for 'Email, phone, or Skype' is typical for Microsoft services, but the domain mismatch is suspicious., The URL contains an unrelated domain name, which is a common tactic in phishing attempts. DOM: 4.11.pages.csv
            Source: Yara matchFile source: 3.17..script.csv, type: HTML
            Source: Yara matchFile source: 4.27..script.csv, type: HTML
            Source: Yara matchFile source: 3.9.pages.csv, type: HTML
            Source: Yara matchFile source: 4.10.pages.csv, type: HTML
            Source: Yara matchFile source: 4.12.pages.csv, type: HTML
            Source: https://e.pcloud.link/publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lXJoe Sandbox AI: Page contains button: 'View or Download Document' Source: '0.1.pages.csv'
            Source: 2.16..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://paepo3pnsz.jimmybilljean.workers.dev/?ee4a... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It appears to be collecting user data and redirecting to a potentially malicious domain, which is highly suspicious and indicative of a phishing or malware attack.
            Source: https://login.greennway.comJoe Sandbox AI: The URL 'https://login.greennway.com' closely resembles the legitimate URL 'https://login.greenway.com'. The primary difference is the addition of an extra 'n' in 'greenway', which is a common tactic in typosquatting to create a visually similar URL. The use of 'login' as a subdomain suggests an attempt to mimic a login page, which is a common target for phishing attacks. The domain 'greenway.com' is associated with Greenway Health, a known brand in healthcare technology. The similarity score is high due to the minor character addition and the structural similarity to the legitimate URL. The likelihood of this being a typosquatting attempt is also high, given the potential for user confusion and the context of the subdomain usage.
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCgHTTP Parser: Number of links: 0
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueHTTP Parser: Number of links: 0
            Source: https://login.greennway.com/?FEsTLLPf9M4=aHR0cHM6Ly9taWNyb3NvZnQuc2hhcmVwb2ludC5jb20vOng6L3IvdGVhbXMvKipURUFNHTTP Parser: Base64 decoded: https://login.greennway.com/?FEsTLLPf9M4=aHR0cHM6Ly9taWNyb3NvZnQuc2hhcmVwb2ludC5jb20vOng6L3IvdGVhbXMvKipURUFN
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCgHTTP Parser: Title: The abandoned chiffonier displays step-mother. does not match URL
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueHTTP Parser: Title: The phobic macrame removes sponsorship. does not match URL
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueHTTP Parser: Iframe src: https://portal.greennway.com/Prefetch/Prefetch.aspx
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueHTTP Parser: Iframe src: https://portal.greennway.com/Prefetch/Prefetch.aspx
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueHTTP Parser: <input type="password" .../> found
            Source: https://e.pcloud.link/publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lXHTTP Parser: No favicon
            Source: https://login.greennway.com/?FEsTLLPf9M4=aHR0cHM6Ly9taWNyb3NvZnQuc2hhcmVwb2ludC5jb20vOng6L3IvdGVhbXMvKipURUFNHTTP Parser: No favicon
            Source: https://login.greennway.com/?FEsTLLPf9M4=aHR0cHM6Ly9taWNyb3NvZnQuc2hhcmVwb2ludC5jb20vOng6L3IvdGVhbXMvKipURUFNHTTP Parser: No favicon
            Source: https://login.greennway.com/?FEsTLLPf9M4=aHR0cHM6Ly9taWNyb3NvZnQuc2hhcmVwb2ludC5jb20vOng6L3IvdGVhbXMvKipURUFNHTTP Parser: No favicon
            Source: https://login.greennway.com/?FEsTLLPf9M4=aHR0cHM6Ly9taWNyb3NvZnQuc2hhcmVwb2ludC5jb20vOng6L3IvdGVhbXMvKipURUFNHTTP Parser: No favicon
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCgHTTP Parser: No favicon
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueHTTP Parser: No favicon
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueHTTP Parser: No favicon
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueHTTP Parser: No favicon
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueHTTP Parser: No favicon
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCgHTTP Parser: No <meta name="author".. found
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCgHTTP Parser: No <meta name="copyright".. found
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: unknownHTTPS traffic detected: 45.131.244.56:443 -> 192.168.2.16:49705 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.244.56:443 -> 192.168.2.16:49704 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49713 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49714 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49712 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49715 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49716 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49717 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49732 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.247.13:443 -> 192.168.2.16:49742 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.244.7:443 -> 192.168.2.16:49743 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49748 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49747 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49750 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.247.13:443 -> 192.168.2.16:49753 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.247.13:443 -> 192.168.2.16:49754 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.247.13:443 -> 192.168.2.16:49755 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49749 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.247.13:443 -> 192.168.2.16:49751 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.240.33.60:443 -> 192.168.2.16:49779 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.240.33.60:443 -> 192.168.2.16:49781 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.240.33.60:443 -> 192.168.2.16:49782 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.244.56:443 -> 192.168.2.16:49784 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.21.131:443 -> 192.168.2.16:49793 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.21.131:443 -> 192.168.2.16:49794 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.153.160:443 -> 192.168.2.16:49796 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49797 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49802 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.198.205:443 -> 192.168.2.16:49806 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.21.131:443 -> 192.168.2.16:49818 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.153.160:443 -> 192.168.2.16:49817 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49823 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.198.205:443 -> 192.168.2.16:49824 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.198.205:443 -> 192.168.2.16:49826 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.44.201.139:443 -> 192.168.2.16:49831 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.16:49830 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.126.24.148:443 -> 192.168.2.16:49833 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.21.131:443 -> 192.168.2.16:49836 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.21.131:443 -> 192.168.2.16:49842 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.198.205:443 -> 192.168.2.16:49846 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.198.205:443 -> 192.168.2.16:49845 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.198.205:443 -> 192.168.2.16:49844 version: TLS 1.2
            Source: chrome.exeMemory has grown: Private usage: 1MB later: 32MB
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
            Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.227
            Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
            Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
            Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.227
