Edit tour

Windows Analysis Report
REMITTANCE NOTICE.eml

Overview

General Information

Sample name:	REMITTANCE NOTICE.eml
Analysis ID:	1673183
MD5:	c88e2d196f97b01bfdcffb7fed5118e7
SHA1:	e0a2b43f56fc4e02b7f5c4146a36c28c7e8681d8
SHA256:	ae9b77ea677d7d3e686dd15aab8f0ac076e8f769e4a504c6ae1838e64f4c5038
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish54

AI detected suspicious Javascript

AI detected suspicious elements in Email content

Form action URLs do not match main URL

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML page contains obfuscated script src

Queries the volume information (name, serial number etc) of a device

Sigma detected: Outlook Security Settings Updated - Registry

Stores large binary data to the registry

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 6200 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\REMITTANCE NOTICE.eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 1156 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A2DE3F2E-3AB0-408F-8904-E0E063E6411D" "8216593F-73B5-4906-8DDE-3F88D49A7CC5" "6200" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

Acrobat.exe (PID: 6944 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZKX4MO06\REMITTANCE NOTICE -.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6596 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 1360 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1620 --field-trial-handle=1608,i,5964039751347718064,350761675104696323,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 1984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://sites.google.com/view/new-pacific-airlines-/home MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4800 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2004,i,12636917490285916094,13346713477134499322,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.27..script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
1.15.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
1.17.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Sigma Signatures

Sigma detected: Outlook Security Settings Updated - Registry

Source: Registry Key set

Author: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZKX4MO06\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6200, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6200, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/

Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL '91d30f1f.a42fe027d3bfd39bb429e840.workers.dev' does not match the legitimate domain 'microsoft.com'., The domain 'workers.dev' is a generic domain often used for cloud services, which can be legitimate but is not directly associated with Microsoft., The subdomain and path appear to be randomly generated, which is a common tactic in phishing attempts., The presence of input fields for 'Email, phone, or Skype' is typical for phishing sites attempting to harvest credentials. DOM: 1.15.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 1.27..script.csv, type: HTML
Source: Yara match	File source: 1.15.pages.csv, type: HTML
Source: Yara match	File source: 1.17.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 1.25..script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.... The provided JavaScript snippet uses the `atob()` function to decode a base64-encoded string, which appears to be an HTML document. The decoded content includes an `iframe` element that loads content from a suspicious domain (`smiszs.online`). This behavior is highly indicative of a malicious script, as it could be used to load and execute arbitrary content from an untrusted source. The combination of dynamic code execution, potential data exfiltration, and the use of an obfuscated URL suggests a high-risk scenario that requires immediate investigation and mitigation.

AI detected suspicious elements in Email content

Source: REMITTANCE NOTICE.eml

Joe Sandbox AI: Detected potential phishing email: Generic 'REMITTANCE NOTICE' subject line is a common phishing tactic. Suspicious sender email format 'AP @ NP' with unusually short domain 'np.com'. PDF attachment with similar name as subject is a common malware delivery method

Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: Form action: https://smiazs.online/common/login workers smiazs
Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: Form action: https://smiazs.online/common/login workers smiazs

Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/

HTTP Parser: Number of links: 0

Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/

HTTP Parser: Base64 decoded: <!doctype html><html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"></head><body style="margin:0;padding:0"><iframe src="https://smiazs.online/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczov...

Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

Source: Email

Classification: Invoice Scam

Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx

Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/

HTTP Parser: <input type="password" .../> found

Source: https://sites.google.com/view/new-pacific-airlines-/home	HTTP Parser: No favicon
Source: https://sites.google.com/view/new-pacific-airlines-/home	HTTP Parser: No favicon
Source: https://sites.google.com/view/new-pacific-airlines-/home	HTTP Parser: No favicon
Source: https://sites.google.com/view/new-pacific-airlines-/home	HTTP Parser: No favicon
Source: https://sites.google.com/view/new-pacific-airlines-/home	HTTP Parser: No favicon
Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: No favicon
Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: No favicon
Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: No favicon
Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: No favicon
Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: No favicon
Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: No favicon
Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: No favicon
Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: No favicon

Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: No <meta name="author".. found
Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: No <meta name="author".. found

Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: No <meta name="copyright".. found
Source: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 192.178.49.209:443 -> 192.168.2.17:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.68.225:443 -> 192.168.2.17:50012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.68.228:443 -> 192.168.2.17:50018 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.68.225:443 -> 192.168.2.17:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.116.138:443 -> 192.168.2.17:50034 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.113.132:443 -> 192.168.2.17:50039 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.17:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.17:50045 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.17:50047 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.17:50047 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.17:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.17:50049 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.17:50052 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.17:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.61.150.91:443 -> 192.168.2.17:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.17:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.6.156:443 -> 192.168.2.17:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.61.150.91:443 -> 192.168.2.17:50080 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.61.150.91:443 -> 192.168.2.17:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.61.150.91:443 -> 192.168.2.17:50082 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 31MB

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.86.251.25
Source: unknown	TCP traffic detected without corresponding DNS query: 184.86.251.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /WoHFMRs2tT4w9EqQ0LYNX7GOSaibDLuZbQpmusipn1lkgxQXI66cNmAqZq_hohWveJamQrYofiYcveEkECIs3GM=w16383 HTTP/1.1Host: lh4.googleusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://sites.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WoHFMRs2tT4w9EqQ0LYNX7GOSaibDLuZbQpmusipn1lkgxQXI66cNmAqZq_hohWveJamQrYofiYcveEkECIs3GM=w16383 HTTP/1.1Host: lh4.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /X-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/api.js?checkCookie=1 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.gstatic.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=523=bNTsc6wZukbLoFsBmlWgHgqeLPSQeUyAFiPFhpf2cIFEV49FHgbiyjW5_wHi-1lxSBGh4uVaYH6W0s5d1jingpetb4vooVZhFb0JO_pb5o3HhFFBY-YQTbbd3Xv5Gdwff6NdhuShWMdMipguvTmjg0hxWIToVtBTZ-Gj-UuqAQ5nkZ5lh2HiO05JsXFH5oQktx7edso4fg-alQ
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.lb.en.aua8ukEWe74.O/m=gapi_rpc/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-9vDKdscewy8drQ984EeTo0iOz2A/cb=gapi.loaded_0?le=scs HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.gstatic.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=523=bNTsc6wZukbLoFsBmlWgHgqeLPSQeUyAFiPFhpf2cIFEV49FHgbiyjW5_wHi-1lxSBGh4uVaYH6W0s5d1jingpetb4vooVZhFb0JO_pb5o3HhFFBY-YQTbbd3Xv5Gdwff6NdhuShWMdMipguvTmjg0hxWIToVtBTZ-Gj-UuqAQ5nkZ5lh2HiO05JsXFH5oQktx7edso4fg-alQ
Source: global traffic	HTTP traffic detected: GET /embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.aua8ukEWe74.O%2Fd%3D1%2Frs%3DAHpOoo-9vDKdscewy8drQ984EeTo0iOz2A%2Fm%3D__features__ HTTP/1.1Host: 1612630721-atari-embeds.googleusercontent.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://www.gstatic.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/api.js?checkCookie=1 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://1612630721-atari-embeds.googleusercontent.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=523=bNTsc6wZukbLoFsBmlWgHgqeLPSQeUyAFiPFhpf2cIFEV49FHgbiyjW5_wHi-1lxSBGh4uVaYH6W0s5d1jingpetb4vooVZhFb0JO_pb5o3HhFFBY-YQTbbd3Xv5Gdwff6NdhuShWMdMipguvTmjg0hxWIToVtBTZ-Gj-UuqAQ5nkZ5lh2HiO05JsXFH5oQktx7edso4fg-alQ
