Windows Analysis Report
https://hkwyolaw.ency.cloud/

Overview

General Information

Sample URL:	https://hkwyolaw.ency.cloud/
Analysis ID:	1501394
Infos:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Suricata IDS alerts for network traffic

Yara detected HtmlPhish54

Phishing site detected (based on favicon image match)

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Phishing site or detected (based on various text indicators)

Detected non-DNS traffic on DNS port

Found iframes

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Classification

Signatures

Phishing

AI detected phishing page

Source: https://signup.ency.cloud/signup?sru=https%3a%2f%2fl1ve.ency.cloud%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https%3a%2f%2f22e7fe0a-02f3d9a4.ency.cloud&lic=1	LLM: Score: 8 Reasons: The domain does not match the legitimate Microsoft domain, the presence of an unusual top-level domain (.cloud), and the lack of a secure protocol (HTTPS) in the URL. DOM: 17.8.pages.csv
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	LLM: Score: 8 Reasons: The domain name 'hkwyolawofficelogin.ency.cloud' is unusual and does not match the typical Microsoft domain structure, which is a strong indication of a phishing attempt. The presence of a search bar at the bottom of the page and the typical sign-in page design elements are attempts to mimic the legitimate Microsoft website, but the domain name is a clear red flag. DOM: 12.5.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 10.15.id.script.csv, type: HTML
Source: Yara match	File source: 12.22.id.script.csv, type: HTML
Source: Yara match	File source: 10.3.pages.csv, type: HTML
Source: Yara match	File source: 12.6.pages.csv, type: HTML
Source: Yara match	File source: 12.4.pages.csv, type: HTML

Phishing site detected (based on favicon image match)

Source: https://ency.cloud	Matcher: Template: microsoft matched with high similarity
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Phishing site detected (based on image similarity)

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	Matcher: Template: microsoft matched
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	Matcher: Template: microsoft matched

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.1

OCR Text: w w r Hathaway & Kunz Hathaway & Kunz LLP has shared a secure document with you. Click on IVIEW SHARED DOCUMENT" to access the shared dacument VIEW SHARED DOCUMENT

Found iframes

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: Iframe src: https://8d19784d-02f3d9a4.ency.cloud/Prefetch/Prefetch.aspx
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: Iframe src: https://8d19784d-02f3d9a4.ency.cloud/Prefetch/Prefetch.aspx

HTML body contains low number of good links

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt	HTTP Parser: Number of links: 0
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://hkwyolaw.ency.cloud/

HTTP Parser: Base64 decoded: 1724959187.000000

HTML title does not match URL

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt	HTTP Parser: Title: Redirecting does not match URL
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt	HTTP Parser: No favicon
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No favicon
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No favicon
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No favicon
Source: https://signup.ency.cloud/signup?sru=https%3a%2f%2fl1ve.ency.cloud%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https%3a%2f%2f22e7fe0a-02f3d9a4.ency.cloud&lic=1	HTTP Parser: No favicon
Source: https://signup.ency.cloud/signup?sru=https%3a%2f%2fl1ve.ency.cloud%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https%3a%2f%2f22e7fe0a-02f3d9a4.ency.cloud&lic=1	HTTP Parser: No favicon
Source: https://signup.ency.cloud/signup?sru=https%3a%2f%2fl1ve.ency.cloud%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https%3a%2f%2f22e7fe0a-02f3d9a4.ency.cloud&lic=1	HTTP Parser: No favicon

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt	HTTP Parser: No <meta name="author".. found
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt	HTTP Parser: No <meta name="copyright".. found
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49761 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 172.233.123.231:443 -> 192.168.2.4:49778