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX HTTP/1.1Host: e.pcloud.linkConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/css/main.css HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/css/files.css HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/dist/css/dlink.css HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/dist/css/common.css HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/dist/css/compat.css HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/dist/css/index.css HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/dist/css/slide.css HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/js/contextMenu/jquery.contextMenu.min.css HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/assets/icons/css/fontawesome.css HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/assets/icons/css/solid.css HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/assets/icons/css/regular.css HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/assets/icons/css/light.css HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/js/config/index.js HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/dist/js/jscommon.js HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/js/lang/en.js HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/js/lang/web-utilities.js HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/js/main.js HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/dist/js/common.js HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/dist/js/compat.js HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/dist/js/docpreview.js HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/dist/js/dlink.js HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/js/contextMenu/jquery.contexMenu.min.js HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/js/contextMenu/jquery.ui.position.min.js HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /img/branding-settings/slide.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pcdn-e.pcloud.com/Z18/css/files.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /img/grid/sort.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pcdn-e.pcloud.com/Z18/dist/css/common.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /img/grid/tumb-view.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pcdn-e.pcloud.com/Z18/dist/css/compat.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /img/sort-up.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pcdn-e.pcloud.com/Z18/css/files.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /img/sort-active-up.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pcdn-e.pcloud.com/Z18/css/files.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /getapiserver HTTP/1.1Host: eapi.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://e.pcloud.linkSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /getpromoofferforweb?os=4 HTTP/1.1Host: eapi.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://e.pcloud.linkSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /img/grid/tumb-view.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /img/grid/sort.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /img/sort-up.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /img/sort-active-up.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/img/header_logo.svg HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /getapiserver HTTP/1.1Host: eapi.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /checkcookie?names=pcauth,locationid HTTP/1.1Host: my.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/img/mobile/ads-2016/7.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /img/mobile/ads-2016/close-web-banner.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pcdn-e.pcloud.com/Z18/dist/css/dlink.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /getpromoofferforweb?os=4 HTTP/1.1Host: eapi.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /img/branding-settings/slide.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/img/header_logo.svg HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /img/mobile/ads-2016/close-web-banner.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/img/mobile/ads-2016/7.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /getapiserver HTTP/1.1Host: eapi.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://e.pcloud.linkSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "p6mx4twrOJkORVx3hNAatpERt9zV"
            Source: global trafficHTTP traffic detected: GET /publink/max-height=%22100%22 HTTP/1.1Host: e.pcloud.linkConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://e.pcloud.link/publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lXAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: refcode=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX; publinkcode=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX
            Source: global trafficHTTP traffic detected: GET /img/right-more.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /getapiserver HTTP/1.1Host: eapi.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "p6mx4twrOJkORVx3hNAatpERt9zV"
            Source: global trafficHTTP traffic detected: GET /getapiserver HTTP/1.1Host: eapi.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://e.pcloud.linkSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "p6mx4twrOJkORVx3hNAatpERt9zV"
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: e.pcloud.linkConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://e.pcloud.link/publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lXAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: refcode=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX; publinkcode=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX
            Source: global trafficHTTP traffic detected: GET /img/right-more.png HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /getapiserver HTTP/1.1Host: eapi.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://e.pcloud.linkSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "p6mx4twrOJkORVx3hNAatpERt9zV"
            Source: global trafficHTTP traffic detected: GET /getapiserver HTTP/1.1Host: eapi.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "p6mx4twrOJkORVx3hNAatpERt9zV"
            Source: global trafficHTTP traffic detected: GET /getapiserver HTTP/1.1Host: eapi.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "p6mx4twrOJkORVx3hNAatpERt9zV"
            Source: global trafficHTTP traffic detected: GET /Z18/fav.ico HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Z18/fav.ico HTTP/1.1Host: pcdn-e.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /getpublinkdownload?fileid=62889012652&hashCache=4268612828039408600&code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX HTTP/1.1Host: eapi.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://e.pcloud.linkSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /getapiserver HTTP/1.1Host: eapi.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://e.pcloud.linkSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "p6mx4twrOJkORVx3hNAatpERt9zV"
            Source: global trafficHTTP traffic detected: GET /getapiserver HTTP/1.1Host: eapi.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "p6mx4twrOJkORVx3hNAatpERt9zV"
            Source: global trafficHTTP traffic detected: GET /getpublinkdownload?fileid=62889012652&hashCache=4268612828039408600&code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX HTTP/1.1Host: eapi.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /D4ZsjkM6KZn8m0sL7ZZZjPuvXkZ1ZZi0zZkZaR1ZgpZLHZKJZpjpdZDtASPhMYtpuiS2sffn5OQRflOkGV/Signature%20required%20%23896764747.pdf?_=1743507309652 HTTP/1.1Host: ewas2.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /D4ZsjkM6KZn8m0sL7ZZZjPuvXkZ1ZZi0zZkZaR1ZgpZLHZKJZpjpdZDtASPhMYtpuiS2sffn5OQRflOkGV/Signature%20required%20%23896764747.pdf?_=1743507322250 HTTP/1.1Host: ewas2.pcloud.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /getpublinkdownload?fileid=62889012652&forcedownload=1&code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX HTTP/1.1Host: eapi.pcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://e.pcloud.linkSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /getpublinkdownload?fileid=62889012652&forcedownload=1&code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX HTTP/1.1Host: eapi.pcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX HTTP/1.1Host: e.pcloud.linkConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: refcode=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX; publinkcode=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX; gras={"publicfolderlist":{"15985690452":"f62889012652"}}; dwltag=RbYrPX3XnmjdqiEwbilUgV
            Source: global trafficHTTP traffic detected: GET /?FEsTLLPf9M4=aHR0cHM6Ly9taWNyb3NvZnQuc2hhcmVwb2ludC5jb20vOng6L3IvdGVhbXMvKipURUFN HTTP/1.1Host: login.greennway.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /?ee4a96=aHR0cHM6Ly9sb2dpbi5ncmVlbm53YXkuY29tLz9GRXNUTExQZjlNND1hSFIwY0hNNkx5OXRhV055YjNOdlpuUXVjMmhoY21Wd2IybHVkQzVqYjIwdk9uZzZMM0l2ZEdWaGJYTXZLaXBVUlVGTg== HTTP/1.1Host: paepo3pnsz.jimmybilljean.workers.devConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://login.greennway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://paepo3pnsz.jimmybilljean.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /turnstile/v0/b/708f7a809116/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://paepo3pnsz.jimmybilljean.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/vajfi/0x4AAAAAAAi078AM9w38G8rk/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://paepo3pnsz.jimmybilljean.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9297c9465e415e65&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/vajfi/0x4AAAAAAAi078AM9w38G8rk/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/vajfi/0x4AAAAAAAi078AM9w38G8rk/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.greennway.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.greennway.com/?FEsTLLPf9M4=aHR0cHM6Ly9taWNyb3NvZnQuc2hhcmVwb2ludC5jb20vOng6L3IvdGVhbXMvKipURUFNAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=aafe2cbe4190a331a9fc2c5076666059ea6012d2
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /?FEsTLLPf9M4=aHR0cHM6Ly9taWNyb3NvZnQuc2hhcmVwb2ludC5jb20vOng6L3IvdGVhbXMvKipURUFN HTTP/1.1Host: login.greennway.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.greennway.com/?FEsTLLPf9M4=aHR0cHM6Ly9taWNyb3NvZnQuc2hhcmVwb2ludC5jb20vOng6L3IvdGVhbXMvKipURUFNAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=aafe2cbe4190a331a9fc2c5076666059ea6012d2