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.lb.en.aua8ukEWe74.O/m=gapi_rpc/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-9vDKdscewy8drQ984EeTo0iOz2A/cb=gapi.loaded_0?le=scs HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://1612630721-atari-embeds.googleusercontent.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=523=bNTsc6wZukbLoFsBmlWgHgqeLPSQeUyAFiPFhpf2cIFEV49FHgbiyjW5_wHi-1lxSBGh4uVaYH6W0s5d1jingpetb4vooVZhFb0JO_pb5o3HhFFBY-YQTbbd3Xv5Gdwff6NdhuShWMdMipguvTmjg0hxWIToVtBTZ-Gj-UuqAQ5nkZ5lh2HiO05JsXFH5oQktx7edso4fg-alQ
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 91d30f1f.a42fe027d3bfd39bb429e840.workers.devConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/Joe12387/detectIncognito@main/dist/es5/detectIncognito.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/44e6f86df4dc/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/u8hlz/0x4AAAAAABQ5Vg0dyoKVtofD/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=93563cbada955529&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/u8hlz/0x4AAAAAABQ5Vg0dyoKVtofD/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/u8hlz/0x4AAAAAABQ5Vg0dyoKVtofD/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 91d30f1f.a42fe027d3bfd39bb429e840.workers.devConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 91d30f1f.a42fe027d3bfd39bb429e840.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1960582682:1745501110:MQ_PrKVCScjlyAt7aAQR0oenKm4HmOGd9IYd458Spro/93563cbada955529/7afm1bbkdeQt9sXvN0D9tFtgLZWdyKHvkWvj3xPy7oM-1745504383-1.1.1.1-ipnyQ.I33dMHlNn.6oGyHlKoWNkOeyG3u7Pj9r_1Z2iQny81qMmOwrwd_A4DaIcP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/93563cbada955529/1745504384730/620e9a6991a70ed476468ef97dfa8b958e5d777c02a7383dffcf9e1e5ea5f7a8/tcMcceCbI86PPst HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/u8hlz/0x4AAAAAABQ5Vg0dyoKVtofD/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/93563cbada955529/1745504384730/QxNIBbdpdPk6_sX HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/u8hlz/0x4AAAAAABQ5Vg0dyoKVtofD/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/93563cbada955529/1745504384730/QxNIBbdpdPk6_sX HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1960582682:1745501110:MQ_PrKVCScjlyAt7aAQR0oenKm4HmOGd9IYd458Spro/93563cbada955529/7afm1bbkdeQt9sXvN0D9tFtgLZWdyKHvkWvj3xPy7oM-1745504383-1.1.1.1-ipnyQ.I33dMHlNn.6oGyHlKoWNkOeyG3u7Pj9r_1Z2iQny81qMmOwrwd_A4DaIcP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3NtaWF6cy5vbmxpbmUvIiwiZG9tYWluIjoic21pYXpzLm9ubGluZSIsImtleSI6ImY1MWpWMFF3a3kxSCIsInJlZiI6bnVsbCwiaWF0IjoxNzQ1NTA0MzkwLCJleHAiOjE3NDU1MDQ1MTB9.STq5gCQR8nP3NoE2CrKQJhMbnIlvdloRrNLSstOEyzY HTTP/1.1Host: smiazs.onlineConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /index.html//?uuq_tgnqcf=vtwg HTTP/1.1Host: smiazs.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=f51jV0Qwky1H; qPdM.sig=rynze8Z_jFmn4JFISP8hP97I1IQ