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:49735 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hkwyolaw.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/utils.8e682833b85e4bb96d30.js HTTP/1.1Host: g.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/Cradle.8725edce5135a9515d48.js HTTP/1.1Host: g.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/da0b7436/65136922-0-Screenshot-2024-08-2.png HTTP/1.1Host: v.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/Links.7722c547d653e74ec16f.js HTTP/1.1Host: g.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: hkwyolaw.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=sg463LRxea7GCkT0n69snZu9C1s3PW.nzHe3WmdlWcE-1724959187-1.0.1.1-erCJ6Kk62pWu1pNPxc3Nv6YNLeq8PGylcauOXWg5jXliNI.QKln5MCYCGGBfdr5RoBbiQAQSE.VFQSrKoHI5yw
Source: global traffic	HTTP traffic detected: GET /js/LazyImage.a698675f6fd38cb87757.js HTTP/1.1Host: g.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/sptw.2fff3c07e91a81e507a4.js HTTP/1.1Host: g.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/cm.js HTTP/1.1Host: g.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js? HTTP/1.1Host: hkwyolaw.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=sg463LRxea7GCkT0n69snZu9C1s3PW.nzHe3WmdlWcE-1724959187-1.0.1.1-erCJ6Kk62pWu1pNPxc3Nv6YNLeq8PGylcauOXWg5jXliNI.QKln5MCYCGGBfdr5RoBbiQAQSE.VFQSrKoHI5yw
Source: global traffic	HTTP traffic detected: GET /t/js/3/it.js HTTP/1.1Host: cdn.instapagemetrics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/da0b7436/65136922-0-Screenshot-2024-08-2.png HTTP/1.1Host: v.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/Links.7722c547d653e74ec16f.js HTTP/1.1Host: g.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/Cradle.8725edce5135a9515d48.js HTTP/1.1Host: g.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/utils.8e682833b85e4bb96d30.js HTTP/1.1Host: g.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/LazyImage.a698675f6fd38cb87757.js HTTP/1.1Host: g.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /js/cm.js HTTP/1.1Host: g.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/sptw.2fff3c07e91a81e507a4.js HTTP/1.1Host: g.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/js/3/it.js HTTP/1.1Host: cdn.instapagemetrics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js? HTTP/1.1Host: hkwyolaw.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=sg463LRxea7GCkT0n69snZu9C1s3PW.nzHe3WmdlWcE-1724959187-1.0.1.1-erCJ6Kk62pWu1pNPxc3Nv6YNLeq8PGylcauOXWg5jXliNI.QKln5MCYCGGBfdr5RoBbiQAQSE.VFQSrKoHI5yw; instap-spses.6ed8=*; instap-spid.6ed8=ad7273e7-521a-47ee-9772-bd33cc61035d.1724959189.1.1724959189.1724959189.f1333eb3-1b25-45d0-950d-0203a94d862f
Source: global traffic	HTTP traffic detected: GET /t/two HTTP/1.1Host: ec.instapagemetrics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/jsd/r/8baee50bef5442a7 HTTP/1.1Host: hkwyolaw.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=sg463LRxea7GCkT0n69snZu9C1s3PW.nzHe3WmdlWcE-1724959187-1.0.1.1-erCJ6Kk62pWu1pNPxc3Nv6YNLeq8PGylcauOXWg5jXliNI.QKln5MCYCGGBfdr5RoBbiQAQSE.VFQSrKoHI5yw; instap-spses.6ed8=*; instap-spid.6ed8=ad7273e7-521a-47ee-9772-bd33cc61035d.1724959189.1.1724959189.1724959189.f1333eb3-1b25-45d0-950d-0203a94d862f
Source: global traffic	HTTP traffic detected: GET /t/two?3thpc=true HTTP/1.1Host: ec.instapagemetrics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?mF3s=lt HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/two HTTP/1.1Host: ec.instapagemetrics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/two?3thpc=true HTTP/1.1Host: ec.instapagemetrics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?mF3s=lt HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://hkwyolawofficelogin.ency.cloud/?mF3s=ltAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hkwyolawofficelogin.ency.cloudsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="Sec-WebSocket-Key: fGHJpIguuorBDacx6fjKBQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?mF3s=lt&sso_reload=true HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://hkwyolawofficelogin.ency.cloud/?mF3s=ltAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hkwyolawofficelogin.ency.cloud/?mF3s=ltAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hkwyolawofficelogin.ency.cloudsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hkwyolawofficelogin.ency.cloudsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hkwyolawofficelogin.ency.cloudsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: xWtZrD5PDiMMhG3WcEB17w==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 8d19784d-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: nv/hOAucqtfvzEm+foBWHg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fhkwyolawofficelogin.ency.cloud%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARmLJ0tLfNewn1_SNfZnZZhZrMYOeNzMsvAKlcxKhM2Tv8CI-MLRsZbTIL-RemeKeHFbqkpqUWJJZn5eRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECrT1SeMdnY4aWf_mRROW9eqKMZ1i1XfLsUz1s3DKcXV1y3bXzi_1MTR2DS80yTJzTHWKDM0McHLOyAp3dvYyLXe1NbYynMAmNIGN6RQbwwc2xg52hlnsDAc4GTfwMB7gZfjBd_Trsys_uze983jFrxNRlV2eCjSryMzbP8kgNS3I3cI11yyowsjV08evzCK_MEg_38jH3dU9y9F2gwDDAwEGAA2&estsfed=1&uaid=1b9ba598ef1c4718bf548acdb9395636&signup=1&lw=1&fl=easi2&fci=https%3a%2f%2f8d19784d-02f3d9a4.ency.cloud.orgid.com HTTP/1.1Host: l1ve.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /signup?sru=https://l1ve.ency.cloud/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https://22e7fe0a-02f3d9a4.ency.cloud HTTP/1.1Host: signup.ency.cloudConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: 4335iNfHgU+pmpyN0fZCvA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /login.srf?wa=wsignin1.0&rpsnv=159&checkda=1&ct=1724959229&rver=7.5.2156.0&wp=MBI_SSL&wreply=https%3A%2F%2Fsignup.ency.cloud%2Fsignup%3Fsru%3Dhttps%253a%252f%252fl1ve.ency.cloud%252foauth20_authorize.srf%253flc%253d1033%2526client_id%253d51483342-085c-4d86-bf88-cf50c7252078%2526mkt%253dEN-US%2526opid%253dE269E9D1D98D4545%2526opidt%253d1724959227%2526uaid%253d1b9ba598ef1c4718bf548acdb9395636%2526contextid%253d75F2B73860AC1050%2526opignore%253d1%26mkt%3DEN-US%26uiflavor%3Dweb%26lw%3D1%26fl%3Deasi2%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26uaid%3D1b9ba598ef1c4718bf548acdb9395636%26suc%3Dhttps%253a%252f%252f8d19784d-02f3d9a4.ency.cloud.orgid.com%26lic%3D1&lc=1033&id=68692&mkt=en-US&uaid=1b9ba598ef1c4718bf548acdb9395636 HTTP/1.1Host: l1ve.ency.cloudConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /signup?sru=https%3a%2f%2fl1ve.ency.cloud%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https%3a%2f%2f22e7fe0a-02f3d9a4.ency.cloud&lic=1 HTTP/1.1Host: signup.ency.cloudConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.ency.cloudsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: aAIKyo1IZz/SFcfhO5TZoA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.ency.cloudsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /?session_id=1b9ba598ef1c4718bf548acdb9395636&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU HTTP/1.1Host: a5031de5-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /index.html HTTP/1.1Host: aa6c90d0-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /API/EvaluateExperimentAssignments HTTP/1.1Host: signup.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /PXzC5j78di/main.min.js HTTP/1.1Host: 539d138f-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://aa6c90d0-02f3d9a4.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /error.aspx?e=404 HTTP/1.1Host: signup.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; MicrosoftApplicationsTelemetryDeviceId=cb71f57c-f934-43bd-9e5d-d645607d6f98; ai_session=bdSGTWOXIQJlpbAbGOE073\|1724959241856\|1724959241856
Source: global traffic	HTTP traffic detected: GET /Images/Clear.PNG?ctx=jscb1.0&session_id=1b9ba598ef1c4718bf548acdb9395636&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiZvcz1XaW4zMiZscHJvYz00Jm9sPXRydWUmcnR0PTE1MCZjaHJtPXRydWUmcHJvc3ViPTIwMDMwMTA3JmV2YWw9MzMmYXBwdj01LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExNy4wLjAuMCBTYWZhcmkvNTM3LjM2JmxzPXRydWUmZG09OCZtdHA9MCZuYz03NCZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4OTg0JnR6PS0zMDAmZHN0PTYwJnR6bz0tMjQwJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fdmxjX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2RldmFsdnIlM0RmYWxzZSUyNnBsdWdpbl9zdmdfdmlld2VyJTNEZmFsc2UlMjZwbHVnaW5famF2YSUzRGZhbHNlJmZoPTJhMjk4NDlhZjA3ZGQxNjFkZGM3MzA0MGJlMjVmM2YwJmZuPTExMiZsaD1odHRwcyUzQSUyRiUyRmE1MDMxZGU1LTAyZjNkOWE0LmVuY3kuY2xvdWQlMkYlM0ZzZXNzaW9uX2lkJTNEMWI5YmE1OThlZjFjNDcxOGJmNTQ4YWNkYjkzOTU2MzYlMjZDdXN0b21lcklkJTNEMzNlMDE5MjEtNGQ2NC00ZjhjLWEwNTUtNWJkYWZmZDVlMzNkJTI2UGFnZUlkJTNEU1UmZHI9aHR0cHMlM0ElMkYlMkZzaWdudXAuZW5jeS5jbG91ZCUyRiZ3PThEQ0M4NUZBRDNEMjQxNyZpZD05ZmI2MzJlOS05MTNmLTA0NmEtN2ZmMS04ZWQ2ODAzNTQ3MDgmYT0mYz1iMGVhZGI5MzQxNjZiNjk2MDdiODI1OTIyMzM2MTc2ZA==&eci=eyJ1dmRyIjoiR29vZ2xlIEluYy4gKEdvb2dsZSkiLCJ1cmRyIjoiQU5HTEUgKEdvb2dsZSwgVnVsa2FuIDEuMy4wIChTd2lmdFNoYWRlciBEZXZpY2UgKFN1Ynplcm8pICgweDAwMDBDMERFKSksIFN3aWZ0U2hhZGVyIGRyaXZlcikiLCJ2ZHIiOiJXZWJLaXQiLCJyZHIiOiJXZWJLaXQgV2ViR0wiLCJpZHVoIjoiMTViNmNhNDcyNjliZTQyODc1Njg1MDY5MzdlOTkxN2MifQ==&PageId=SU&u1=&u3=10.0.0&u4=x86&u5=64&u2=(Google%20Chrome%2C117.0.5938.132)%2C(Not%3BA%3DBrand%2C8.0.0.0)%2C(Chromium%2C117.0.5938.132) HTTP/1.1Host: a5031de5-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://a5031de5-02f3d9a4.ency.cloud/?session_id=1b9ba598ef1c4718bf548acdb9395636&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SUAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /Clear.HTML?ctx=Ls1.0&wl=False&session_id=1b9ba598ef1c4718bf548acdb9395636&id=9fb632e9-913f-046a-7ff1-8ed680354708&w=8DCC85FAD3D2417&tkt=taBcrIH61PuCVH7eNCyH0I1otfYAPn9VOPY9aMX8tO3hCXPNlVDxpRibcTlQbOtY1DlhscQn6tWslMfLbgo029ojdbLb7Gn4zoJwGwlUM7U7%252fAIqdc3aFenBEcEypU5oMCiucj55ZBG%252f6a578Wy8w62NzKJjSKxvJvA2KZ1D1GdikNgowM%252f2%252bLNPhr%252beUxMLdedJtaNkwJxKmyyjgjheFFRnCeiOtV5TI3L3mSkzsNIamzIh%252bQKpKaWTIubEt0uWuz6mrraH1UD4zmCNnh0ao8kvd6BbLxOWoaZ3WR8jX1w0l3M8Gx9NnVRUckOLy1x8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d HTTP/1.1Host: 258f46e4-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://a5031de5-02f3d9a4.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /ns?c=ca0d5630-663b-11ef-b954-8b91b831308d HTTP/1.1Host: 9b36d051-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://aa6c90d0-02f3d9a4.ency.cloudSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://aa6c90d0-02f3d9a4.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /PXzC5j78di/main.min.js HTTP/1.1Host: 539d138f-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: 6ea3e58b-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; pxcts=cb0240e0-663b-11ef-a4a3-6f6e8d41c611; _pxvid=cb0233b9-663b-11ef-a4a3-f0d08f044678; _pxde=fa1dbab57d6955ca3fdd325bd59af92d0fb51c11a4874206c05f6b0cf879f032:eyJ0aW1lc3RhbXAiOjE3MjQ5NTkyNDY3MjcsImZfa2IiOjAsImlwY19pZCI6W119
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0; pxcts=cb0240e0-663b-11ef-a4a3-6f6e8d41c611; _pxvid=cb0233b9-663b-11ef-a4a3-f0d08f044678; _pxde=fa1dbab57d6955ca3fdd325bd59af92d0fb51c11a4874206c05f6b0cf879f032:eyJ0aW1lc3RhbXAiOjE3MjQ5NTkyNDY3MjcsImZfa2IiOjAsImlwY19pZCI6W119Sec-WebSocket-Key: 4cJIjT5AWvzZD2FKyZtGQg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=ca0d5630-663b-11ef-b954-8b91b831308d HTTP/1.1Host: 9b36d051-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /Images/Clear.PNG?ctx=jscb1.0&session_id=1b9ba598ef1c4718bf548acdb9395636&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiZvcz1XaW4zMiZscHJvYz00Jm9sPXRydWUmcnR0PTE1MCZjaHJtPXRydWUmcHJvc3ViPTIwMDMwMTA3JmV2YWw9MzMmYXBwdj01LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExNy4wLjAuMCBTYWZhcmkvNTM3LjM2JmxzPXRydWUmZG09OCZtdHA9MCZuYz03NCZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4OTg0JnR6PS0zMDAmZHN0PTYwJnR6bz0tMjQwJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fdmxjX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2RldmFsdnIlM0RmYWxzZSUyNnBsdWdpbl9zdmdfdmlld2VyJTNEZmFsc2UlMjZwbHVnaW5famF2YSUzRGZhbHNlJmZoPTJhMjk4NDlhZjA3ZGQxNjFkZGM3MzA0MGJlMjVmM2YwJmZuPTExMiZsaD1odHRwcyUzQSUyRiUyRmE1MDMxZGU1LTAyZjNkOWE0LmVuY3kuY2xvdWQlMkYlM0ZzZXNzaW9uX2lkJTNEMWI5YmE1OThlZjFjNDcxOGJmNTQ4YWNkYjkzOTU2MzYlMjZDdXN0b21lcklkJTNEMzNlMDE5MjEtNGQ2NC00ZjhjLWEwNTUtNWJkYWZmZDVlMzNkJTI2UGFnZUlkJTNEU1UmZHI9aHR0cHMlM0ElMkYlMkZzaWdudXAuZW5jeS5jbG91ZCUyRiZ3PThEQ0M4NUZBRDNEMjQxNyZpZD05ZmI2MzJlOS05MTNmLTA0NmEtN2ZmMS04ZWQ2ODAzNTQ3MDgmYT0mYz1iMGVhZGI5MzQxNjZiNjk2MDdiODI1OTIyMzM2MTc2ZA==&eci=eyJ1dmRyIjoiR29vZ2xlIEluYy4gKEdvb2dsZSkiLCJ1cmRyIjoiQU5HTEUgKEdvb2dsZSwgVnVsa2FuIDEuMy4wIChTd2lmdFNoYWRlciBEZXZpY2UgKFN1Ynplcm8pICgweDAwMDBDMERFKSksIFN3aWZ0U2hhZGVyIGRyaXZlcikiLCJ2ZHIiOiJXZWJLaXQiLCJyZHIiOiJXZWJLaXQgV2ViR0wiLCJpZHVoIjoiMTViNmNhNDcyNjliZTQyODc1Njg1MDY5MzdlOTkxN2MifQ==&PageId=SU&u1=&u3=10.0.0&u4=x86&u5=64&u2=(Google%20Chrome%2C117.0.5938.132)%2C(Not%3BA%3DBrand%2C8.0.0.0)%2C(Chromium%2C117.0.5938.132) HTTP/1.1Host: a5031de5-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: 6ea3e58b-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0; pxcts=cb0240e0-663b-11ef-a4a3-6f6e8d41c611; _pxvid=cb0233b9-663b-11ef-a4a3-f0d08f044678; _px3=ad3a00f89e099b65ae745f40c6fed37b7cfe864e5facdeff1e72a74ca1f94bed:X6dqCBcRklJPLoa5g3KnWFwtFIAt/TX+Ryp7TYutEWIqVHdhQ4HoTN1PagXaENqQcs9w0KOW0ihAkoTEy7Qaqg==:1000:aSodwnXnrhz2bCvlev4qaFv/ebOjiNYl2cWIY7sb46K2iNLA+ERcZh/5Zh2sNGzbc5S+pnhyluyBqMX0ugES7BdBZQ5pInSBsQP5kreKxrVW6XUAesSZ98BRO+Km7bS5Ttb+sucAApMvLOQcPTA6Ywm2X8PA/F1R8/8jsdlgYkUCvo7N17kq6rBY9KDS2WwANuyUyI5R026fvwJ6GigoIXFboCeVLQ1Gkv7Ku8tI4Ak=; _pxde=c38b979aa48a8921f8ccdb7ad9ba24a5630cb1a7e0637c9b11432abec36897f1:eyJ0aW1lc3RhbXAiOjE3MjQ5NTkyNTIxMzMsImZfa2IiOjAsImlwY19pZCI6W119Sec-WebSocket-Key: qMS+LT68R6qb9H9ODMvqRw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: global traffic	DNS traffic detected: DNS query: hkwyolaw.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: g.fastcdn.co
Source: global traffic	DNS traffic detected: DNS query: v.fastcdn.co
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.instapagemetrics.com
Source: global traffic	DNS traffic detected: DNS query: ec.instapagemetrics.com
Source: global traffic	DNS traffic detected: DNS query: hkwyolawofficelogin.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 86b155fe-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: bfd0284f-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: a58b77c9-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: l1ve.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 8d19784d-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: signup.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: dcd98dee-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 3cb44b12-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: e7de3c1c-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: abd318b4-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: a5031de5-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: aa6c90d0-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 539d138f-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 766c2f61-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 258f46e4-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 9b36d051-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: collector-pxzc5j78di.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: 6ea3e58b-02f3d9a4.ency.cloud