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/964752299:1743503732:uH2S4_q2m6GimxG9dcXbXq68yCJTtT-h9JnWFa8oRug/9297c9465e415e65/gez1tlaGb5F3wwcqP3CKDm2dKtalTAGEniod0Qo0I58-1743507359-1.1.1.1-tvtdHBmXETlkTsG49Mq1wGP5wziYIB8o44WWBYgc0yI23LIsZ8OrCxshdT4TpdVu HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /?FEsTLLPf9M4=aHR0cHM6Ly9taWNyb3NvZnQuc2hhcmVwb2ludC5jb20vOng6L3IvdGVhbXMvKipURUFN HTTP/1.1Host: login.greennway.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/9297c9465e415e65/1743507360902/fb6b99eb99f629cc96d807a601ce07db0213eb5559b5684215342cad0cd7a4e1/e1ex99v6o6leMvy HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/vajfi/0x4AAAAAAAi078AM9w38G8rk/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/9297c9465e415e65/1743507360909/Y9T7o4Q1DOc5sSx HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/vajfi/0x4AAAAAAAi078AM9w38G8rk/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/9297c9465e415e65/1743507360909/Y9T7o4Q1DOc5sSx HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/964752299:1743503732:uH2S4_q2m6GimxG9dcXbXq68yCJTtT-h9JnWFa8oRug/9297c9465e415e65/gez1tlaGb5F3wwcqP3CKDm2dKtalTAGEniod0Qo0I58-1743507359-1.1.1.1-tvtdHBmXETlkTsG49Mq1wGP5wziYIB8o44WWBYgc0yI23LIsZ8OrCxshdT4TpdVu HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/964752299:1743503732:uH2S4_q2m6GimxG9dcXbXq68yCJTtT-h9JnWFa8oRug/9297c9465e415e65/gez1tlaGb5F3wwcqP3CKDm2dKtalTAGEniod0Qo0I58-1743507359-1.1.1.1-tvtdHBmXETlkTsG49Mq1wGP5wziYIB8o44WWBYgc0yI23LIsZ8OrCxshdT4TpdVu HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /?authvp=921736-a4c8907fc0fa47c419ed3a37055dbca8597ec869e1682c7183d06bc7dd1d62fc HTTP/1.1Host: login.greennway.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://paepo3pnsz.jimmybilljean.workers.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://paepo3pnsz.jimmybilljean.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: paepo3pnsz.jimmybilljean.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg HTTP/1.1Host: login.greennway.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://paepo3pnsz.jimmybilljean.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=ed8a07d042b1ba71a5293d25bc463e23b5041346
            Source: global trafficHTTP traffic detected: GET /?authvp=921736-a4c8907fc0fa47c419ed3a37055dbca8597ec869e1682c7183d06bc7dd1d62fc HTTP/1.1Host: login.greennway.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=a0d7f0568cbd8873acf3e885f62b0d06b482a00d
            Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1Host: newnewdomnewbjbfcjfidd.greennway.comConnection: keep-aliveOrigin: https://login.greennway.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.greennway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=true HTTP/1.1Host: login.greennway.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=ed8a07d042b1ba71a5293d25bc463e23b5041346; esctx-20SprueXw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEYK8QpqMYy62oBIbhMsROZ0qJBLEJNn3lqehLwicqUakCEfOR9gPyx-sMJ9YdOb089ebKwPM4wqoAGhmSU6I1KWRe7Z-oIXG1aEZOBFKF2u4fU0n0Ec1yx3hYFLir6rO2bpMjB28pbU2-2UL3cTr_BiAA; fpc=AtGrhRATVkJDj2TaeetGp48; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE8ebcRrX67pO_GgY6arECZqGdc4WDFu2vxLr-HdPl5SJw63hr1F3pDCQzVDTPscshbfNd5IUnMmexRkZaI9PxDN6M13bJLWtM2qR7zdme2MDQVZVTMIILch1VZCvutAeVb8RcSRi_axjqNiT_4o63Icku4RYvwOreCIk65SH69oggAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.greennway.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=ed8a07d042b1ba71a5293d25bc463e23b5041346; esctx-20SprueXw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEYK8QpqMYy62oBIbhMsROZ0qJBLEJNn3lqehLwicqUakCEfOR9gPyx-sMJ9YdOb089ebKwPM4wqoAGhmSU6I1KWRe7Z-oIXG1aEZOBFKF2u4fU0n0Ec1yx3hYFLir6rO2bpMjB28pbU2-2UL3cTr_BiAA; fpc=AtGrhRATVkJDj2TaeetGp48; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE8ebcRrX67pO_GgY6arECZqGdc4WDFu2vxLr-HdPl5SJw63hr1F3pDCQzVDTPscshbfNd5IUnMmexRkZaI9PxDN6M13bJLWtM2qR7zdme2MDQVZVTMIILch1VZCvutAeVb8RcSRi_axjqNiT_4o63Icku4RYvwOreCIk65SH69oggAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
            Source: global trafficHTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1Host: newnewdomnewbjbfcjfidd.greennway.comConnection: keep-aliveOrigin: https://login.greennway.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.greennway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js HTTP/1.1Host: newnewdomnewbjbfcjfidd.greennway.comConnection: keep-aliveOrigin: https://login.greennway.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.greennway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1d0daql8my9m71a_2aaxzg2.js HTTP/1.1Host: newnewdomnewbjbfcjfidd.greennway.comConnection: keep-aliveOrigin: https://login.greennway.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.greennway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://login.greennway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: newnewdomnewbjbfcjfidd.greennway.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.greennway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=ed8a07d042b1ba71a5293d25bc463e23b5041346; esctx-20SprueXw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEYK8QpqMYy62oBIbhMsROZ0qJBLEJNn3lqehLwicqUakCEfOR9gPyx-sMJ9YdOb089ebKwPM4wqoAGhmSU6I1KWRe7Z-oIXG1aEZOBFKF2u4fU0n0Ec1yx3hYFLir6rO2bpMjB28pbU2-2UL3cTr_BiAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEH5Guh4mJNeVn4DmZc1XrLAvNTbkPuDz7R0pm7QJClEqrLXct_sR41j_H9Sj9YGqWzX1E8g4c-6CWhcRANMFtJEa63pmPtg5DAoXTlrOeZMwlL6JsSe3T7ueGaMhcvtDMUIjgPLMeGnnGfELWfae_OdgHBCZz5UAcXcSy_YLfo8kgAA; esctx-AgN5BLeUVw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEtFNu9R81K6EEaEgFYdXN8nHEZVNe9Y_9IaiisqIslyx4XPGOKJGpI9F2xepWMmCneQuTjq5IBECF7gp5cwyYn9fGMb67F7yIosCVWkmVZdBvX-36AO7R3AbXnScac-FXdZIaU661UDqfOOmZOuoTfyAA
            Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js HTTP/1.1Host: newnewdomnewbjbfcjfidd.greennway.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.greennway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=ed8a07d042b1ba71a5293d25bc463e23b5041346; esctx-20SprueXw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEYK8QpqMYy62oBIbhMsROZ0qJBLEJNn3lqehLwicqUakCEfOR9gPyx-sMJ9YdOb089ebKwPM4wqoAGhmSU6I1KWRe7Z-oIXG1aEZOBFKF2u4fU0n0Ec1yx3hYFLir6rO2bpMjB28pbU2-2UL3cTr_BiAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEH5Guh4mJNeVn4DmZc1XrLAvNTbkPuDz7R0pm7QJClEqrLXct_sR41j_H9Sj9YGqWzX1E8g4c-6CWhcRANMFtJEa63pmPtg5DAoXTlrOeZMwlL6JsSe3T7ueGaMhcvtDMUIjgPLMeGnnGfELWfae_OdgHBCZz5UAcXcSy_YLfo8kgAA; esctx-AgN5BLeUVw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEtFNu9R81K6EEaEgFYdXN8nHEZVNe9Y_9IaiisqIslyx4XPGOKJGpI9F2xepWMmCneQuTjq5IBECF7gp5cwyYn9fGMb67F7yIosCVWkmVZdBvX-36AO7R3AbXnScac-FXdZIaU661UDqfOOmZOuoTfyAA
            Source: global trafficHTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: portal.greennway.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://login.greennway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=ed8a07d042b1ba71a5293d25bc463e23b5041346; esctx-20SprueXw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEYK8QpqMYy62oBIbhMsROZ0qJBLEJNn3lqehLwicqUakCEfOR9gPyx-sMJ9YdOb089ebKwPM4wqoAGhmSU6I1KWRe7Z-oIXG1aEZOBFKF2u4fU0n0Ec1yx3hYFLir6rO2bpMjB28pbU2-2UL3cTr_BiAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEH5Guh4mJNeVn4DmZc1XrLAvNTbkPuDz7R0pm7QJClEqrLXct_sR41j_H9Sj9YGqWzX1E8g4c-6CWhcRANMFtJEa63pmPtg5DAoXTlrOeZMwlL6JsSe3T7ueGaMhcvtDMUIjgPLMeGnnGfELWfae_OdgHBCZz5UAcXcSy_YLfo8kgAA; esctx-AgN5BLeUVw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEtFNu9R81K6EEaEgFYdXN8nHEZVNe9Y_9IaiisqIslyx4XPGOKJGpI9F2xepWMmCneQuTjq5IBECF7gp5cwyYn9fGMb67F7yIosCVWkmVZdBvX-36AO7R3AbXnScac-FXdZIaU661UDqfOOmZOuoTfyAA
            Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: newnewdomnewbjbfcjfidd.greennway.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.greennway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=ed8a07d042b1ba71a5293d25bc463e23b5041346; esctx-20SprueXw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEYK8QpqMYy62oBIbhMsROZ0qJBLEJNn3lqehLwicqUakCEfOR9gPyx-sMJ9YdOb089ebKwPM4wqoAGhmSU6I1KWRe7Z-oIXG1aEZOBFKF2u4fU0n0Ec1yx3hYFLir6rO2bpMjB28pbU2-2UL3cTr_BiAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEH5Guh4mJNeVn4DmZc1XrLAvNTbkPuDz7R0pm7QJClEqrLXct_sR41j_H9Sj9YGqWzX1E8g4c-6CWhcRANMFtJEa63pmPtg5DAoXTlrOeZMwlL6JsSe3T7ueGaMhcvtDMUIjgPLMeGnnGfELWfae_OdgHBCZz5UAcXcSy_YLfo8kgAA; esctx-AgN5BLeUVw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEtFNu9R81K6EEaEgFYdXN8nHEZVNe9Y_9IaiisqIslyx4XPGOKJGpI9F2xepWMmCneQuTjq5IBECF7gp5cwyYn9fGMb67F7yIosCVWkmVZdBvX-36AO7R3AbXnScac-FXdZIaU661UDqfOOmZOuoTfyAA
            Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: newnewdomnewbjbfcjfidd.greennway.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.greennway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=ed8a07d042b1ba71a5293d25bc463e23b5041346; esctx-20SprueXw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEYK8QpqMYy62oBIbhMsROZ0qJBLEJNn3lqehLwicqUakCEfOR9gPyx-sMJ9YdOb089ebKwPM4wqoAGhmSU6I1KWRe7Z-oIXG1aEZOBFKF2u4fU0n0Ec1yx3hYFLir6rO2bpMjB28pbU2-2UL3cTr_BiAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEH5Guh4mJNeVn4DmZc1XrLAvNTbkPuDz7R0pm7QJClEqrLXct_sR41j_H9Sj9YGqWzX1E8g4c-6CWhcRANMFtJEa63pmPtg5DAoXTlrOeZMwlL6JsSe3T7ueGaMhcvtDMUIjgPLMeGnnGfELWfae_OdgHBCZz5UAcXcSy_YLfo8kgAA; esctx-AgN5BLeUVw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEtFNu9R81K6EEaEgFYdXN8nHEZVNe9Y_9IaiisqIslyx4XPGOKJGpI9F2xepWMmCneQuTjq5IBECF7gp5cwyYn9fGMb67F7yIosCVWkmVZdBvX-36AO7R3AbXnScac-FXdZIaU661UDqfOOmZOuoTfyAA
            Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js HTTP/1.1Host: newnewdomnewbjbfcjfidd.greennway.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.greennway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=ed8a07d042b1ba71a5293d25bc463e23b5041346; esctx-20SprueXw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEYK8QpqMYy62oBIbhMsROZ0qJBLEJNn3lqehLwicqUakCEfOR9gPyx-sMJ9YdOb089ebKwPM4wqoAGhmSU6I1KWRe7Z-oIXG1aEZOBFKF2u4fU0n0Ec1yx3hYFLir6rO2bpMjB28pbU2-2UL3cTr_BiAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEH5Guh4mJNeVn4DmZc1XrLAvNTbkPuDz7R0pm7QJClEqrLXct_sR41j_H9Sj9YGqWzX1E8g4c-6CWhcRANMFtJEa63pmPtg5DAoXTlrOeZMwlL6JsSe3T7ueGaMhcvtDMUIjgPLMeGnnGfELWfae_OdgHBCZz5UAcXcSy_YLfo8kgAA; esctx-AgN5BLeUVw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEtFNu9R81K6EEaEgFYdXN8nHEZVNe9Y_9IaiisqIslyx4XPGOKJGpI9F2xepWMmCneQuTjq5IBECF7gp5cwyYn9fGMb67F7yIosCVWkmVZdBvX-36AO7R3AbXnScac-FXdZIaU661UDqfOOmZOuoTfyAA
            Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: newnewdomnewbjbfcjfidd.greennway.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.greennway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=ed8a07d042b1ba71a5293d25bc463e23b5041346; esctx-20SprueXw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEYK8QpqMYy62oBIbhMsROZ0qJBLEJNn3lqehLwicqUakCEfOR9gPyx-sMJ9YdOb089ebKwPM4wqoAGhmSU6I1KWRe7Z-oIXG1aEZOBFKF2u4fU0n0Ec1yx3hYFLir6rO2bpMjB28pbU2-2UL3cTr_BiAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEH5Guh4mJNeVn4DmZc1XrLAvNTbkPuDz7R0pm7QJClEqrLXct_sR41j_H9Sj9YGqWzX1E8g4c-6CWhcRANMFtJEa63pmPtg5DAoXTlrOeZMwlL6JsSe3T7ueGaMhcvtDMUIjgPLMeGnnGfELWfae_OdgHBCZz5UAcXcSy_YLfo8kgAA; esctx-AgN5BLeUVw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEtFNu9R81K6EEaEgFYdXN8nHEZVNe9Y_9IaiisqIslyx4XPGOKJGpI9F2xepWMmCneQuTjq5IBECF7gp5cwyYn9fGMb67F7yIosCVWkmVZdBvX-36AO7R3AbXnScac-FXdZIaU661UDqfOOmZOuoTfyAA
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.greennway.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=ed8a07d042b1ba71a5293d25bc463e23b5041346; esctx-20SprueXw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEYK8QpqMYy62oBIbhMsROZ0qJBLEJNn3lqehLwicqUakCEfOR9gPyx-sMJ9YdOb089ebKwPM4wqoAGhmSU6I1KWRe7Z-oIXG1aEZOBFKF2u4fU0n0Ec1yx3hYFLir6rO2bpMjB28pbU2-2UL3cTr_BiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.ASkAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAApAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE8lWPkG4Uj9h3yq6lUmOi0STeTywsF6rht8bk7D1awpa8MqWWe_C4a8-CxXBnDteVscT8m0xkgccyCtosL5D4IQK8sNfkbb_zCT1wRjW-vHsgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEH5Guh4mJNeVn4DmZc1XrLAvNTbkPuDz7R0pm7QJClEqrLXct_sR41j_H9Sj9YGqWzX1E8g4c-6CWhcRANMFtJEa63pmPtg5DAoXTlrOeZMwlL6JsSe3T7ueGaMhcvtDMUIjgPLMeGnnGfELWfae_OdgHBCZz5UAcXcSy_YLfo8kgAA; esctx-AgN5BLeUVw=AQABCQEAAABVrSpeuWamRam2jAF1XRQEtFNu9R81K6EEaEgFYdXN8nHEZVNe9Y_9IaiisqIslyx4XPGOKJGpI9F2xepWMmCneQuTjq5IBECF7gp5cwyYn9fGMb67F7yIosCVWkmVZdBvX-36AO7R3AbXnScac-FXdZIaU661UDqfOOmZOuoTfyAA; fpc=AtGrhRATVkJDj2TaeetGp4-4vjNwAQAAAKvGfd8OAAAA; MicrosoftApplicationsTelemetryDeviceId=cae8c31a-5516-4125-8d65-776d0e7acc16; brcap=0
            Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: newnewdomnewbjbfcjfidd.greennway.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=a0d7f0568cbd8873acf3e885f62b0d06b482a00d
            Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: newnewdomnewbjbfcjfidd.greennway.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=a0d7f0568cbd8873acf3e885f62b0d06b482a00d
            Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: newnewdomnewbjbfcjfidd.greennway.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __xhooknstate=a0d7f0568cbd8873acf3e885f62b0d06b482a00d
            Source: global trafficDNS traffic detected: DNS query: e.pcloud.link
            Source: global trafficDNS traffic detected: DNS query: pcdn-e.pcloud.com
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: eapi.pcloud.com
            Source: global trafficDNS traffic detected: DNS query: my.pcloud.com
            Source: global trafficDNS traffic detected: DNS query: ewas2.pcloud.com
            Source: global trafficDNS traffic detected: DNS query: login.greennway.com
            Source: global trafficDNS traffic detected: DNS query: paepo3pnsz.jimmybilljean.workers.dev
            Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: newnewdomnewbjbfcjfidd.greennway.com
            Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
            Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
            Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
            Source: global trafficDNS traffic detected: DNS query: newnewdomnewdefijbfjhi.greennway.com
            Source: global trafficDNS traffic detected: DNS query: portal.greennway.com
            Source: unknownHTTP traffic detected: POST /checkcookie?names=pcauth,locationid HTTP/1.1Host: my.pcloud.comConnection: keep-aliveContent-Length: 0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://e.pcloud.linkSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://e.pcloud.link/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: ae9e6db6-3853-487a-aee9-6509af731700x-ms-ests-server: 2.1.20465.4 - SCUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-R0oraQ5Cp6G1GDiemLQ5mA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-AllX-XSS-Protection: 0Date: Tue, 01 Apr 2025 11:36:12 GMTConnection: closeContent-Length: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Apr 2025 11:36:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: no-store, no-cachex-ms-correlation-id: 855725b2-48d7-459b-8d80-cc42b45b1547x-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 7757EB623D3A498F933F78AE0DAE676C Ref B: CO1EDGE1905 Ref C: 2025-04-01T11:36:14ZSet-Cookie: __xhooknstate=ed8a07d042b1ba71a5293d25bc463e23b5041346; Expires=Wed, 21 Oct 2026 07:28:00 GMT; Max-Age=31536000; Domain=.greennway.com; Path=/; SameSite=None; Secure; HttpOnly; PartitionedSet-Cookie: s.SessID=eee96fe2-40bc-49f9-bbc4-b01bb82bc54c;path=/;secure;HttpOnly;SameSite=None;PartitionedSet-Cookie: s.SessID=eee96fe2-40bc-49f9-bbc4-b01bb82bc54c;path=/;secure;HttpOnly;SameSite=None;PartitionedSet-Cookie: x-portal-routekey=scu;path=/;secure;HttpOnly;Partitioned;SameSite=Nonecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MgeneHiJ5Nt6BoyPOqXWrAHXSbydi1iqjgik3%2FsqU3HkIDxnF1J%2FFeABd3cvh4tSlh5C9X7QZ%2BotnYbzt0Cv0KW5ku0BNpt%2FdKfbRPJ3zlhL0MBCFUiNVaC%2FoRmogeGTpoeDRXB%2FhQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9297c9a1ae2c187f-EWRalt-svc: h3=":443"; ma=86400
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Apr 2025 11:36:16 GMTTransfer-Encoding: chunkedConnection: closecache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 9c310206-99c0-413e-86d6-dcd5b98d2b00x-ms-ests-server: 2.1.20393.4 - SCUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+est"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originCF-Cache-Status: BYPASSSet-Cookie: __xhooknstate=ed8a07d042b1ba71a5293d25bc463e23b5041346; Expires=Wed, 21 Oct 2026 07:28:00 GMT; Max-Age=31536000; Domain=.greennway.com; Path=/; SameSite=None; Secure; HttpOnly; PartitionedSet-Cookie: x-ms-gateway-slice=estsfd;path=/;secure;samesite=None;httponly;PartitionedServer: cloudflareCF-RAY: 9297c9acfd9d8cc8-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=102357&min_rtt=98384&rtt_var=26741&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2832&recv_bytes=2350&delivery_rate=33696&cwnd=227&unsent_bytes=0&cid=5cdb964f0d32f191&ts=692&x=0"
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
            Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
            Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownHTTPS traffic detected: 45.131.244.56:443 -> 192.168.2.16:49705 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.244.56:443 -> 192.168.2.16:49704 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49713 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49714 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49712 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49715 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49716 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49717 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49732 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.247.13:443 -> 192.168.2.16:49742 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.244.7:443 -> 192.168.2.16:49743 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49748 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49747 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49750 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.247.13:443 -> 192.168.2.16:49753 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.247.13:443 -> 192.168.2.16:49754 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.247.13:443 -> 192.168.2.16:49755 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 74.120.10.13:443 -> 192.168.2.16:49749 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.247.13:443 -> 192.168.2.16:49751 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.240.33.60:443 -> 192.168.2.16:49779 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.240.33.60:443 -> 192.168.2.16:49781 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.240.33.60:443 -> 192.168.2.16:49782 