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1Host: smiazs.onlineConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://smiazs.online/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=f51jV0Qwky1H; qPdM.sig=rynze8Z_jFmn4JFISP8hP97I1IQ; buid=1.AQ0AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAANAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE57RkVM576VlUSYONSqFaORirJVbWtsEWYXt_t_uVbUmBtzXC9cSRZcPKE_3vwTreERcNjKzVKoG-vo2WA5o2nrd_S6U4VBx2RaUWfeq7ngMgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEzQTGdENqnR_ytrwO-Q7aV5MB-C0VMfzJiKm4N1n3N3Y6anzxFHz9GYv8fhdNBjo0KvwqWQqkDM9NctpMaocJiSX5k2hKCVqmmWzIyqfhqbn1KkeeDaeEb59kPFFY02EFlQ9QZEE-KMqLozN1nfQNYC_i4ZmYehDaDzl-Mabt3OogAA; esctx-gu6trzuOXI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEspI-ajReOq8fvXBuIdgN_uruxuzW9yFHc5jUdQre7Sc9qyKim9MvUZ9ViRkgy-6rqJv-OJ6DH1k2Zx0AZD6pXZww8k26eZz3rSQnb0IDhwqmgsBKPbNEotSgt8qcq1DKX3R0CYmF_a_9ZPEOfbFv3yAA; fpc=ArRZQ-HXpCFKllFgHkh3Uxy4vjNwAQAAAIc_nN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_JXiTFACSOROsZgtGRJo1aA2.js HTTP/1.1Host: smiazs.onlineConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://smiazs.online/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=f51jV0Qwky1H; qPdM.sig=rynze8Z_jFmn4JFISP8hP97I1IQ; buid=1.AQ0AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAANAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE57RkVM576VlUSYONSqFaORirJVbWtsEWYXt_t_uVbUmBtzXC9cSRZcPKE_3vwTreERcNjKzVKoG-vo2WA5o2nrd_S6U4VBx2RaUWfeq7ngMgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEzQTGdENqnR_ytrwO-Q7aV5MB-C0VMfzJiKm4N1n3N3Y6anzxFHz9GYv8fhdNBjo0KvwqWQqkDM9NctpMaocJiSX5k2hKCVqmmWzIyqfhqbn1KkeeDaeEb59kPFFY02EFlQ9QZEE-KMqLozN1nfQNYC_i4ZmYehDaDzl-Mabt3OogAA; esctx-gu6trzuOXI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEspI-ajReOq8fvXBuIdgN_uruxuzW9yFHc5jUdQre7Sc9qyKim9MvUZ9ViRkgy-6rqJv-OJ6DH1k2Zx0AZD6pXZww8k26eZz3rSQnb0IDhwqmgsBKPbNEotSgt8qcq1DKX3R0CYmF_a_9ZPEOfbFv3yAA; fpc=ArRZQ-HXpCFKllFgHkh3Uxy4vjNwAQAAAIc_nN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_cwzkvppibgumnhupu2wjoa2.js HTTP/1.1Host: smiazs.onlineConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://smiazs.online/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=f51jV0Qwky1H; qPdM.sig=rynze8Z_jFmn4JFISP8hP97I1IQ; buid=1.AQ0AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAANAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE57RkVM576VlUSYONSqFaORirJVbWtsEWYXt_t_uVbUmBtzXC9cSRZcPKE_3vwTreERcNjKzVKoG-vo2WA5o2nrd_S6U4VBx2RaUWfeq7ngMgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEzQTGdENqnR_ytrwO-Q7aV5MB-C0VMfzJiKm4N1n3N3Y6anzxFHz9GYv8fhdNBjo0KvwqWQqkDM9NctpMaocJiSX5k2hKCVqmmWzIyqfhqbn1KkeeDaeEb59kPFFY02EFlQ9QZEE-KMqLozN1nfQNYC_i4ZmYehDaDzl-Mabt3OogAA; esctx-gu6trzuOXI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEspI-ajReOq8fvXBuIdgN_uruxuzW9yFHc5jUdQre7Sc9qyKim9MvUZ9ViRkgy-6rqJv-OJ6DH1k2Zx0AZD6pXZww8k26eZz3rSQnb0IDhwqmgsBKPbNEotSgt8qcq1DKX3R0CYmF_a_9ZPEOfbFv3yAA; fpc=ArRZQ-HXpCFKllFgHkh3Uxy4vjNwAQAAAIc_nN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js HTTP/1.1Host: smiazs.onlineConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://smiazs.online/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=f51jV0Qwky1H; qPdM.sig=rynze8Z_jFmn4JFISP8hP97I1IQ; buid=1.AQ0AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAANAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE57RkVM576VlUSYONSqFaORirJVbWtsEWYXt_t_uVbUmBtzXC9cSRZcPKE_3vwTreERcNjKzVKoG-vo2WA5o2nrd_S6U4VBx2RaUWfeq7ngMgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEzQTGdENqnR_ytrwO-Q7aV5MB-C0VMfzJiKm4N1n3N3Y6anzxFHz9GYv8fhdNBjo0KvwqWQqkDM9NctpMaocJiSX5k2hKCVqmmWzIyqfhqbn1KkeeDaeEb59kPFFY02EFlQ9QZEE-KMqLozN1nfQNYC_i4ZmYehDaDzl-Mabt3OogAA; esctx-gu6trzuOXI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEspI-ajReOq8fvXBuIdgN_uruxuzW9yFHc5jUdQre7Sc9qyKim9MvUZ9ViRkgy-6rqJv-OJ6DH1k2Zx0AZD6pXZww8k26eZz3rSQnb0IDhwqmgsBKPbNEotSgt8qcq1DKX3R0CYmF_a_9ZPEOfbFv3yAA; fpc=ArRZQ-HXpCFKllFgHkh3Uxy4vjNwAQAAAIc_nN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: smiazs.onlineConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://smiazs.online/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=f51jV0Qwky1H; qPdM.sig=rynze8Z_jFmn4JFISP8hP97I1IQ; buid=1.AQ0AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAANAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE57RkVM576VlUSYONSqFaORirJVbWtsEWYXt_t_uVbUmBtzXC9cSRZcPKE_3vwTreERcNjKzVKoG-vo2WA5o2nrd_S6U4VBx2RaUWfeq7ngMgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEzQTGdENqnR_ytrwO-Q7aV5MB-C0VMfzJiKm4N1n3N3Y6anzxFHz9GYv8fhdNBjo0KvwqWQqkDM9NctpMaocJiSX5k2hKCVqmmWzIyqfhqbn1KkeeDaeEb59kPFFY02EFlQ9QZEE-KMqLozN1nfQNYC_i4ZmYehDaDzl-Mabt3OogAA; esctx-gu6trzuOXI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEspI-ajReOq8fvXBuIdgN_uruxuzW9yFHc5jUdQre7Sc9qyKim9MvUZ9ViRkgy-6rqJv-OJ6DH1k2Zx0AZD6pXZww8k26eZz3rSQnb0IDhwqmgsBKPbNEotSgt8qcq1DKX3R0CYmF_a_9ZPEOfbFv3yAA; fpc=ArRZQ-HXpCFKllFgHkh3Uxy4vjNwAQAAAIc_nN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: smiazs.onlineConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://smiazs.online/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=f51jV0Qwky1H; qPdM.sig=rynze8Z_jFmn4JFISP8hP97I1IQ; buid=1.AQ0AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAANAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE57RkVM576VlUSYONSqFaORirJVbWtsEWYXt_t_uVbUmBtzXC9cSRZcPKE_3vwTreERcNjKzVKoG-vo2WA5o2nrd_S6U4VBx2RaUWfeq7ngMgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEzQTGdENqnR_ytrwO-Q7aV5MB-C0VMfzJiKm4N1n3N3Y6anzxFHz9GYv8fhdNBjo0KvwqWQqkDM9NctpMaocJiSX5k2hKCVqmmWzIyqfhqbn1KkeeDaeEb59kPFFY02EFlQ9QZEE-KMqLozN1nfQNYC_i4ZmYehDaDzl-Mabt3OogAA; esctx-gu6trzuOXI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEspI-ajReOq8fvXBuIdgN_uruxuzW9yFHc5jUdQre7Sc9qyKim9MvUZ9ViRkgy-6rqJv-OJ6DH1k2Zx0AZD6pXZww8k26eZz3rSQnb0IDhwqmgsBKPbNEotSgt8qcq1DKX3R0CYmF_a_9ZPEOfbFv3yAA; fpc=ArRZQ-HXpCFKllFgHkh3Uxy4vjNwAQAAAIc_nN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: smiazs.onlineConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://smiazs.online/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=f51jV0Qwky1H; qPdM.sig=rynze8Z_jFmn4JFISP8hP97I1IQ; buid=1.AQ0AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAANAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE57RkVM576VlUSYONSqFaORirJVbWtsEWYXt_t_uVbUmBtzXC9cSRZcPKE_3vwTreERcNjKzVKoG-vo2WA5o2nrd_S6U4VBx2RaUWfeq7ngMgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEzQTGdENqnR_ytrwO-Q7aV5MB-C0VMfzJiKm4N1n3N3Y6anzxFHz9GYv8fhdNBjo0KvwqWQqkDM9NctpMaocJiSX5k2hKCVqmmWzIyqfhqbn1KkeeDaeEb59kPFFY02EFlQ9QZEE-KMqLozN1nfQNYC_i4ZmYehDaDzl-Mabt3OogAA; esctx-gu6trzuOXI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEspI-ajReOq8fvXBuIdgN_uruxuzW9yFHc5jUdQre7Sc9qyKim9MvUZ9ViRkgy-6rqJv-OJ6DH1k2Zx0AZD6pXZww8k26eZz3rSQnb0IDhwqmgsBKPbNEotSgt8qcq1DKX3R0CYmF_a_9ZPEOfbFv3yAA; fpc=ArRZQ-HXpCFKllFgHkh3Uxy4vjNwAQAAAIc_nN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: smiazs.onlineConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://smiazs.online/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=f51jV0Qwky1H; qPdM.sig=rynze8Z_jFmn4JFISP8hP97I1IQ; buid=1.AQ0AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAANAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE57RkVM576VlUSYONSqFaORirJVbWtsEWYXt_t_uVbUmBtzXC9cSRZcPKE_3vwTreERcNjKzVKoG-vo2WA5o2nrd_S6U4VBx2RaUWfeq7ngMgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEzQTGdENqnR_ytrwO-Q7aV5MB-C0VMfzJiKm4N1n3N3Y6anzxFHz9GYv8fhdNBjo0KvwqWQqkDM9NctpMaocJiSX5k2hKCVqmmWzIyqfhqbn1KkeeDaeEb59kPFFY02EFlQ9QZEE-KMqLozN1nfQNYC_i4ZmYehDaDzl-Mabt3OogAA; esctx-gu6trzuOXI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEspI-ajReOq8fvXBuIdgN_uruxuzW9yFHc5jUdQre7Sc9qyKim9MvUZ9ViRkgy-6rqJv-OJ6DH1k2Zx0AZD6pXZww8k26eZz3rSQnb0IDhwqmgsBKPbNEotSgt8qcq1DKX3R0CYmF_a_9ZPEOfbFv3yAA; fpc=ArRZQ-HXpCFKllFgHkh3Uxy4vjNwAQAAAIc_nN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: portal.