Windows Analysis Report
https://australianfoodandfibre.servicedeskplus.net.au/app/itdesk/ui/requests/867000003351579/details

Overview

General Information

Sample URL:	https://australianfoodandfibre.servicedeskplus.net.au/app/itdesk/ui/requests/867000003351579/details
Analysis ID:	1500938
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

HTML body contains low number of good links

Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D&sso_reload=true	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D&sso_reload=true

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /app/itdesk/ui/requests/867000003351579/details HTTP/1.1Host: australianfoodandfibre.servicedeskplus.net.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Login.jsp?serviceurl=%2Fapp%2Fitdesk%2Fui%2Frequests%2F867000003351579%2Fdetails HTTP/1.1Host: australianfoodandfibre.servicedeskplus.net.auConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: zalb_d63ded2016=771e32d61209a8f8d2cb5ace3045233c; sdpcscook=57798b93-f060-4609-b778-23fedd8ad93b; _zcsr_tmp=57798b93-f060-4609-b778-23fedd8ad93b
Source: global traffic	HTTP traffic detected: GET /samlauthrequest/aff-limited.com.au?serviceurl=https%3A%2F%2Faustralianfoodandfibre.servicedeskplus.net.au%2Fapp%2Fitdesk%2Fui%2Frequests%2F867000003351579%2Fdetails&servicename=SDPOnDemand&portal_id=7001242490&hide_signup=false HTTP/1.1Host: accounts.zoho.com.auConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_758d4d3367a37038a3b2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_758d4d3367a37038a3b2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/winauth/ssoprobe?client-request-id=de01a722-6f49-4599-ab7d-ff51aec23674&_=1724906554053 HTTP/1.1Host: autologon.microsoftazuread-sso.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /81d6b03a-0oaqvemumiggapupispz73q-euqm382uqpsqys7gkkc/logintenantbranding/0/illustration?ts=637640617494988131 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /81d6b03a-0oaqvemumiggapupispz73q-euqm382uqpsqys7gkkc/logintenantbranding/0/illustration?ts=637640617494988131 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: australianfoodandfibre.servicedeskplus.net.au
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.zoho.com.au
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msauthimages.net
Source: global traffic	DNS traffic detected: DNS query: autologon.microsoftazuread-sso.com