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.131.244.56:443 -> 192.168.2.16:49784 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.21.131:443 -> 192.168.2.16:49793 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.21.131:443 -> 192.168.2.16:49794 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.153.160:443 -> 192.168.2.16:49796 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49797 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49802 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.198.205:443 -> 192.168.2.16:49806 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.21.131:443 -> 192.168.2.16:49818 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.153.160:443 -> 192.168.2.16:49817 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49823 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.198.205:443 -> 192.168.2.16:49824 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.198.205:443 -> 192.168.2.16:49826 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.44.201.139:443 -> 192.168.2.16:49831 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.16:49830 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.126.24.148:443 -> 192.168.2.16:49833 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.21.131:443 -> 192.168.2.16:49836 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.21.131:443 -> 192.168.2.16:49842 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.198.205:443 -> 192.168.2.16:49846 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.198.205:443 -> 192.168.2.16:49845 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.198.205:443 -> 192.168.2.16:49844 version: TLS 1.2
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6328_749287595
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6328_749287595
            Source: classification engineClassification label: mal68.phis.win@31/2@50/289
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\a61e8a06-c11b-46ec-8351-e98d60b68f4b.tmp
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1732,i,933166427512680041,7235051845479042876,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://e.pcloud.link/publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1732,i,933166427512680041,7235051845479042876,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: Window RecorderWindow detected: More than 3 window changes detected
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Drive-by Compromise
            Windows Management Instrumentation3
            Browser Extensions
            1
            Process Injection
            11
            Masquerading
            OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
            Encrypted Channel
            Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Extra Window Memory Injection
            1
            Process Injection
            LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
            Non-Application Layer Protocol
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            File Deletion
            Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
            Application Layer Protocol
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Extra Window Memory Injection
            NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
            Ingress Tool Transfer
            Traffic DuplicationData Destruction

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            https://e.pcloud.link/publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX0%Avira URL Cloudsafe
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            SourceDetectionScannerLabelLink
            https://pcdn-e.pcloud.com/Z18/js/contextMenu/jquery.contexMenu.min.js0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/dist/css/index.css0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/img/branding-settings/slide.png0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/dist/js/common.js0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/img/grid/sort.png0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/assets/icons/css/fontawesome.css0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/assets/icons/css/solid.css0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/dist/css/dlink.css0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/dist/css/slide.css0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/img/sort-up.png0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/dist/js/jscommon.js0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/img/header_logo.svg0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/img/right-more.png0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/js/lang/en.js0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/js/config/index.js0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/dist/js/docpreview.js0%Avira URL Cloudsafe
            https://my.pcloud.com/checkcookie?names=pcauth,locationid0%Avira URL Cloudsafe
            https://eapi.pcloud.com/getapiserver0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/css/main.css0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/js/lang/web-utilities.js0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/assets/icons/css/regular.css0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/img/mobile/ads-2016/close-web-banner.png0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/dist/js/compat.js0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/img/sort-active-up.png0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/js/main.js0%Avira URL Cloudsafe
            https://e.pcloud.link/publink/max-height=%22100%220%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/js/contextMenu/jquery.ui.position.min.js0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/css/files.css0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/dist/js/dlink.js0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/dist/css/compat.css0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/assets/icons/css/light.css0%Avira URL Cloudsafe
            https://e.pcloud.link/0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/dist/css/common.css0%Avira URL Cloudsafe
            https://eapi.pcloud.com/getpromoofferforweb?os=40%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/img/grid/tumb-view.png0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/js/contextMenu/jquery.contextMenu.min.css0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/img/mobile/ads-2016/7.png0%Avira URL Cloudsafe
            https://pcdn-e.pcloud.com/Z18/fav.ico0%Avira URL Cloudsafe
            https://ewas2.pcloud.com/D4ZsjkM6KZn8m0sL7ZZZjPuvXkZ1ZZi0zZkZaR1ZgpZLHZKJZpjpdZDtASPhMYtpuiS2sffn5OQRflOkGV/Signature%20required%20%23896764747.pdf?_=17435073222500%Avira URL Cloudsafe
            https://eapi.pcloud.com/getpublinkdownload?fileid=62889012652&forcedownload=1&code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX0%Avira URL Cloudsafe
            https://eapi.pcloud.com/getpublinkdownload?fileid=62889012652&hashCache=4268612828039408600&code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX0%Avira URL Cloudsafe
            https://ewas2.pcloud.com/D4ZsjkM6KZn8m0sL7ZZZjPuvXkZ1ZZi0zZkZaR1ZgpZLHZKJZpjpdZDtASPhMYtpuiS2sffn5OQRflOkGV/Signature%20required%20%23896764747.pdf?_=17435073096520%Avira URL Cloudsafe
            file:///C:/Users/user/Downloads/downloaded.htm0%Avira URL Cloudsafe
            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/vajfi/0x4AAAAAAAi078AM9w38G8rk/auto/fbE/new/normal/auto/0%Avira URL Cloudsafe
            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/964752299:1743503732:uH2S4_q2m6GimxG9dcXbXq68yCJTtT-h9JnWFa8oRug/9297c9465e415e65/gez1tlaGb5F3wwcqP3CKDm2dKtalTAGEniod0Qo0I58-1743507359-1.1.1.1-tvtdHBmXETlkTsG49Mq1wGP5wziYIB8o44WWBYgc0yI23LIsZ8OrCxshdT4TpdVu0%Avira URL Cloudsafe
            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/9297c9465e415e65/1743507360902/fb6b99eb99f629cc96d807a601ce07db0213eb5559b5684215342cad0cd7a4e1/e1ex99v6o6leMvy0%Avira URL Cloudsafe
            https://login.greennway.com/favicon.ico0%Avira URL Cloudsafe
            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9297c9465e415e65&lang=auto0%Avira URL Cloudsafe
            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/9297c9465e415e65/1743507360909/Y9T7o4Q1DOc5sSx0%Avira URL Cloudsafe
            https://paepo3pnsz.jimmybilljean.workers.dev/?ee4a96=aHR0cHM6Ly9sb2dpbi5ncmVlbm53YXkuY29tLz9GRXNUTExQZjlNND1hSFIwY0hNNkx5OXRhV055YjNOdlpuUXVjMmhoY21Wd2IybHVkQzVqYjIwdk9uZzZMM0l2ZEdWaGJYTXZLaXBVUlVGTg==0%Avira URL Cloudsafe
            https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg0%Avira URL Cloudsafe
            https://paepo3pnsz.jimmybilljean.workers.dev/0%Avira URL Cloudsafe
            https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg0%Avira URL Cloudsafe
            https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js0%Avira URL Cloudsafe
            https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js0%Avira URL Cloudsafe
            https://login.greennway.com/?authvp=921736-a4c8907fc0fa47c419ed3a37055dbca8597ec869e1682c7183d06bc7dd1d62fc0%Avira URL Cloudsafe
            https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg0%Avira URL Cloudsafe
            https://newnewdomnewbjbfcjfidd.greennway.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css0%Avira URL Cloudsafe