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://smiazs.online/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 91d30f1f.a42fe027d3bfd39bb429e840.workers.devConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://91d30f1f.a42fe027d3bfd39bb429e840.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: smiazs.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=f51jV0Qwky1H; qPdM.sig=rynze8Z_jFmn4JFISP8hP97I1IQ; buid=1.AQ0AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAANAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE57RkVM576VlUSYONSqFaORirJVbWtsEWYXt_t_uVbUmBtzXC9cSRZcPKE_3vwTreERcNjKzVKoG-vo2WA5o2nrd_S6U4VBx2RaUWfeq7ngMgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEzQTGdENqnR_ytrwO-Q7aV5MB-C0VMfzJiKm4N1n3N3Y6anzxFHz9GYv8fhdNBjo0KvwqWQqkDM9NctpMaocJiSX5k2hKCVqmmWzIyqfhqbn1KkeeDaeEb59kPFFY02EFlQ9QZEE-KMqLozN1nfQNYC_i4ZmYehDaDzl-Mabt3OogAA; esctx-gu6trzuOXI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEspI-ajReOq8fvXBuIdgN_uruxuzW9yFHc5jUdQre7Sc9qyKim9MvUZ9ViRkgy-6rqJv-OJ6DH1k2Zx0AZD6pXZww8k26eZz3rSQnb0IDhwqmgsBKPbNEotSgt8qcq1DKX3R0CYmF_a_9ZPEOfbFv3yAA; fpc=ArRZQ-HXpCFKllFgHkh3Uxy4vjNwAQAAAIc_nN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: smiazs.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=f51jV0Qwky1H; qPdM.sig=rynze8Z_jFmn4JFISP8hP97I1IQ; buid=1.AQ0AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAANAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE57RkVM576VlUSYONSqFaORirJVbWtsEWYXt_t_uVbUmBtzXC9cSRZcPKE_3vwTreERcNjKzVKoG-vo2WA5o2nrd_S6U4VBx2RaUWfeq7ngMgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEzQTGdENqnR_ytrwO-Q7aV5MB-C0VMfzJiKm4N1n3N3Y6anzxFHz9GYv8fhdNBjo0KvwqWQqkDM9NctpMaocJiSX5k2hKCVqmmWzIyqfhqbn1KkeeDaeEb59kPFFY02EFlQ9QZEE-KMqLozN1nfQNYC_i4ZmYehDaDzl-Mabt3OogAA; esctx-gu6trzuOXI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEspI-ajReOq8fvXBuIdgN_uruxuzW9yFHc5jUdQre7Sc9qyKim9MvUZ9ViRkgy-6rqJv-OJ6DH1k2Zx0AZD6pXZww8k26eZz3rSQnb0IDhwqmgsBKPbNEotSgt8qcq1DKX3R0CYmF_a_9ZPEOfbFv3yAA; fpc=ArRZQ-HXpCFKllFgHkh3Uxy4vjNwAQAAAIc_nN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: smiazs.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=f51jV0Qwky1H; qPdM.sig=rynze8Z_jFmn4JFISP8hP97I1IQ; buid=1.AQ0AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAANAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE57RkVM576VlUSYONSqFaORirJVbWtsEWYXt_t_uVbUmBtzXC9cSRZcPKE_3vwTreERcNjKzVKoG-vo2WA5o2nrd_S6U4VBx2RaUWfeq7ngMgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEzQTGdENqnR_ytrwO-Q7aV5MB-C0VMfzJiKm4N1n3N3Y6anzxFHz9GYv8fhdNBjo0KvwqWQqkDM9NctpMaocJiSX5k2hKCVqmmWzIyqfhqbn1KkeeDaeEb59kPFFY02EFlQ9QZEE-KMqLozN1nfQNYC_i4ZmYehDaDzl-Mabt3OogAA; esctx-gu6trzuOXI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEspI-ajReOq8fvXBuIdgN_uruxuzW9yFHc5jUdQre7Sc9qyKim9MvUZ9ViRkgy-6rqJv-OJ6DH1k2Zx0AZD6pXZww8k26eZz3rSQnb0IDhwqmgsBKPbNEotSgt8qcq1DKX3R0CYmF_a_9ZPEOfbFv3yAA; fpc=ArRZQ-HXpCFKllFgHkh3Uxy4vjNwAQAAAIc_nN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 91d30f1f.a42fe027d3bfd39bb429e840.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: csp.withgoogle.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: lh4.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: 1612630721-atari-embeds.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: 91d30f1f.a42fe027d3bfd39bb429e840.workers.dev
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: smiazs.online
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: portal.microsoftonline.com