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/jsd/r/8baee50bef5442a7 HTTP/1.1Host: hkwyolaw.ency.cloudConnection: keep-aliveContent-Length: 15784sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: */*Origin: https://hkwyolaw.ency.cloudSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=sg463LRxea7GCkT0n69snZu9C1s3PW.nzHe3WmdlWcE-1724959187-1.0.1.1-erCJ6Kk62pWu1pNPxc3Nv6YNLeq8PGylcauOXWg5jXliNI.QKln5MCYCGGBfdr5RoBbiQAQSE.VFQSrKoHI5yw

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: a842e37b-0e1b-482f-9d13-19a5d8ec2b00x-ms-ests-server: 2.1.18794.6 - SEASLR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: f3f48bd4-c1de-4088-9e7c-294dd82b8700x-ms-ests-server: 2.1.18794.6 - KRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: 4530b1a1-63d4-4b6f-b033-cc1522137bd9x-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 1D99660DF5454FE09248E91B71CD4A63 Ref B: AMS231032610035 Ref C: 2024-08-29T19:20:18Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 2c3fb01d-2b4e-46d0-8a93-14459dc14901x-ms-ests-server: 2.1.18794.6 - JPE ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: e685657d-1fba-4406-ba1c-95ad5dedfe01x-ms-ests-server: 2.1.18794.6 - KRSLR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 3da42625-4137-4793-950c-99f3f81ba200x-ms-ests-server: 2.1.18794.6 - KRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 2c3fb01d-2b4e-46d0-8a93-14455ec54901x-ms-ests-server: 2.1.18794.6 - JPE ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:21:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 78f636f0-872c-4d41-8f7a-2d68891c9600x-ms-ests-server: 2.1.18794.6 - KRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: chromecache_140.2.dr, chromecache_128.2.dr	String found in binary or memory: http://bit.ly/sp-js)
Source: chromecache_112.2.dr	String found in binary or memory: https://app.instapage.com/ajax/pageserver/files/serve-file
Source: chromecache_112.2.dr, chromecache_131.2.dr	String found in binary or memory: https://cdn.instapagemetrics.com/t/js/3/it.js
Source: chromecache_90.2.dr, chromecache_112.2.dr, chromecache_131.2.dr	String found in binary or memory: https://ec.instapagemetrics.com
Source: chromecache_112.2.dr	String found in binary or memory: https://g.fastcdn.co/js/cm.js
Source: chromecache_90.2.dr, chromecache_142.2.dr, chromecache_131.2.dr, chromecache_117.2.dr, chromecache_106.2.dr, chromecache_136.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_90.2.dr, chromecache_142.2.dr, chromecache_131.2.dr, chromecache_117.2.dr, chromecache_106.2.dr, chromecache_136.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.21.1/LICENSE
Source: chromecache_112.2.dr	String found in binary or memory: https://hkwyolaw.ency.cloud
Source: chromecache_112.2.dr	String found in binary or memory: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt
Source: chromecache_112.2.dr	String found in binary or memory: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt
Source: chromecache_112.2.dr	String found in binary or memory: https://storage.googleapis.com/instapage-assets/favicon/favicon-64x64.ico