            https://newnewdomnewbjbfcjfidd.greennway.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1d0daql8my9m71a_2aaxzg2.js0%Avira URL Cloudsafe
            https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js0%Avira URL Cloudsafe
            https://portal.greennway.com/Prefetch/Prefetch.aspx0%Avira URL Cloudsafe
            https://login.microsoftonline.com/Me.htm?v=30%Avira URL Cloudsafe
            https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js0%Avira URL Cloudsafe
            https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js0%Avira URL Cloudsafe
            NameIPActiveMaliciousAntivirus DetectionReputation
            s-part-0012.t-0009.t-msedge.net
            13.107.246.40
            truefalse
              high
              e329293.dscd.akamaiedge.net
              23.209.72.31
              truefalse
                high
                newnewdomnewbjbfcjfidd.greennway.com
                172.67.198.205
                truefalse
                  unknown
                  a1894.dscb.akamai.net
                  23.44.201.139
                  truefalse
                    high
                    pcdn-e.pcloud.com
                    74.120.10.13
                    truefalse
                      high
                      www.tm.a.prd.aadg.trafficmanager.net
                      40.126.24.148
                      truefalse
                        high
                        paepo3pnsz.jimmybilljean.workers.dev
                        172.67.153.160
                        truetrue
                          unknown
                          newnewdomnewdefijbfjhi.greennway.com
                          172.67.198.205
                          truefalse
                            unknown
                            e.pcloud.link
                            45.131.244.56
                            truefalse
                              high
                              challenges.cloudflare.com
                              104.18.95.41
                              truefalse
                                high
                                www.google.com
                                142.250.81.228
                                truefalse
                                  high
                                  eapi.pcloud.com
                                  45.131.247.13
                                  truefalse
                                    high
                                    ewas2.pcloud.com
                                    172.240.33.60
                                    truefalse
                                      unknown
                                      portal.greennway.com
                                      104.21.21.131
                                      truefalse
                                        unknown
                                        login.greennway.com
                                        104.21.21.131
                                        truetrue
                                          unknown
                                          aadcdn.msftauth.net
                                          unknown
                                          unknownfalse
                                            high
                                            identity.nel.measure.office.net
                                            unknown
                                            unknownfalse
                                              high
                                              my.pcloud.com
                                              unknown
                                              unknownfalse
                                                high
                                                login.microsoftonline.com
                                                unknown
                                                unknownfalse
                                                  high
                                                  NameMaliciousAntivirus DetectionReputation
                                                  https://pcdn-e.pcloud.com/Z18/dist/css/slide.cssfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://pcdn-e.pcloud.com/img/grid/sort.pngfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://pcdn-e.pcloud.com/img/sort-up.pngfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svgfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://pcdn-e.pcloud.com/Z18/dist/js/common.jsfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://pcdn-e.pcloud.com/Z18/js/contextMenu/jquery.contexMenu.min.jsfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://eapi.pcloud.com/getpublinkdownload?fileid=62889012652&hashCache=4268612828039408600&code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lXfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://pcdn-e.pcloud.com/Z18/js/config/index.jsfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://pcdn-e.pcloud.com/img/right-more.pngfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://pcdn-e.pcloud.com/Z18/dist/js/docpreview.jsfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://paepo3pnsz.jimmybilljean.workers.dev/?ee4a96=aHR0cHM6Ly9sb2dpbi5ncmVlbm53YXkuY29tLz9GRXNUTExQZjlNND1hSFIwY0hNNkx5OXRhV055YjNOdlpuUXVjMmhoY21Wd2IybHVkQzVqYjIwdk9uZzZMM0l2ZEdWaGJYTXZLaXBVUlVGTg==false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.jsfalse
                                                    high
                                                    https://pcdn-e.pcloud.com/Z18/js/lang/en.jsfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://my.pcloud.com/checkcookie?names=pcauth,locationidfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://pcdn-e.pcloud.com/Z18/js/lang/web-utilities.jsfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://pcdn-e.pcloud.com/Z18/css/main.cssfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://eapi.pcloud.com/getapiserverfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.jsfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://pcdn-e.pcloud.com/Z18/assets/icons/css/regular.cssfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9297c9465e415e65&lang=autofalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1false
                                                      high
                                                      https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.jsfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://pcdn-e.pcloud.com/img/sort-active-up.pngfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://newnewdomnewbjbfcjfidd.greennway.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.cssfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://pcdn-e.pcloud.com/Z18/dist/js/compat.jsfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://e.pcloud.link/publink/max-height=%22100%22false
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://paepo3pnsz.jimmybilljean.workers.dev/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://pcdn-e.pcloud.com/Z18/css/files.cssfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://pcdn-e.pcloud.com/Z18/assets/icons/css/light.cssfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svgfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://pcdn-e.pcloud.com/Z18/dist/css/common.cssfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://pcdn-e.pcloud.com/Z18/js/contextMenu/jquery.contextMenu.min.cssfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://pcdn-e.pcloud.com/Z18/img/mobile/ads-2016/7.pngfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.jsfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://login.greennway.com/?authvp=921736-a4c8907fc0fa47c419ed3a37055dbca8597ec869e1682c7183d06bc7dd1d62fctrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCgtrue
                                                        unknown
                                                        https://pcdn-e.pcloud.com/img/branding-settings/slide.pngfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://pcdn-e.pcloud.com/Z18/dist/css/index.cssfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://pcdn-e.pcloud.com/Z18/assets/icons/css/fontawesome.cssfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svgfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://pcdn-e.pcloud.com/Z18/dist/css/dlink.cssfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://newnewdomnewbjbfcjfidd.greennway.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1d0daql8my9m71a_2aaxzg2.jsfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://pcdn-e.pcloud.com/Z18/assets/icons/css/solid.cssfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://login.greennway.com/?FEsTLLPf9M4=aHR0cHM6Ly9taWNyb3NvZnQuc2hhcmVwb2ludC5jb20vOng6L3IvdGVhbXMvKipURUFNtrue
                                                          unknown
                                                          https://challenges.cloudflare.com/turnstile/v0/api.jsfalse
                                                            high