Source: unknown

HTTP traffic detected: POST /csp/proto/6b8ce7c01e3dacd3d2c7a8cd322ff979 HTTP/1.1Host: csp.withgoogle.comConnection: keep-aliveContent-Length: 56sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: https://sites.google.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://sites.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-store, no-cacheContent-Length: 1245Content-Type: text/htmlSet-Cookie: s.SessID=01a40679-f385-4e97-82c8-a80931ae79d4; path=/; secure; HttpOnly; SameSite=NoneSet-Cookie: s.SessID=01a40679-f385-4e97-82c8-a80931ae79d4; path=/; secure; HttpOnly; SameSite=NoneSet-Cookie: x-portal-routekey=wus; path=/; secure; HttpOnlyx-ms-correlation-id: cd5b64df-be79-4011-a8c3-d2a8e839ad7cX-Content-Type-Options: nosniffX-UA-Compatible: IE=EdgeX-Cache: CONFIG_NOCACHEX-MSEdge-Ref: Ref A: B79AC5E325FC44C188570A904C1C6EE5 Ref B: LAX311000114007 Ref C: 2025-04-24T14:19:56ZDate: Thu, 24 Apr 2025 14:19:55 GMTConnection: close

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443

Source: unknown	HTTPS traffic detected: 192.178.49.209:443 -> 192.168.2.17:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.68.225:443 -> 192.168.2.17:50012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.68.228:443 -> 192.168.2.17:50018 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.68.225:443 -> 192.168.2.17:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.116.138:443 -> 192.168.2.17:50034 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.113.132:443 -> 192.168.2.17:50039 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.17:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.17:50045 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.17:50047 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.17:50047 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.17:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.17:50049 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.17:50052 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.17:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.61.150.91:443 -> 192.168.2.17:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.17:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.6.156:443 -> 192.168.2.17:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.61.150.91:443 -> 192.168.2.17:50080 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.61.150.91:443 -> 192.168.2.17:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.61.150.91:443 -> 192.168.2.17:50082 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.winEML@48/10@42/156