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49761 version: TLS 1.2

Source: classification engine

Classification label: mal80.phis.win@18/96@76/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2000,i,17870269698083817735,11241588252409947018,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hkwyolaw.ency.cloud/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2000,i,17870269698083817735,11241588252409947018,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.185.227	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
172.233.123.231	dcd98dee-02f3d9a4.ency.cloud	United States	20940	AKAMAI-ASN1EU	true
34.36.17.181	cdn.instapagemetrics.com	United States	2686	ATGS-MMD-ASUS	false
35.190.10.96	inbound-weighted.protechts.net	United States	15169	GOOGLEUS	false
104.21.51.207	ec.instapagemetrics.com	United States	13335	CLOUDFLARENETUS	false
172.64.149.213	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.38.43	secure.pageserve.co	United States	13335	CLOUDFLARENETUS	false
104.18.41.218	g.fastcdn.co	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.64.146.38	v.fastcdn.co	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
dcd98dee-02f3d9a4.ency.cloud	172.233.123.231	true
9b36d051-02f3d9a4.ency.cloud	172.233.123.231	true
secure.pageserve.co	104.18.38.43	true
cdn.instapagemetrics.com	34.36.17.181	true
766c2f61-02f3d9a4.ency.cloud	172.233.123.231	true
86b155fe-02f3d9a4.ency.cloud	172.233.123.231	true
258f46e4-02f3d9a4.ency.cloud	172.233.123.231	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
539d138f-02f3d9a4.ency.cloud	172.233.123.231	true
abd318b4-02f3d9a4.ency.cloud	172.233.123.231	true
www.google.com	142.250.185.68	true
ec.instapagemetrics.com	104.21.51.207	true
l1ve.ency.cloud	172.233.123.231	true
a5031de5-02f3d9a4.ency.cloud	172.233.123.231	true
bfd0284f-02f3d9a4.ency.cloud	172.233.123.231	true
v.fastcdn.co	172.64.146.38	true
signup.ency.cloud	172.233.123.231	true
e7de3c1c-02f3d9a4.ency.cloud	172.233.123.231	true
g.fastcdn.co	104.18.41.218	true
inbound-weighted.protechts.net	35.190.10.96	true
aa6c90d0-02f3d9a4.ency.cloud	172.233.123.231	true
6ea3e58b-02f3d9a4.ency.cloud	172.233.123.231	true
8d19784d-02f3d9a4.ency.cloud	172.233.123.231	true
a58b77c9-02f3d9a4.ency.cloud	172.233.123.231	true
3cb44b12-02f3d9a4.ency.cloud	172.233.123.231	true
hkwyolawofficelogin.ency.cloud	172.233.123.231	true
hkwyolaw.ency.cloud	unknown	unknown
collector-pxzc5j78di.hsprotect.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://86b155fe-02f3d9a4.ency.cloud/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	true	Avira URL Cloud: safe	unknown
https://dcd98dee-02f3d9a4.ency.cloud/shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js	true	Avira URL Cloud: safe	unknown
https://86b155fe-02f3d9a4.ency.cloud/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg	true	Avira URL Cloud: safe	unknown
https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin	true	Avira URL Cloud: safe	unknown
https://l1ve.ency.cloud/login.srf?wa=wsignin1.0&rpsnv=159&checkda=1&ct=1724959229&rver=7.5.2156.0&wp=MBI_SSL&wreply=https%3A%2F%2Fsignup.ency.cloud%2Fsignup%3Fsru%3Dhttps%253a%252f%252fl1ve.ency.cloud%252foauth20_authorize.srf%253flc%253d1033%2526client_id%253d51483342-085c-4d86-bf88-cf50c7252078%2526mkt%253dEN-US%2526opid%253dE269E9D1D98D4545%2526opidt%253d1724959227%2526uaid%253d1b9ba598ef1c4718bf548acdb9395636%2526contextid%253d75F2B73860AC1050%2526opignore%253d1%26mkt%3DEN-US%26uiflavor%3Dweb%26lw%3D1%26fl%3Deasi2%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26uaid%3D1b9ba598ef1c4718bf548acdb9395636%26suc%3Dhttps%253a%252f%252f8d19784d-02f3d9a4.ency.cloud.orgid.com%26lic%3D1&lc=1033&id=68692&mkt=en-US&uaid=1b9ba598ef1c4718bf548acdb9395636	true	Avira URL Cloud: safe	unknown
https://hkwyolaw.ency.cloud/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?	false	Avira URL Cloud: safe	unknown
https://86b155fe-02f3d9a4.ency.cloud/shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js	true	Avira URL Cloud: safe	unknown
https://ec.instapagemetrics.com/t/two	false	Avira URL Cloud: safe	unknown
https://l1ve.ency.cloud/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fhkwyolawofficelogin.ency.cloud%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARmLJ0tLfNewn1_SNfZnZZhZrMYOeNzMsvAKlcxKhM2Tv8CI-MLRsZbTIL-RemeKeHFbqkpqUWJJZn5eRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECrT1SeMdnY4aWf_mRROW9eqKMZ1i1XfLsUz1s3DKcXV1y3bXzi_1MTR2DS80yTJzTHWKDM0McHLOyAp3dvYyLXe1NbYynMAmNIGN6RQbwwc2xg52hlnsDAc4GTfwMB7gZfjBd_Trsys_uze983jFrxNRlV2eCjSryMzbP8kgNS3I3cI11yyowsjV08evzCK_MEg_38jH3dU9y9F2gwDDAwEGAA2&estsfed=1&uaid=1b9ba598ef1c4718bf548acdb9395636&signup=1&lw=1&fl=easi2&fci=https%3a%2f%2f8d19784d-02f3d9a4.ency.cloud.orgid.com	true	Avira URL Cloud: safe	unknown
https://dcd98dee-02f3d9a4.ency.cloud/shared/5/images/2_bc3d32a696895f78c19d.svg	true	Avira URL Cloud: safe	unknown
https://539d138f-02f3d9a4.ency.cloud/PXzC5j78di/main.min.js	true	Avira URL Cloud: safe	unknown
https://a5031de5-02f3d9a4.ency.cloud/?session_id=1b9ba598ef1c4718bf548acdb9395636&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU	true	Avira URL Cloud: safe	unknown
https://g.fastcdn.co/js/Cradle.8725edce5135a9515d48.js	false	Avira URL Cloud: safe	unknown
https://collector-pxzc5j78di.hsprotect.net/api/v2/msft	false	Avira URL Cloud: safe	unknown
https://86b155fe-02f3d9a4.ency.cloud/shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js	true	Avira URL Cloud: safe	unknown
https://signup.ency.cloud/error.aspx?e=404	true	Avira URL Cloud: safe	unknown
https://ec.instapagemetrics.com/t/two?3thpc=true	false	Avira URL Cloud: safe	unknown
https://g.fastcdn.co/js/sptw.2fff3c07e91a81e507a4.js	false	Avira URL Cloud: safe	unknown
https://g.fastcdn.co/js/utils.8e682833b85e4bb96d30.js	false	Avira URL Cloud: safe	unknown
https://signup.ency.cloud/signup?sru=https%3a%2f%2fl1ve.ency.cloud%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https%3a%2f%2f22e7fe0a-02f3d9a4.ency.cloud&lic=1	true		unknown
https://g.fastcdn.co/js/Links.7722c547d653e74ec16f.js	false	Avira URL Cloud: safe	unknown
https://86b155fe-02f3d9a4.ency.cloud/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	true	Avira URL Cloud: safe	unknown
https://86b155fe-02f3d9a4.ency.cloud/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js	true	Avira URL Cloud: safe	unknown
https://v.fastcdn.co/u/da0b7436/65136922-0-Screenshot-2024-08-2.png	false	Avira URL Cloud: safe	unknown
https://86b155fe-02f3d9a4.ency.cloud/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js	true	Avira URL Cloud: safe	unknown
https://86b155fe-02f3d9a4.ency.cloud/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	true	Avira URL Cloud: safe	unknown
https://g.fastcdn.co/js/cm.js	false	Avira URL Cloud: safe	unknown
https://hkwyolaw.ency.cloud/cdn-cgi/challenge-platform/h/b/jsd/r/8baee50bef5442a7	false	Avira URL Cloud: safe	unknown
https://8d19784d-02f3d9a4.ency.cloud/Prefetch/Prefetch.aspx	true	Avira URL Cloud: safe	unknown
https://hkwyolaw.ency.cloud/	false		unknown
https://hkwyolawofficelogin.ency.cloud/02f3d9a46eef4029b93e04119111d9c5/	true	Avira URL Cloud: safe	unknown
https://6ea3e58b-02f3d9a4.ency.cloud/images/favicon.ico?v=2	true	Avira URL Cloud: safe	unknown
https://l1ve.ency.cloud/Me.htm?v=3	true	Avira URL Cloud: safe	unknown
https://86b155fe-02f3d9a4.ency.cloud/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js	true	Avira URL Cloud: safe	unknown
https://hkwyolaw.ency.cloud/cdn-cgi/challenge-platform/scripts/jsd/main.js	false	Avira URL Cloud: safe	unknown
https://signup.ency.cloud/signup?sru=https://l1ve.ency.cloud/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https://22e7fe0a-02f3d9a4.ency.cloud	true	Avira URL Cloud: safe	unknown
https://dcd98dee-02f3d9a4.ency.cloud/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg	true	Avira URL Cloud: safe	unknown
https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	true		unknown
https://9b36d051-02f3d9a4.ency.cloud/ns?c=ca0d5630-663b-11ef-b954-8b91b831308d	true	Avira URL Cloud: safe	unknown
https://g.fastcdn.co/js/LazyImage.a698675f6fd38cb87757.js	false	Avira URL Cloud: safe	unknown
https://cdn.instapagemetrics.com/t/js/3/it.js	false	Avira URL Cloud: safe	unknown
https://dcd98dee-02f3d9a4.ency.cloud/shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js	true	Avira URL Cloud: safe	unknown
https://hkwyolawofficelogin.ency.cloud/favicon.ico	true	Avira URL Cloud: safe	unknown
https://aa6c90d0-02f3d9a4.ency.cloud/index.html	true	Avira URL Cloud: safe	unknown
https://hkwyolawofficelogin.ency.cloud/?mF3s=lt	false		unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	RIFF (little-endian) data, Web/P image	59163A626E3E61DCBE32DB6BD511D8CB	868CFA61D59871BBEE4A13C2511E13A142893165	EE3AB02ACB26B9EE8AEC3A9C5FAE9772A4409950AC9D435642BDA4BFD9D15504
Chrome Cache Entry: 101	ASCII text, with very long lines (7875), with no line terminators	EBF31236DAEBC7B493C12B5256EA00AA	EAE95D1D19C95ED425C875E127BC465207D3DA78	9037DE54B4F59CDC3F186D198856A417400F4942526E140C09CBD373ACF522FD
Chrome Cache Entry: 102	PNG image data, 894 x 338, 8-bit/color RGB, non-interlaced	09EDA6A50A9A44988646E5FA710D2D8A	56C4030F695274267736771F9AD9DFCBEB0DC86F	CACA21CE8272934017D56FE25C28EB96A11A672942C81451C31547173038FEF3
Chrome Cache Entry: 103	ASCII text, with very long lines (379), with no line terminators	29C24FF1E7D09EB3B67FCF90DE082749	84263358A2D879FF4773F657BAE4A438EF7AC89C	2E065B142374BE24BCDFFF600DECCC28F6AF18F5401CC224342FBE8FCA3DE357
Chrome Cache Entry: 104	gzip compressed data, from Unix, original size modulo 2^32 56391	5711D7744DA20062A039724CB53597EE	C35D3C986E03380199195A0962357F871D42DDE5	E8CB3E5F5794500E7B6FC9E3B759AF6AF66F5F3DF1CC146C81C5F4303FBDEB08
Chrome Cache Entry: 105	gzip compressed data, from Unix, original size modulo 2^32 141810	3944C777502742C874A6E2F1C7D817B0	106B56E689049C53D90F169955B199E752284BE1	D681A1278E1C107519F67E088EEE7A20157232EDF5D3017FBA192F3AA5CCB609
Chrome Cache Entry: 106	Unicode text, UTF-8 text, with very long lines (59552), with no line terminators	5B9C1E18E7818E2D69550EC80E4936FD	4D6906D97B6F3FAC6EE66270A97E3D3F13B4E77D	B0F04580DFC831EFFB265B29B88BC622D94E3676984FDD7B17D5FE7B21DC3CA5