                                                            https://portal.greennway.com/Prefetch/Prefetch.aspxfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://eapi.pcloud.com/getpublinkdownload?fileid=62889012652&forcedownload=1&code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lXfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://pcdn-e.pcloud.com/Z18/img/header_logo.svgfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/964752299:1743503732:uH2S4_q2m6GimxG9dcXbXq68yCJTtT-h9JnWFa8oRug/9297c9465e415e65/gez1tlaGb5F3wwcqP3CKDm2dKtalTAGEniod0Qo0I58-1743507359-1.1.1.1-tvtdHBmXETlkTsG49Mq1wGP5wziYIB8o44WWBYgc0yI23LIsZ8OrCxshdT4TpdVufalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://pcdn-e.pcloud.com/Z18/dist/js/jscommon.jsfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            file:///C:/Users/user/Downloads/downloaded.htmfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/9297c9465e415e65/1743507360909/Y9T7o4Q1DOc5sSxfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.jsfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://ewas2.pcloud.com/D4ZsjkM6KZn8m0sL7ZZZjPuvXkZ1ZZi0zZkZaR1ZgpZLHZKJZpjpdZDtASPhMYtpuiS2sffn5OQRflOkGV/Signature%20required%20%23896764747.pdf?_=1743507322250false
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://pcdn-e.pcloud.com/Z18/fav.icofalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://pcdn-e.pcloud.com/img/mobile/ads-2016/close-web-banner.pngfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://pcdn-e.pcloud.com/Z18/js/main.jsfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://ewas2.pcloud.com/D4ZsjkM6KZn8m0sL7ZZZjPuvXkZ1ZZi0zZkZaR1ZgpZLHZKJZpjpdZDtASPhMYtpuiS2sffn5OQRflOkGV/Signature%20required%20%23896764747.pdf?_=1743507309652false
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://e.pcloud.link/publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lXtrue
                                                              unknown
                                                              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/vajfi/0x4AAAAAAAi078AM9w38G8rk/auto/fbE/new/normal/auto/false
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://pcdn-e.pcloud.com/Z18/dist/js/dlink.jsfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://pcdn-e.pcloud.com/Z18/js/contextMenu/jquery.ui.position.min.jsfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://pcdn-e.pcloud.com/Z18/dist/css/compat.cssfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://login.microsoftonline.com/Me.htm?v=3false
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://e.pcloud.link/false
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://eapi.pcloud.com/getpromoofferforweb?os=4false
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://newnewdomnewbjbfcjfidd.greennway.com/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.jsfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://login.greennway.com/?auth2=zAVmU-sLKzRWPz3D15NFt5keldN9b1wqCg&sso_reload=truetrue
                                                                unknown
                                                                https://pcdn-e.pcloud.com/img/grid/tumb-view.pngfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/9297c9465e415e65/1743507360902/fb6b99eb99f629cc96d807a601ce07db0213eb5559b5684215342cad0cd7a4e1/e1ex99v6o6leMvyfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://login.greennway.com/favicon.icotrue
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wstfalse
                                                                  high
                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs
                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  172.67.198.205
                                                                  newnewdomnewbjbfcjfidd.greennway.comUnited States
                                                                  13335CLOUDFLARENETUSfalse
                                                                  13.107.246.40
                                                                  s-part-0012.t-0009.t-msedge.netUnited States
                                                                  8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                  45.131.244.56
                                                                  e.pcloud.linkLuxembourg
                                                                  51154PCLOUDLUfalse
                                                                  142.250.176.202
                                                                  unknownUnited States
                                                                  15169GOOGLEUSfalse
                                                                  40.126.24.148
                                                                  www.tm.a.prd.aadg.trafficmanager.netUnited States
                                                                  8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                  104.18.94.41
                                                                  unknownUnited States
                                                                  13335CLOUDFLARENETUSfalse
                                                                  142.251.32.99
                                                                  unknownUnited States
                                                                  15169GOOGLEUSfalse
                                                                  104.21.21.131
                                                                  portal.greennway.comUnited States
                                                                  13335CLOUDFLARENETUStrue
                                                                  142.250.81.238
                                                                  unknownUnited States
                                                                  15169GOOGLEUSfalse
                                                                  45.131.244.7
                                                                  unknownLuxembourg
                                                                  51154PCLOUDLUfalse
                                                                  142.251.40.195
                                                                  unknownUnited States
                                                                  15169GOOGLEUSfalse
                                                                  74.120.10.13
                                                                  pcdn-e.pcloud.comUnited States
                                                                  7366LEMURIACOUSfalse
                                                                  142.251.40.170
                                                                  unknownUnited States
                                                                  15169GOOGLEUSfalse
                                                                  142.250.80.35
                                                                  unknownUnited States
                                                                  15169GOOGLEUSfalse
                                                                  142.250.65.170
                                                                  unknownUnited States
                                                                  15169GOOGLEUSfalse
                                                                  172.240.33.60
                                                                  ewas2.pcloud.comUnited States
                                                                  7979SERVERS-COMUSfalse
                                                                  142.250.80.14
                                                                  unknownUnited States
                                                                  15169GOOGLEUSfalse
                                                                  1.1.1.1
                                                                  unknownAustralia
                                                                  13335CLOUDFLARENETUSfalse
                                                                  142.251.179.84
                                                                  unknownUnited States
                                                                  15169GOOGLEUSfalse
                                                                  142.251.40.238
                                                                  unknownUnited States
                                                                  15169GOOGLEUSfalse
                                                                  45.131.247.13
                                                                  eapi.pcloud.comLuxembourg
                                                                  51154PCLOUDLUfalse
                                                                  104.18.95.41
                                                                  challenges.cloudflare.comUnited States
                                                                  13335CLOUDFLARENETUSfalse
                                                                  142.250.81.228
                                                                  www.google.comUnited States
                                                                  15169GOOGLEUSfalse