Source: chromecache_62.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_62.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@17/46@23/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2208,i,972951138316772105,17389294996650650195,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://australianfoodandfibre.servicedeskplus.net.au/app/itdesk/ui/requests/867000003351579/details"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2208,i,972951138316772105,17389294996650650195,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
103.138.128.66	zs-au1-lc1-h2.servicedeskplus.net.au	Australia	139006	ZCPL-AS-APZohoCorporationPTYLTDAU	false
13.107.246.73	s-part-0045.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.126.28.18	autologon.microsoftazuread-sso.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
152.199.21.175	sni1gl.wpc.upsiloncdn.net	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.214.172	true
zs-au1-lc1-h2.servicedeskplus.net.au	103.138.128.66	true
sni1gl.wpc.upsiloncdn.net	152.199.21.175	true
sni1gl.wpc.omegacdn.net	152.199.21.175	true
www.google.com	142.250.186.164	true
s-part-0045.t-0009.t-msedge.net	13.107.246.73	true
zs-au1-lc1-h2.zoho.com.au	103.138.128.66	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
autologon.microsoftazuread-sso.com	40.126.28.18	true
aadcdn.msauthimages.net	unknown	unknown
identity.nel.measure.office.net	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
accounts.zoho.com.au	unknown	unknown
login.microsoftonline.com	unknown	unknown
australianfoodandfibre.servicedeskplus.net.au	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://australianfoodandfibre.servicedeskplus.net.au/Login.jsp?serviceurl=%2Fapp%2Fitdesk%2Fui%2Frequests%2F867000003351579%2Fdetails	false	Avira URL Cloud: safe	unknown
https://accounts.zoho.com.au/samlauthrequest/aff-limited.com.au?serviceurl=https%3A%2F%2Faustralianfoodandfibre.servicedeskplus.net.au%2Fapp%2Fitdesk%2Fui%2Frequests%2F867000003351579%2Fdetails&servicename=SDPOnDemand&portal_id=7001242490&hide_signup=false	false	Avira URL Cloud: safe	unknown
https://aadcdn.msauthimages.net/81d6b03a-0oaqvemumiggapupispz73q-euqm382uqpsqys7gkkc/logintenantbranding/0/illustration?ts=637640617494988131	false	Avira URL Cloud: safe	unknown
https://australianfoodandfibre.servicedeskplus.net.au/app/itdesk/ui/requests/867000003351579/details	false		unknown
https://autologon.microsoftazuread-sso.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/winauth/ssoprobe?client-request-id=de01a722-6f49-4599-ab7d-ff51aec23674&_=1724906554053	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 60	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152	C1E82BF71ADD622AD0F3BF8572F634FC	6CA863D4CAB96669202548D301693B3F5F80B0D5	BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
Chrome Cache Entry: 61	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866	6DE768A4DF1E0D0061CDB52EF06346C4	3829A667B97668008023DDA98F4C0772174C8EF6	58732EEE2ED9091F4F5776DC8A8A14116CBE5A2BA1CCDA0256896BAB08A52128
Chrome Cache Entry: 62	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators	CB06E9A552B197D5C0EA600B431A3407	04E167433F2F1038C78F387F8A166BB6542C2008	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
Chrome Cache Entry: 63	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152	C1E82BF71ADD622AD0F3BF8572F634FC	6CA863D4CAB96669202548D301693B3F5F80B0D5	BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
Chrome Cache Entry: 64	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 65	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1017x678, components 3	8412A6F74B196981D3BEE266B17BC756	90158D3FBAF87AB9D71D1A854DD1AFF6FB5CE8BA	03EE2BCE70C9BE4D5E3A9B01DED41F4518F9C1050A2552DCD2F3225644937ECC
Chrome Cache Entry: 66	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 67	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113401	48981D3CF57E7C58CA7E3E851EF9354E	73593DE7633B10F9FFD0EF0E46280FA40FF433FF	8A5E756923CC5C3F013862427B7622F58A52501C5A6017FFF2FDB2AFD94A10C2
Chrome Cache Entry: 68	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 449540	B9A054903589649EF9B8AC6373ABE4BF	B3E0D0512F7B1C59F89BD86338FCD73D57385672	4EAFFBA1EDB780DEC8B10D44D25951D96BEE9E0F98E46F87849EDA4ECEEEAAB6
Chrome Cache Entry: 69	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 449540	B9A054903589649EF9B8AC6373ABE4BF	B3E0D0512F7B1C59F89BD86338FCD73D57385672	4EAFFBA1EDB780DEC8B10D44D25951D96BEE9E0F98E46F87849EDA4ECEEEAAB6
Chrome Cache Entry: 70	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 71	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 72	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769	157CD264060EC0AA768C58FA5E3BCD45	C11F015567C602806D9B2FAA5FB5C36ED15D2BF2	5AA014AA67DDC6E040E1F60BBE3B7E810809759B561E391A9B8F84A93827E07B
Chrome Cache Entry: 73	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866	6DE768A4DF1E0D0061CDB52EF06346C4	3829A667B97668008023DDA98F4C0772174C8EF6	58732EEE2ED9091F4F5776DC8A8A14116CBE5A2BA1CCDA0256896BAB08A52128
Chrome Cache Entry: 74	ASCII text, with no line terminators	06B313E93DD76909460FBFC0CD98CB6B	C4F9B2BBD840A4328F85F54873C434336A193888	B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
Chrome Cache Entry: 75	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755	20C932851211BE4254786E0812D655B8	98292BF09A8031CB5F70B85357A4DB7054F7886F	DE1485F02216071216CC6D4D8C3DABD276DA0047F425561D91FF160348E826AD
Chrome Cache Entry: 76	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 77	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 78	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986	FEDAFBAC6D003C0D0DCA6F46FC3305C2	19A766D07F77FB5A37435FB94001E6170382DF36	15D89CD4219307695E0C0E02D0A852BCE5F1549DC1C48D0116ED05EEA0747461
Chrome Cache Entry: 79	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 80	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 81	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 82	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 56391	466F92DF115AB60E409B52CE9AE7D7F6	C66FD8D11F68C34620AF2B168FEA53F5DE4E7E8D	9EB3C48D42144538117B643972D5ADEBE31997CFE7F046C73FFD9742D1AF6DE0
Chrome Cache Entry: 83	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1017x678, components 3	8412A6F74B196981D3BEE266B17BC756	90158D3FBAF87AB9D71D1A854DD1AFF6FB5CE8BA	03EE2BCE70C9BE4D5E3A9B01DED41F4518F9C1050A2552DCD2F3225644937ECC
Chrome Cache Entry: 84	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769	157CD264060EC0AA768C58FA5E3BCD45	C11F015567C602806D9B2FAA5FB5C36ED15D2BF2	5AA014AA67DDC6E040E1F60BBE3B7E810809759B561E391A9B8F84A93827E07B
Chrome Cache Entry: 85	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 86	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 87	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 88	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 56391	466F92DF115AB60E409B52CE9AE7D7F6	C66FD8D11F68C34620AF2B168FEA53F5DE4E7E8D	9EB3C48D42144538117B643972D5ADEBE31997CFE7F046C73FFD9742D1AF6DE0
Chrome Cache Entry: 89	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755	20C932851211BE4254786E0812D655B8	98292BF09A8031CB5F70B85357A4DB7054F7886F	DE1485F02216071216CC6D4D8C3DABD276DA0047F425561D91FF160348E826AD