Chrome Cache Entry: 107	ASCII text, with very long lines (2507), with no line terminators	27C8A49AC26ECEF4F41FE26CED69A58B	A2DACC66455DA6ECEAC53CDEF818C849FF405FC1	F15DC2DF620A373AC551CEB8364BA4B2085B95FFC59FAC2BBC304AF57BF20E55
Chrome Cache Entry: 108	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 109	gzip compressed data, from Unix, original size modulo 2^32 56391	5711D7744DA20062A039724CB53597EE	C35D3C986E03380199195A0962357F871D42DDE5	E8CB3E5F5794500E7B6FC9E3B759AF6AF66F5F3DF1CC146C81C5F4303FBDEB08
Chrome Cache Entry: 110	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 111	MS Windows icon resource - 1 icon, 64x64, 8 bits/pixel	645F04909379B62EDDA16F5F5206672B	545D1DB0ABEB80BB750D62D575E70A29DEC37C68	45081FDA9C0A99C2C4D82ED4914F53F265517AE082352E334035635AE8B46D4D
Chrome Cache Entry: 112	HTML document, Unicode text, UTF-8 text, with very long lines (4374)	2DACD1E5983A1750AA91C2CC88183711	2275565E5277A4C2C6265407B9CAC1AA1BDDA7E1	90C9A5F91ED8F1849105B8B126D64988CD05957D9EC8DCF1A63A288253C6688B
Chrome Cache Entry: 113	gzip compressed data, from Unix, original size modulo 2^32 154898	E8618B9C398F1BBDDB426C351D9D336F	8DAB7C9912030F0C3409EF4EDECB95E4CECEA547	3985D09F29655E11050CC98687FE7D3661A35B9D7F20EB6330FCA6B6409BD325
Chrome Cache Entry: 114	ASCII text, with no line terminators	C56EB54F69EB059B7CE41FF5ABEF35E6	CCD01B565595769C7FA3DE585C6B39AA9D7699A9	B88FE70B99FF6E92C57579BA3ECCDD5DFD6C8A19141BF2FB943C729ADF17F23D
Chrome Cache Entry: 115	gzip compressed data, from Unix, original size modulo 2^32 113797	E548957688A90E127CEE6228D03D5CEA	2135D3CBE674A9C5411DC867B315C19EB23BC2FE	8491ACE3E70CB8F75861CDA2900151D4CDDE9AA8B94DEADF7C574AAE1198B2A8
Chrome Cache Entry: 116	gzip compressed data, from Unix, original size modulo 2^32 902233	4ADF448E6205A9A4819F5B0E5A623057	C5B8B819D129E73ACE7BEDB86C3EB80BBA0E9C22	6BD89F1C28AD52350D6F832FDA4E39E90944F583DF7459FE1B2D721E7A2269EF
Chrome Cache Entry: 117	Unicode text, UTF-8 text, with very long lines (52118), with no line terminators	69201B044F9E912CC72B07E4FFBF9555	4A31F53B5A91F52B28F10A84BE73D6CFFCE01706	DD8625BFA35604F050E4DCC7FF10C2C31D7CDF1CE7BDF4CDE0D0415DCC74E2FB
Chrome Cache Entry: 118	gzip compressed data, from Unix, original size modulo 2^32 113401	7E18E71D589531855CF589482EAB8174	05F69583C81A69910337CFC736EDC8CE67544DBF	7C0DF71DA7BB0F2C55BE83B8BA31FCA820E7F856CDA39A0BD009584B6FB36B3B
Chrome Cache Entry: 119	gzip compressed data, from Unix, original size modulo 2^32 1241	17CB62C2F13A55453288313DE6C3BC33	F4354998D8BA489CB76C5466B3002022639CDA43	1EF57CB20BFB4D5FFF5891ACBD291F8434B64E6A8AEE019B080B4F1EE26785E3
Chrome Cache Entry: 120	ASCII text, with very long lines (7812), with no line terminators	83B3A5F646579BD115C80EC1246C0B68	A44A966BE43955245E2C59B722BB39CB268B2021	414EDADEFB772B95F1C946D51D3DB891F6AB960AC661CF7E05EF333B15504FBD
Chrome Cache Entry: 121	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 122	gzip compressed data, from Unix, original size modulo 2^32 449488	CA2D32DEE8CAAF756F7956DEC32B30D6	EA338EC8626E7B15AEB7235DBA2072C640EBF656	600B4D5D0E2A72F0D2508998915A1F606110A86CA4C01CB3D4E74BF4D32BC7DC
Chrome Cache Entry: 123	gzip compressed data, from Unix, original size modulo 2^32 902233	4ADF448E6205A9A4819F5B0E5A623057	C5B8B819D129E73ACE7BEDB86C3EB80BBA0E9C22	6BD89F1C28AD52350D6F832FDA4E39E90944F583DF7459FE1B2D721E7A2269EF
Chrome Cache Entry: 124	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 125	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 126	ASCII text, with no line terminators	685DCEF735344B27AB40093BF1FB989A	D658429C7B6CE2AEBCD5279B5BA40AA416777657	B873796EB315B8EA56FF0DE16E97A25683769D3C241939484BC0CA46C81877E0
Chrome Cache Entry: 127	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
Chrome Cache Entry: 128	ASCII text, with very long lines (55107)	EEE931187060719AB17A352DE2424E0C	0AA427FA2D22D22E3E08C21F598CC9F2D09EFA61	853D7EF6B54D838C009D01E4857B499D7EC4F71F6FCED1E2E3C463FD393CCB29
Chrome Cache Entry: 129	gzip compressed data, from Unix, original size modulo 2^32 23660	05156F45162C900DA58D949B0E9DF54B	8EE236E329DAE42D00B0E53363D60C84B312C17C	B867256B55A754E74BA9DBE2B5277EDF71FB67B7EFA5D67D64B4A9F78D7008F2
Chrome Cache Entry: 130	gzip compressed data, from Unix, original size modulo 2^32 154898	E8618B9C398F1BBDDB426C351D9D336F	8DAB7C9912030F0C3409EF4EDECB95E4CECEA547	3985D09F29655E11050CC98687FE7D3661A35B9D7F20EB6330FCA6B6409BD325
Chrome Cache Entry: 131	Unicode text, UTF-8 text, with very long lines (63171)	37A396805428BA004D7B537EA30B6D2A	B697C8B29857FAB2C3A7F5960CF1F0BE36C4ED50	C9C19D88D9366BFA36FFD12F6237C58322E91C1F2E57A896172A05F41318134A
Chrome Cache Entry: 132	gzip compressed data, from Unix, original size modulo 2^32 90673	B01C6D770B2AEFD7EF9E86FC30413501	E8AFBE0D1FC8693D99D41D197815345511CA7473	575D331EFC8334C799663DBD41085C92D4DB664455B8F2436DCD6C1EDAEC73CA
Chrome Cache Entry: 133	gzip compressed data, from Unix, original size modulo 2^32 113797	41F67F5B64625840A69497D24356649C	6FD64F63144A4A2B2C4663F2F299731494934CBF	9628CA8DD24A129D124ECD13CE4DD30E72DD69C041D428A406F478D6C8BC009C
Chrome Cache Entry: 134	ASCII text, with no line terminators	3238284437B923CB02C1D822C3D9DCD3	5CEDCE04369CCA3D32FEBC21B8CC818DDF803EF1	7E05A29DB294BFE0004243CC24916344EEB8BFBF2B8B0429D184A9BB4C44B56E
Chrome Cache Entry: 135	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
Chrome Cache Entry: 136	Unicode text, UTF-8 text, with very long lines (52118), with no line terminators	69201B044F9E912CC72B07E4FFBF9555	4A31F53B5A91F52B28F10A84BE73D6CFFCE01706	DD8625BFA35604F050E4DCC7FF10C2C31D7CDF1CE7BDF4CDE0D0415DCC74E2FB
Chrome Cache Entry: 137	ASCII text, with very long lines (2507), with no line terminators	27C8A49AC26ECEF4F41FE26CED69A58B	A2DACC66455DA6ECEAC53CDEF818C849FF405FC1	F15DC2DF620A373AC551CEB8364BA4B2085B95FFC59FAC2BBC304AF57BF20E55
Chrome Cache Entry: 138	gzip compressed data, from Unix, original size modulo 2^32 3498	96B28EB45716E3E6DA72747CF10C9E88	A66CA79F2DF172B63449CA650D11A3F1EF590AB8	5B0A48BC7E9F20E247C523A5EB8B17122543A9B62688909F999BC58E441C65E0
Chrome Cache Entry: 139	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 140	ASCII text, with very long lines (55107)	EEE931187060719AB17A352DE2424E0C	0AA427FA2D22D22E3E08C21F598CC9F2D09EFA61	853D7EF6B54D838C009D01E4857B499D7EC4F71F6FCED1E2E3C463FD393CCB29
Chrome Cache Entry: 141	gzip compressed data, original size modulo 2^32 1592	ECC8894D3791BEDDB4E0226F8DAB065A	6510EB51E76A49746C526E432455549B50DE5AF1	64C8C0A9EFBC27AD86EAEC90465B75C52AE8CD68F7E76FC9431DC6AE66072AC3
Chrome Cache Entry: 142	Unicode text, UTF-8 text, with very long lines (59552), with no line terminators	5B9C1E18E7818E2D69550EC80E4936FD	4D6906D97B6F3FAC6EE66270A97E3D3F13B4E77D	B0F04580DFC831EFFB265B29B88BC622D94E3676984FDD7B17D5FE7B21DC3CA5
Chrome Cache Entry: 143	gzip compressed data, from Unix, original size modulo 2^32 141810	3944C777502742C874A6E2F1C7D817B0	106B56E689049C53D90F169955B199E752284BE1	D681A1278E1C107519F67E088EEE7A20157232EDF5D3017FBA192F3AA5CCB609
Chrome Cache Entry: 144	gzip compressed data, from Unix, original size modulo 2^32 449488	CA2D32DEE8CAAF756F7956DEC32B30D6	EA338EC8626E7B15AEB7235DBA2072C640EBF656	600B4D5D0E2A72F0D2508998915A1F606110A86CA4C01CB3D4E74BF4D32BC7DC
Chrome Cache Entry: 145	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 146	ASCII text, with very long lines (379), with no line terminators	29C24FF1E7D09EB3B67FCF90DE082749	84263358A2D879FF4773F657BAE4A438EF7AC89C	2E065B142374BE24BCDFFF600DECCC28F6AF18F5401CC224342FBE8FCA3DE357
Chrome Cache Entry: 85	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 86	ASCII text, with very long lines (18689), with no line terminators	29AC23CBA2B1AF397B7DE59A99A0E90C	1CC743D295ED584F2C79126335336C93CFEE43C7	C96EF65197C2B41C1212E37C88C8DEE886D4EB44CDD3A31709C4C74E8F6E1092
Chrome Cache Entry: 87	MS Windows icon resource - 1 icon, 64x64, 8 bits/pixel	645F04909379B62EDDA16F5F5206672B	545D1DB0ABEB80BB750D62D575E70A29DEC37C68	45081FDA9C0A99C2C4D82ED4914F53F265517AE082352E334035635AE8B46D4D
Chrome Cache Entry: 88	gzip compressed data, from Unix, original size modulo 2^32 407057	83E89135EABA21A8CCECF43D79FF6025	99423829E0D7003FED6A8CAC6CB21750362D5149	91FBEFB5931F2221430691BF6159CE6B8FE35D58FAFA7EC5EAC69AE3F96CD2FD
Chrome Cache Entry: 89	gzip compressed data, original size modulo 2^32 1592	ECC8894D3791BEDDB4E0226F8DAB065A	6510EB51E76A49746C526E432455549B50DE5AF1	64C8C0A9EFBC27AD86EAEC90465B75C52AE8CD68F7E76FC9431DC6AE66072AC3
Chrome Cache Entry: 90	Unicode text, UTF-8 text, with very long lines (63171)	37A396805428BA004D7B537EA30B6D2A	B697C8B29857FAB2C3A7F5960CF1F0BE36C4ED50	C9C19D88D9366BFA36FFD12F6237C58322E91C1F2E57A896172A05F41318134A
Chrome Cache Entry: 91	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
Chrome Cache Entry: 92	gzip compressed data, from Unix, original size modulo 2^32 90673	95EFB7EBFC34942BD4988BEC9E68AC81	4EBB22A556B7AB52437DCFA5DB06D45EA0862DD5	E15D988359354883CB91CCD56F197E9538979AE8D3BC66F20081E5773EF3E8D6
Chrome Cache Entry: 93	ASCII text, with no line terminators	9F9FA94F28FE0DE82BC8FD039A7BDB24	6FE91F82974BD5B101782941064BCB2AFDEB17D8	9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
Chrome Cache Entry: 94	gzip compressed data, from Unix, truncated	C2A6F097C3979CC0FDE03FC7493428D3	F7F6FDD646D34DED70526213DCB084377F803687	7AA732E597ADE159D1FA8981EF325456642A9407E7D40A12728380EA30D4AF10
Chrome Cache Entry: 95	ASCII text, with very long lines (18689), with no line terminators	29AC23CBA2B1AF397B7DE59A99A0E90C	1CC743D295ED584F2C79126335336C93CFEE43C7	C96EF65197C2B41C1212E37C88C8DEE886D4EB44CDD3A31709C4C74E8F6E1092
Chrome Cache Entry: 96	gzip compressed data, from Unix, original size modulo 2^32 407057	BF27E3C00409648A4570484693D54655	7761CA7AA1DE56D3484B8EAB082206191F6DB229	8121D786B468B957161DEF0F08871C13A7D05590B9600D146793C52EA51F630E
Chrome Cache Entry: 97	gzip compressed data, from Unix, truncated	C2A6F097C3979CC0FDE03FC7493428D3	F7F6FDD646D34DED70526213DCB084377F803687	7AA732E597ADE159D1FA8981EF325456642A9407E7D40A12728380EA30D4AF10
Chrome Cache Entry: 98	JSON data	5FC018D9E6C56911BBC8DC5DDCD0C768	70979F57A85D527ED8ABCBF02CFF44640C58BDE6	2E6D78A4AE644F3B60AFD3C33E66539FF6C5F6A8ED6ABC40A3AF06AC020EC020
Chrome Cache Entry: 99	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8