                                                                  172.67.153.160
                                                                  paepo3pnsz.jimmybilljean.workers.devUnited States
                                                                  13335CLOUDFLARENETUStrue
                                                                  142.250.65.227
                                                                  unknownUnited States
                                                                  15169GOOGLEUSfalse
                                                                  142.251.40.163
                                                                  unknownUnited States
                                                                  15169GOOGLEUSfalse
                                                                  23.44.201.139
                                                                  a1894.dscb.akamai.netUnited States
                                                                  20940AKAMAI-ASN1EUfalse
                                                                  IP
                                                                  192.168.2.16
                                                                  192.168.2.7
                                                                  192.168.2.23
                                                                  192.168.2.13
                                                                  192.168.2.15
                                                                  192.168.2.14
                                                                  Joe Sandbox version:42.0.0 Malachite
                                                                  Analysis ID:1653611
                                                                  Start date and time:2025-04-01 13:34:32 +02:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                  Sample URL:https://e.pcloud.link/publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Number of analysed new started processes analysed:15
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • EGA enabled
                                                                  Analysis Mode:stream
                                                                  Analysis stop reason:Timeout
                                                                  Detection:MAL
                                                                  Classification:mal68.phis.win@31/2@50/289
                                                                  • Exclude process from analysis (whitelisted): svchost.exe
                                                                  • Excluded IPs from analysis (whitelisted): 142.250.81.238, 142.251.40.163, 142.250.80.14, 142.251.179.84
                                                                  • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, clientservices.googleapis.com, clients.l.google.com
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                  • VT rate limit hit for: https://e.pcloud.link/publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:HTML document, ASCII text, with very long lines (377)
                                                                  Category:dropped
                                                                  Size (bytes):16121
                                                                  Entropy (8bit):4.692887532195102
                                                                  Encrypted:false
                                                                  SSDEEP:
                                                                  MD5:070C423D41E19D32109C8E4E3EF2519B
                                                                  SHA1:939FD41B89D1192B958178C2F2D21F368FACA5FA
                                                                  SHA-256:B22D7CC582387E4DF9FF0A240CE151FE6F80E07601283DE62B02A13E5B3C7111
                                                                  SHA-512:15A110F0B411399A26BAAA5B725385FEB8E2656521CDFC422C36AFC42B711D8657F9EB1949BFD19267B363907C0817A3834403BB32D8AA448EB49283708F91D1
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview:.<!doctype html>.<html class="no-js" lang="en">.<head>. <title>Rail-Tec GmbH. - pCloud</title>. <meta name="apple-itunes-app" content="app-id=692002098">. <meta name="facebook-domain-verification" content="mrfhq6xul3tazjwb08axawf84qfiri" />. <meta name="HandheldFriendly" content="true" />. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">. <meta name="keywords" content="best online storage,cloud security,cloud storage,file sharing,file transfer,free cloud storage,free file sharing,send big files,send large files">. <meta http-equiv="cache-control" content="no-cache" />. <meta http-equiv="pragma" content="no-cache" />. <meta name="robots" content="noindex">.. <link href="https://fonts.googleapis.com/css?family=Roboto:400,500,700&display=swap&subset=cyrillic" rel="stylesheet">.. <link rel="stylesheet" href="//pcdn-e.pcloud.com/Z18/css/main.css">. <link rel="stylesheet" href="//pcdn-e.pcloud.com/Z18/css/files.css" class="fi
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (377)
                                                                  Category:dropped
                                                                  Size (bytes):0
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:
                                                                  MD5:DA86D51A5C776A79040608FF72D64E48
                                                                  SHA1:7BC1189CB843FA22D2A12AEE6D90785E22EA7028
                                                                  SHA-256:978CD68A7BB6594A2ABDDCBC7CF3EAD090D908993DBD8A959B46272C5FC626A6
                                                                  SHA-512:1F285316A26E55DE79A6BB84F22D397A8CE1E2810A4C0DD0E83E7BEA11CF8820813C923D7FFE6B4CC2AB26831FB04B2531A8F9705858B5AD9FFAC1CD03897386
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview:.<!doctype html>.<html class="no-js" lang="en">.<head>. <title>Rail-Tec GmbH. - pCloud</title>. <meta name="apple-itunes-app" content="app-id=692002098">. <meta name="facebook-domain-verification" content="mrfhq6xul3tazjwb08axawf84qfiri" />. <meta name="HandheldFriendly" content="true" />. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">. <meta name="keywords" content="best online storage,cloud security,cloud storage,file sharing,file transfer,free cloud storage,free file sharing,send big files,send large files">. <meta http-equiv="cache-control" content="no-cache" />. <meta http-equiv="pragma" content="no-cache" />. <meta name="robots" content="noindex">.. <link href="https://fonts.googleapis.com/css?family=Roboto:400,500,700&display=swap&subset=cyrillic" rel="stylesheet">.. <link rel="stylesheet" href="//pcdn-e.pcloud.com/Z18/css/main.css">. <link rel="stylesheet" href="//pcdn-e.pcloud.com/Z18/css/files.css" class="fi
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (377)
                                                                  Category:dropped
                                                                  Size (bytes):38035
                                                                  Entropy (8bit):4.657194628298535
                                                                  Encrypted:false
                                                                  SSDEEP:
                                                                  MD5:DA86D51A5C776A79040608FF72D64E48
                                                                  SHA1:7BC1189CB843FA22D2A12AEE6D90785E22EA7028
                                                                  SHA-256:978CD68A7BB6594A2ABDDCBC7CF3EAD090D908993DBD8A959B46272C5FC626A6
                                                                  SHA-512:1F285316A26E55DE79A6BB84F22D397A8CE1E2810A4C0DD0E83E7BEA11CF8820813C923D7FFE6B4CC2AB26831FB04B2531A8F9705858B5AD9FFAC1CD03897386
                                                                  Malicious:false
                                                                  Reputation:unknown
                                                                  Preview:.<!doctype html>.<html class="no-js" lang="en">.<head>. <title>Rail-Tec GmbH. - pCloud</title>. <meta name="apple-itunes-app" content="app-id=692002098">. <meta name="facebook-domain-verification" content="mrfhq6xul3tazjwb08axawf84qfiri" />. <meta name="HandheldFriendly" content="true" />. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">. <meta name="keywords" content="best online storage,cloud security,cloud storage,file sharing,file transfer,free cloud storage,free file sharing,send big files,send large files">. <meta http-equiv="cache-control" content="no-cache" />. <meta http-equiv="pragma" content="no-cache" />. <meta name="robots" content="noindex">.. <link href="https://fonts.googleapis.com/css?family=Roboto:400,500,700&display=swap&subset=cyrillic" rel="stylesheet">.. <link rel="stylesheet" href="//pcdn-e.pcloud.com/Z18/css/main.css">. <link rel="stylesheet" href="//pcdn-e.pcloud.com/Z18/css/files.css" class="fi
                                                                  No static file info