HTML body contains low number of good links

Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D&sso_reload=true	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/saml2?SAMLRequest=fVLbjpswEP0V5HfAGAMbK0SiG1WNtG3RJu3DvlTGDIklsKnHpJevL7DdVaSq%2B3rGc27jLcqhH0U1%2BYt5hO8ToA9%2BDr1BsQ5KMjkjrESNwsgBUHgljtXHB8EiKkZnvVW2J8FhX5JvjbrLoMnyjvKUd63aNHLDgaa8UG3BcpoUjG9oToKv4FBbU5KZZN5FnOBg0EvjZ4gyHtK7kG1OlAvOBMujPEufSPDeOgWr0ZJ0skdYVmuJqK%2FwitR%2FLb3TptXm%2FLb%2F5vkRig%2BnUx3Wn48nElSI4Pzs7t4anAZwR3BXreDL40NJLt6PKOJYKmUn4zH6bS82UnaI5BSjPhtt4qU3HOOC0oTxJTAJ9nOr2ki%2FZn7h6O1Zm2jQylm0nbem1wYWrrhhsmhYkoRZxpqQdyoLZUvbsEmzJpUsLSCFVYatea%2B6BfdpDleSp9kO2W2XmVhrdTfHfLsL%2BZKb7G5CbeMbrmfiUSxah31te61%2BBVXf2x%2F3DqSf9b2bYD3UIP3%2F5ZIoWRHdht36VMAgdV%2B1rQPE2X%2F8r84rePtTd38A&RelayState=aHR0cHM6Ly9hdXN0cmFsaWFuZm9vZGFuZGZpYnJlLnNlcnZpY2VkZXNrcGx1cy5uZXQuYXUvYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy84NjcwMDAwMDMzNTE1NzkvZGV0YWlsc19fSUFNX19TRFBPbkRlbWFuZF9fSUFNX19fX0lBTV9fZmFsc2U%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /app/itdesk/ui/requests/867000003351579/details HTTP/1.1Host: australianfoodandfibre.servicedeskplus.net.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Login.jsp?serviceurl=%2Fapp%2Fitdesk%2Fui%2Frequests%2F867000003351579%2Fdetails HTTP/1.1Host: australianfoodandfibre.servicedeskplus.net.auConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: zalb_d63ded2016=771e32d61209a8f8d2cb5ace3045233c; sdpcscook=57798b93-f060-4609-b778-23fedd8ad93b; _zcsr_tmp=57798b93-f060-4609-b778-23fedd8ad93b
Source: global traffic	HTTP traffic detected: GET /samlauthrequest/aff-limited.com.au?serviceurl=https%3A%2F%2Faustralianfoodandfibre.servicedeskplus.net.au%2Fapp%2Fitdesk%2Fui%2Frequests%2F867000003351579%2Fdetails&servicename=SDPOnDemand&portal_id=7001242490&hide_signup=false HTTP/1.1Host: accounts.zoho.com.auConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_758d4d3367a37038a3b2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_758d4d3367a37038a3b2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b2a7b211-552b-4fc5-ad0d-b35b3a237e3e/winauth/ssoprobe?client-request-id=de01a722-6f49-4599-ab7d-ff51aec23674&_=1724906554053 HTTP/1.1Host: autologon.microsoftazuread-sso.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /81d6b03a-0oaqvemumiggapupispz73q-euqm382uqpsqys7gkkc/logintenantbranding/0/illustration?ts=637640617494988131 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /81d6b03a-0oaqvemumiggapupispz73q-euqm382uqpsqys7gkkc/logintenantbranding/0/illustration?ts=637640617494988131 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: australianfoodandfibre.servicedeskplus.net.au
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.zoho.com.au
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msauthimages.net
Source: global traffic	DNS traffic detected: DNS query: autologon.microsoftazuread-sso.com

Source: chromecache_62.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_62.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@17/46@23/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2208,i,972951138316772105,17389294996650650195,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://australianfoodandfibre.servicedeskplus.net.au/app/itdesk/ui/requests/867000003351579/details"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2208,i,972951138316772105,17389294996650650195,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1500938
Product:	CloudBasic
Start time:	06:41:23
Start date:	29.08.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://australianfoodandfibre.servicedeskplus.net.au/app/itdesk/ui/requests/867000003351579/details

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://australianfoodandfibre.servicedeskplus.net.au/app/itdesk/ui/requests/867000003351579/details

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://australianfoodandfibre.servicedeskplus.net.au/app/itdesk/ui/requests/867000003351579/details