Phishing

AI detected phishing page

Source: https://signup.ency.cloud/signup?sru=https%3a%2f%2fl1ve.ency.cloud%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https%3a%2f%2f22e7fe0a-02f3d9a4.ency.cloud&lic=1	LLM: Score: 8 Reasons: The domain does not match the legitimate Microsoft domain, the presence of an unusual top-level domain (.cloud), and the lack of a secure protocol (HTTPS) in the URL. DOM: 17.8.pages.csv
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	LLM: Score: 8 Reasons: The domain name 'hkwyolawofficelogin.ency.cloud' is unusual and does not match the typical Microsoft domain structure, which is a strong indication of a phishing attempt. The presence of a search bar at the bottom of the page and the typical sign-in page design elements are attempts to mimic the legitimate Microsoft website, but the domain name is a clear red flag. DOM: 12.5.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 10.15.id.script.csv, type: HTML
Source: Yara match	File source: 12.22.id.script.csv, type: HTML
Source: Yara match	File source: 10.3.pages.csv, type: HTML
Source: Yara match	File source: 12.6.pages.csv, type: HTML
Source: Yara match	File source: 12.4.pages.csv, type: HTML

Phishing site detected (based on favicon image match)

Source: https://ency.cloud	Matcher: Template: microsoft matched with high similarity
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Phishing site detected (based on image similarity)

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	Matcher: Template: microsoft matched
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	Matcher: Template: microsoft matched

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.1

OCR Text: w w r Hathaway & Kunz Hathaway & Kunz LLP has shared a secure document with you. Click on IVIEW SHARED DOCUMENT" to access the shared dacument VIEW SHARED DOCUMENT

Found iframes

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: Iframe src: https://8d19784d-02f3d9a4.ency.cloud/Prefetch/Prefetch.aspx
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: Iframe src: https://8d19784d-02f3d9a4.ency.cloud/Prefetch/Prefetch.aspx

HTML body contains low number of good links

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt	HTTP Parser: Number of links: 0
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://hkwyolaw.ency.cloud/

HTTP Parser: Base64 decoded: 1724959187.000000

HTML title does not match URL

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt	HTTP Parser: Title: Redirecting does not match URL
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt	HTTP Parser: No favicon
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No favicon
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No favicon
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No favicon
Source: https://signup.ency.cloud/signup?sru=https%3a%2f%2fl1ve.ency.cloud%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https%3a%2f%2f22e7fe0a-02f3d9a4.ency.cloud&lic=1	HTTP Parser: No favicon
Source: https://signup.ency.cloud/signup?sru=https%3a%2f%2fl1ve.ency.cloud%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https%3a%2f%2f22e7fe0a-02f3d9a4.ency.cloud&lic=1	HTTP Parser: No favicon
Source: https://signup.ency.cloud/signup?sru=https%3a%2f%2fl1ve.ency.cloud%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https%3a%2f%2f22e7fe0a-02f3d9a4.ency.cloud&lic=1	HTTP Parser: No favicon

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt	HTTP Parser: No <meta name="author".. found
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt	HTTP Parser: No <meta name="copyright".. found
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49761 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 172.233.123.231:443 -> 192.168.2.4:49778

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:49735 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hkwyolaw.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/utils.8e682833b85e4bb96d30.js HTTP/1.1Host: g.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/Cradle.8725edce5135a9515d48.js HTTP/1.1Host: g.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/da0b7436/65136922-0-Screenshot-2024-08-2.png HTTP/1.1Host: v.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/Links.7722c547d653e74ec16f.js HTTP/1.1Host: g.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: hkwyolaw.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=sg463LRxea7GCkT0n69snZu9C1s3PW.nzHe3WmdlWcE-1724959187-1.0.1.1-erCJ6Kk62pWu1pNPxc3Nv6YNLeq8PGylcauOXWg5jXliNI.QKln5MCYCGGBfdr5RoBbiQAQSE.VFQSrKoHI5yw
Source: global traffic	HTTP traffic detected: GET /js/LazyImage.a698675f6fd38cb87757.js HTTP/1.1Host: g.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/sptw.2fff3c07e91a81e507a4.js HTTP/1.1Host: g.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/cm.js HTTP/1.1Host: g.fastcdn.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js? HTTP/1.1Host: hkwyolaw.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=sg463LRxea7GCkT0n69snZu9C1s3PW.nzHe3WmdlWcE-1724959187-1.0.1.1-erCJ6Kk62pWu1pNPxc3Nv6YNLeq8PGylcauOXWg5jXliNI.QKln5MCYCGGBfdr5RoBbiQAQSE.VFQSrKoHI5yw
Source: global traffic	HTTP traffic detected: GET /t/js/3/it.js HTTP/1.1Host: cdn.instapagemetrics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/da0b7436/65136922-0-Screenshot-2024-08-2.png HTTP/1.1Host: v.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/Links.7722c547d653e74ec16f.js HTTP/1.1Host: g.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/Cradle.8725edce5135a9515d48.js HTTP/1.1Host: g.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/utils.8e682833b85e4bb96d30.js HTTP/1.1Host: g.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/LazyImage.a698675f6fd38cb87757.js HTTP/1.1Host: g.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /js/cm.js HTTP/1.1Host: g.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/sptw.2fff3c07e91a81e507a4.js HTTP/1.1Host: g.fastcdn.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/js/3/it.js HTTP/1.1Host: cdn.instapagemetrics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js? HTTP/1.1Host: hkwyolaw.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=sg463LRxea7GCkT0n69snZu9C1s3PW.nzHe3WmdlWcE-1724959187-1.0.1.1-erCJ6Kk62pWu1pNPxc3Nv6YNLeq8PGylcauOXWg5jXliNI.QKln5MCYCGGBfdr5RoBbiQAQSE.VFQSrKoHI5yw; instap-spses.6ed8=*; instap-spid.6ed8=ad7273e7-521a-47ee-9772-bd33cc61035d.1724959189.1.1724959189.1724959189.f1333eb3-1b25-45d0-950d-0203a94d862f
Source: global traffic	HTTP traffic detected: GET /t/two HTTP/1.1Host: ec.instapagemetrics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/jsd/r/8baee50bef5442a7 HTTP/1.1Host: hkwyolaw.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=sg463LRxea7GCkT0n69snZu9C1s3PW.nzHe3WmdlWcE-1724959187-1.0.1.1-erCJ6Kk62pWu1pNPxc3Nv6YNLeq8PGylcauOXWg5jXliNI.QKln5MCYCGGBfdr5RoBbiQAQSE.VFQSrKoHI5yw; instap-spses.6ed8=*; instap-spid.6ed8=ad7273e7-521a-47ee-9772-bd33cc61035d.1724959189.1.1724959189.1724959189.f1333eb3-1b25-45d0-950d-0203a94d862f
Source: global traffic	HTTP traffic detected: GET /t/two?3thpc=true HTTP/1.1Host: ec.instapagemetrics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?mF3s=lt HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/two HTTP/1.1Host: ec.instapagemetrics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/two?3thpc=true HTTP/1.1Host: ec.instapagemetrics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?mF3s=lt HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://hkwyolawofficelogin.ency.cloud/?mF3s=ltAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hkwyolawofficelogin.ency.cloudsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="Sec-WebSocket-Key: fGHJpIguuorBDacx6fjKBQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?mF3s=lt&sso_reload=true HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://hkwyolawofficelogin.ency.cloud/?mF3s=ltAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hkwyolawofficelogin.ency.cloud/?mF3s=ltAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hkwyolawofficelogin.ency.cloudsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hkwyolawofficelogin.ency.cloudsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hkwyolawofficelogin.ency.cloudsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: xWtZrD5PDiMMhG3WcEB17w==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 8d19784d-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hkwyolawofficelogin.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: nv/hOAucqtfvzEm+foBWHg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: 86b155fe-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fhkwyolawofficelogin.ency.cloud%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARmLJ0tLfNewn1_SNfZnZZhZrMYOeNzMsvAKlcxKhM2Tv8CI-MLRsZbTIL-RemeKeHFbqkpqUWJJZn5eRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECrT1SeMdnY4aWf_mRROW9eqKMZ1i1XfLsUz1s3DKcXV1y3bXzi_1MTR2DS80yTJzTHWKDM0McHLOyAp3dvYyLXe1NbYynMAmNIGN6RQbwwc2xg52hlnsDAc4GTfwMB7gZfjBd_Trsys_uze983jFrxNRlV2eCjSryMzbP8kgNS3I3cI11yyowsjV08evzCK_MEg_38jH3dU9y9F2gwDDAwEGAA2&estsfed=1&uaid=1b9ba598ef1c4718bf548acdb9395636&signup=1&lw=1&fl=easi2&fci=https%3a%2f%2f8d19784d-02f3d9a4.ency.cloud.orgid.com HTTP/1.1Host: l1ve.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /signup?sru=https://l1ve.ency.cloud/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https://22e7fe0a-02f3d9a4.ency.cloud HTTP/1.1Host: signup.ency.cloudConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: 4335iNfHgU+pmpyN0fZCvA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /login.srf?wa=wsignin1.0&rpsnv=159&checkda=1&ct=1724959229&rver=7.5.2156.0&wp=MBI_SSL&wreply=https%3A%2F%2Fsignup.ency.cloud%2Fsignup%3Fsru%3Dhttps%253a%252f%252fl1ve.ency.cloud%252foauth20_authorize.srf%253flc%253d1033%2526client_id%253d51483342-085c-4d86-bf88-cf50c7252078%2526mkt%253dEN-US%2526opid%253dE269E9D1D98D4545%2526opidt%253d1724959227%2526uaid%253d1b9ba598ef1c4718bf548acdb9395636%2526contextid%253d75F2B73860AC1050%2526opignore%253d1%26mkt%3DEN-US%26uiflavor%3Dweb%26lw%3D1%26fl%3Deasi2%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26uaid%3D1b9ba598ef1c4718bf548acdb9395636%26suc%3Dhttps%253a%252f%252f8d19784d-02f3d9a4.ency.cloud.orgid.com%26lic%3D1&lc=1033&id=68692&mkt=en-US&uaid=1b9ba598ef1c4718bf548acdb9395636 HTTP/1.1Host: l1ve.ency.cloudConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /signup?sru=https%3a%2f%2fl1ve.ency.cloud%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dE269E9D1D98D4545%26opidt%3d1724959227%26uaid%3d1b9ba598ef1c4718bf548acdb9395636%26contextid%3d75F2B73860AC1050%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=1b9ba598ef1c4718bf548acdb9395636&suc=https%3a%2f%2f22e7fe0a-02f3d9a4.ency.cloud&lic=1 HTTP/1.1Host: signup.ency.cloudConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.ency.cloudsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: aAIKyo1IZz/SFcfhO5TZoA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.ency.cloudsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /?session_id=1b9ba598ef1c4718bf548acdb9395636&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU HTTP/1.1Host: a5031de5-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /index.html HTTP/1.1Host: aa6c90d0-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /API/EvaluateExperimentAssignments HTTP/1.1Host: signup.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: dcd98dee-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /PXzC5j78di/main.min.js HTTP/1.1Host: 539d138f-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://aa6c90d0-02f3d9a4.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /error.aspx?e=404 HTTP/1.1Host: signup.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; MicrosoftApplicationsTelemetryDeviceId=cb71f57c-f934-43bd-9e5d-d645607d6f98; ai_session=bdSGTWOXIQJlpbAbGOE073\|1724959241856\|1724959241856
Source: global traffic	HTTP traffic detected: GET /Images/Clear.PNG?ctx=jscb1.0&session_id=1b9ba598ef1c4718bf548acdb9395636&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiZvcz1XaW4zMiZscHJvYz00Jm9sPXRydWUmcnR0PTE1MCZjaHJtPXRydWUmcHJvc3ViPTIwMDMwMTA3JmV2YWw9MzMmYXBwdj01LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExNy4wLjAuMCBTYWZhcmkvNTM3LjM2JmxzPXRydWUmZG09OCZtdHA9MCZuYz03NCZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4OTg0JnR6PS0zMDAmZHN0PTYwJnR6bz0tMjQwJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fdmxjX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2RldmFsdnIlM0RmYWxzZSUyNnBsdWdpbl9zdmdfdmlld2VyJTNEZmFsc2UlMjZwbHVnaW5famF2YSUzRGZhbHNlJmZoPTJhMjk4NDlhZjA3ZGQxNjFkZGM3MzA0MGJlMjVmM2YwJmZuPTExMiZsaD1odHRwcyUzQSUyRiUyRmE1MDMxZGU1LTAyZjNkOWE0LmVuY3kuY2xvdWQlMkYlM0ZzZXNzaW9uX2lkJTNEMWI5YmE1OThlZjFjNDcxOGJmNTQ4YWNkYjkzOTU2MzYlMjZDdXN0b21lcklkJTNEMzNlMDE5MjEtNGQ2NC00ZjhjLWEwNTUtNWJkYWZmZDVlMzNkJTI2UGFnZUlkJTNEU1UmZHI9aHR0cHMlM0ElMkYlMkZzaWdudXAuZW5jeS5jbG91ZCUyRiZ3PThEQ0M4NUZBRDNEMjQxNyZpZD05ZmI2MzJlOS05MTNmLTA0NmEtN2ZmMS04ZWQ2ODAzNTQ3MDgmYT0mYz1iMGVhZGI5MzQxNjZiNjk2MDdiODI1OTIyMzM2MTc2ZA==&eci=eyJ1dmRyIjoiR29vZ2xlIEluYy4gKEdvb2dsZSkiLCJ1cmRyIjoiQU5HTEUgKEdvb2dsZSwgVnVsa2FuIDEuMy4wIChTd2lmdFNoYWRlciBEZXZpY2UgKFN1Ynplcm8pICgweDAwMDBDMERFKSksIFN3aWZ0U2hhZGVyIGRyaXZlcikiLCJ2ZHIiOiJXZWJLaXQiLCJyZHIiOiJXZWJLaXQgV2ViR0wiLCJpZHVoIjoiMTViNmNhNDcyNjliZTQyODc1Njg1MDY5MzdlOTkxN2MifQ==&PageId=SU&u1=&u3=10.0.0&u4=x86&u5=64&u2=(Google%20Chrome%2C117.0.5938.132)%2C(Not%3BA%3DBrand%2C8.0.0.0)%2C(Chromium%2C117.0.5938.132) HTTP/1.1Host: a5031de5-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://a5031de5-02f3d9a4.ency.cloud/?session_id=1b9ba598ef1c4718bf548acdb9395636&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SUAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /Clear.HTML?ctx=Ls1.0&wl=False&session_id=1b9ba598ef1c4718bf548acdb9395636&id=9fb632e9-913f-046a-7ff1-8ed680354708&w=8DCC85FAD3D2417&tkt=taBcrIH61PuCVH7eNCyH0I1otfYAPn9VOPY9aMX8tO3hCXPNlVDxpRibcTlQbOtY1DlhscQn6tWslMfLbgo029ojdbLb7Gn4zoJwGwlUM7U7%252fAIqdc3aFenBEcEypU5oMCiucj55ZBG%252f6a578Wy8w62NzKJjSKxvJvA2KZ1D1GdikNgowM%252f2%252bLNPhr%252beUxMLdedJtaNkwJxKmyyjgjheFFRnCeiOtV5TI3L3mSkzsNIamzIh%252bQKpKaWTIubEt0uWuz6mrraH1UD4zmCNnh0ao8kvd6BbLxOWoaZ3WR8jX1w0l3M8Gx9NnVRUckOLy1x8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d HTTP/1.1Host: 258f46e4-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://a5031de5-02f3d9a4.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /ns?c=ca0d5630-663b-11ef-b954-8b91b831308d HTTP/1.1Host: 9b36d051-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://aa6c90d0-02f3d9a4.ency.cloudSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://aa6c90d0-02f3d9a4.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /PXzC5j78di/main.min.js HTTP/1.1Host: 539d138f-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: 6ea3e58b-02f3d9a4.ency.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.ency.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; pxcts=cb0240e0-663b-11ef-a4a3-6f6e8d41c611; _pxvid=cb0233b9-663b-11ef-a4a3-f0d08f044678; _pxde=fa1dbab57d6955ca3fdd325bd59af92d0fb51c11a4874206c05f6b0cf879f032:eyJ0aW1lc3RhbXAiOjE3MjQ5NTkyNDY3MjcsImZfa2IiOjAsImlwY19pZCI6W119
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0; pxcts=cb0240e0-663b-11ef-a4a3-6f6e8d41c611; _pxvid=cb0233b9-663b-11ef-a4a3-f0d08f044678; _pxde=fa1dbab57d6955ca3fdd325bd59af92d0fb51c11a4874206c05f6b0cf879f032:eyJ0aW1lc3RhbXAiOjE3MjQ5NTkyNDY3MjcsImZfa2IiOjAsImlwY19pZCI6W119Sec-WebSocket-Key: 4cJIjT5AWvzZD2FKyZtGQg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=ca0d5630-663b-11ef-b954-8b91b831308d HTTP/1.1Host: 9b36d051-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /Images/Clear.PNG?ctx=jscb1.0&session_id=1b9ba598ef1c4718bf548acdb9395636&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiZvcz1XaW4zMiZscHJvYz00Jm9sPXRydWUmcnR0PTE1MCZjaHJtPXRydWUmcHJvc3ViPTIwMDMwMTA3JmV2YWw9MzMmYXBwdj01LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExNy4wLjAuMCBTYWZhcmkvNTM3LjM2JmxzPXRydWUmZG09OCZtdHA9MCZuYz03NCZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4OTg0JnR6PS0zMDAmZHN0PTYwJnR6bz0tMjQwJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fdmxjX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2RldmFsdnIlM0RmYWxzZSUyNnBsdWdpbl9zdmdfdmlld2VyJTNEZmFsc2UlMjZwbHVnaW5famF2YSUzRGZhbHNlJmZoPTJhMjk4NDlhZjA3ZGQxNjFkZGM3MzA0MGJlMjVmM2YwJmZuPTExMiZsaD1odHRwcyUzQSUyRiUyRmE1MDMxZGU1LTAyZjNkOWE0LmVuY3kuY2xvdWQlMkYlM0ZzZXNzaW9uX2lkJTNEMWI5YmE1OThlZjFjNDcxOGJmNTQ4YWNkYjkzOTU2MzYlMjZDdXN0b21lcklkJTNEMzNlMDE5MjEtNGQ2NC00ZjhjLWEwNTUtNWJkYWZmZDVlMzNkJTI2UGFnZUlkJTNEU1UmZHI9aHR0cHMlM0ElMkYlMkZzaWdudXAuZW5jeS5jbG91ZCUyRiZ3PThEQ0M4NUZBRDNEMjQxNyZpZD05ZmI2MzJlOS05MTNmLTA0NmEtN2ZmMS04ZWQ2ODAzNTQ3MDgmYT0mYz1iMGVhZGI5MzQxNjZiNjk2MDdiODI1OTIyMzM2MTc2ZA==&eci=eyJ1dmRyIjoiR29vZ2xlIEluYy4gKEdvb2dsZSkiLCJ1cmRyIjoiQU5HTEUgKEdvb2dsZSwgVnVsa2FuIDEuMy4wIChTd2lmdFNoYWRlciBEZXZpY2UgKFN1Ynplcm8pICgweDAwMDBDMERFKSksIFN3aWZ0U2hhZGVyIGRyaXZlcikiLCJ2ZHIiOiJXZWJLaXQiLCJyZHIiOiJXZWJLaXQgV2ViR0wiLCJpZHVoIjoiMTViNmNhNDcyNjliZTQyODc1Njg1MDY5MzdlOTkxN2MifQ==&PageId=SU&u1=&u3=10.0.0&u4=x86&u5=64&u2=(Google%20Chrome%2C117.0.5938.132)%2C(Not%3BA%3DBrand%2C8.0.0.0)%2C(Chromium%2C117.0.5938.132) HTTP/1.1Host: a5031de5-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: 6ea3e58b-02f3d9a4.ency.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /02f3d9a46eef4029b93e04119111d9c5/ HTTP/1.1Host: hkwyolawofficelogin.ency.cloudConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hkwyolawofficelogin.ency.cloudSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8KzvMs="MDJmM2Q5YTQtNmVlZi00MDI5LWI5M2UtMDQxMTkxMTFkOWM1OmQwZTg4Nzc3LWVlZTItNDQ5MC1hZTBjLWNkYTNmMGVkMjA1Nw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0; pxcts=cb0240e0-663b-11ef-a4a3-6f6e8d41c611; _pxvid=cb0233b9-663b-11ef-a4a3-f0d08f044678; _px3=ad3a00f89e099b65ae745f40c6fed37b7cfe864e5facdeff1e72a74ca1f94bed:X6dqCBcRklJPLoa5g3KnWFwtFIAt/TX+Ryp7TYutEWIqVHdhQ4HoTN1PagXaENqQcs9w0KOW0ihAkoTEy7Qaqg==:1000:aSodwnXnrhz2bCvlev4qaFv/ebOjiNYl2cWIY7sb46K2iNLA+ERcZh/5Zh2sNGzbc5S+pnhyluyBqMX0ugES7BdBZQ5pInSBsQP5kreKxrVW6XUAesSZ98BRO+Km7bS5Ttb+sucAApMvLOQcPTA6Ywm2X8PA/F1R8/8jsdlgYkUCvo7N17kq6rBY9KDS2WwANuyUyI5R026fvwJ6GigoIXFboCeVLQ1Gkv7Ku8tI4Ak=; _pxde=c38b979aa48a8921f8ccdb7ad9ba24a5630cb1a7e0637c9b11432abec36897f1:eyJ0aW1lc3RhbXAiOjE3MjQ5NTkyNTIxMzMsImZfa2IiOjAsImlwY19pZCI6W119Sec-WebSocket-Key: qMS+LT68R6qb9H9ODMvqRw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: global traffic	DNS traffic detected: DNS query: hkwyolaw.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: g.fastcdn.co
Source: global traffic	DNS traffic detected: DNS query: v.fastcdn.co
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.instapagemetrics.com
Source: global traffic	DNS traffic detected: DNS query: ec.instapagemetrics.com
Source: global traffic	DNS traffic detected: DNS query: hkwyolawofficelogin.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 86b155fe-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: bfd0284f-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: a58b77c9-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: l1ve.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 8d19784d-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: signup.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: dcd98dee-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 3cb44b12-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: e7de3c1c-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: abd318b4-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: a5031de5-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: aa6c90d0-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 539d138f-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 766c2f61-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 258f46e4-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: 9b36d051-02f3d9a4.ency.cloud
Source: global traffic	DNS traffic detected: DNS query: collector-pxzc5j78di.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: 6ea3e58b-02f3d9a4.ency.cloud

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: a842e37b-0e1b-482f-9d13-19a5d8ec2b00x-ms-ests-server: 2.1.18794.6 - SEASLR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: f3f48bd4-c1de-4088-9e7c-294dd82b8700x-ms-ests-server: 2.1.18794.6 - KRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: 4530b1a1-63d4-4b6f-b033-cc1522137bd9x-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 1D99660DF5454FE09248E91B71CD4A63 Ref B: AMS231032610035 Ref C: 2024-08-29T19:20:18Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 2c3fb01d-2b4e-46d0-8a93-14459dc14901x-ms-ests-server: 2.1.18794.6 - JPE ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: e685657d-1fba-4406-ba1c-95ad5dedfe01x-ms-ests-server: 2.1.18794.6 - KRSLR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 3da42625-4137-4793-950c-99f3f81ba200x-ms-ests-server: 2.1.18794.6 - KRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:20:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 2c3fb01d-2b4e-46d0-8a93-14455ec54901x-ms-ests-server: 2.1.18794.6 - JPE ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Aug 2024 19:21:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 78f636f0-872c-4d41-8f7a-2d68891c9600x-ms-ests-server: 2.1.18794.6 - KRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfd0284f-02f3d9a4.ency.cloud/api/report?catId=GW+estsfd+sin"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: chromecache_140.2.dr, chromecache_128.2.dr	String found in binary or memory: http://bit.ly/sp-js)
Source: chromecache_112.2.dr	String found in binary or memory: https://app.instapage.com/ajax/pageserver/files/serve-file
Source: chromecache_112.2.dr, chromecache_131.2.dr	String found in binary or memory: https://cdn.instapagemetrics.com/t/js/3/it.js
Source: chromecache_90.2.dr, chromecache_112.2.dr, chromecache_131.2.dr	String found in binary or memory: https://ec.instapagemetrics.com
Source: chromecache_112.2.dr	String found in binary or memory: https://g.fastcdn.co/js/cm.js
Source: chromecache_90.2.dr, chromecache_142.2.dr, chromecache_131.2.dr, chromecache_117.2.dr, chromecache_106.2.dr, chromecache_136.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_90.2.dr, chromecache_142.2.dr, chromecache_131.2.dr, chromecache_117.2.dr, chromecache_106.2.dr, chromecache_136.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.21.1/LICENSE
Source: chromecache_112.2.dr	String found in binary or memory: https://hkwyolaw.ency.cloud
Source: chromecache_112.2.dr	String found in binary or memory: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt
Source: chromecache_112.2.dr	String found in binary or memory: https://hkwyolawofficelogin.ency.cloud/?mF3s=lt
Source: chromecache_112.2.dr	String found in binary or memory: https://storage.googleapis.com/instapage-assets/favicon/favicon-64x64.ico

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49761 version: TLS 1.2

Source: classification engine

Classification label: mal80.phis.win@18/96@76/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2000,i,17870269698083817735,11241588252409947018,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hkwyolaw.ency.cloud/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2000,i,17870269698083817735,11241588252409947018,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1501394
Product:	CloudBasic
Start time:	21:18:53
Start date:	29.08.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://hkwyolaw.ency.cloud/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://hkwyolaw.ency.cloud/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://hkwyolaw.ency.cloud/