Windows Analysis Report
https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fadmin.microsoft.com%2Fadminportal%2Fhome%3F%23%2FsubscriΡtions&p=bT0wN2RkNTQyZS1hZGNiLTQyZTgtODFiYS0zZDdjYjNmYTEyNTYmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1ob21l

Overview

General Information

Sample URL:	https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fadmin.microsoft.com%2Fadminportal%2Fhome%3F%23%2FsubscriΡtions&p=bT0wN2RkNTQyZS1hZGNiLTQyZTgtODFiYS0zZDdjYjNmYTEyNTYmcz0wMDAwM
Analysis ID:	1501916
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Classification

Signatures

HTML body contains low number of good links

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true	HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0

HTTP Parser: Base64 decoded: 8dd5b474-c918-40fa-882b-b8c8233a9878ac23d0d4-6e9a-43aa-96b7-12fa7aa2be65

HTML title does not match URL

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d3FED2D1BB2A9063D%26opidt%3d1725035589%26uaid%3d176ed3cd16544edda2fd4ba7fcbcc236%26contextid%3dF73B7E951EFA85C4%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=176ed3cd16544edda2fd4ba7fcbcc236&suc=00000006-0000-0ff1-ce00-000000000000&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d3FED2D1BB2A9063D%26opidt%3d1725035589%26uaid%3d176ed3cd16544edda2fd4ba7fcbcc236%26contextid%3dF73B7E951EFA85C4%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=176ed3cd16544edda2fd4ba7fcbcc236&suc=00000006-0000-0ff1-ce00-000000000000&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d3FED2D1BB2A9063D%26opidt%3d1725035589%26uaid%3d176ed3cd16544edda2fd4ba7fcbcc236%26contextid%3dF73B7E951EFA85C4%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=176ed3cd16544edda2fd4ba7fcbcc236&suc=00000006-0000-0ff1-ce00-000000000000&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d3FED2D1BB2A9063D%26opidt%3d1725035589%26uaid%3d176ed3cd16544edda2fd4ba7fcbcc236%26contextid%3dF73B7E951EFA85C4%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=176ed3cd16544edda2fd4ba7fcbcc236&suc=00000006-0000-0ff1-ce00-000000000000&lic=1	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: nam.safelink.emails.azure.net to https://admin.microsoft.com/adminportal/home?#/subscriptions

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.205.0
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.205.0
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.137
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.137
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /redirect/?destination=https%3A%2F%2Fadmin.microsoft.com%2Fadminportal%2Fhome%3F%23%2Fsubscriptions&p=bT0wN2RkNTQyZS1hZGNiLTQyZTgtODFiYS0zZDdjYjNmYTEyNTYmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1ob21l HTTP/1.1Host: nam.safelink.emails.azure.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=8e918b00-66ed-11ef-8007-db71fc4d53af HTTP/1.1Host: stk.hsprotect.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://msft.hsprotect.netSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://msft.hsprotect.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=8e918b00-66ed-11ef-8007-db71fc4d53af HTTP/1.1Host: stk.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: nam.safelink.emails.azure.net
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: signup.live.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: fpt.live.com
Source: global traffic	DNS traffic detected: DNS query: msft.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: client.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: stk.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: collector-pxzc5j78di.hsprotect.net

Source: unknown

HTTP traffic detected: POST /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveContent-Length: 612sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-type: application/x-www-form-urlencodedAccept: */*Origin: https://msft.hsprotect.netSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://msft.hsprotect.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_112.2.dr, chromecache_103.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_93.2.dr, chromecache_79.2.dr, chromecache_99.2.dr, chromecache_110.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_93.2.dr, chromecache_79.2.dr, chromecache_99.2.dr, chromecache_110.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_109.2.dr	String found in binary or memory: https://client.hsprotect.net/PXzC5j78di/main.min.js
Source: chromecache_94.2.dr	String found in binary or memory: https://fpt.live.com/
Source: chromecache_83.2.dr, chromecache_93.2.dr, chromecache_89.2.dr, chromecache_112.2.dr, chromecache_79.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_110.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_75.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_75.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@21/67@36/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2220,i,16230979761057172952,5645982782825242545,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fadmin.microsoft.com%2Fadminportal%2Fhome%3F%23%2Fsubscriptions&p=bT0wN2RkNTQyZS1hZGNiLTQyZTgtODFiYS0zZDdjYjNmYTEyNTYmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1ob21l"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2220,i,16230979761057172952,5645982782825242545,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.42	s-part-0014.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.63	s-part-0035.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
35.190.10.96	inbound-weighted.protechts.net	United States	15169	GOOGLEUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
34.107.199.61	stk.hsprotect.net	United States	15169	GOOGLEUS	false
13.107.246.73	s-part-0045.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	sni1gl.wpc.alphacdn.net	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
s-part-0014.t-0009.t-msedge.net	13.107.246.42	true
inbound-weighted.protechts.net	35.190.10.96	true
sni1gl.wpc.alphacdn.net	152.199.21.175	true
sni1gl.wpc.omegacdn.net	152.199.21.175	true
www.google.com	142.250.186.132	true
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true
stk.hsprotect.net	34.107.199.61	true
s-part-0045.t-0009.t-msedge.net	13.107.246.73	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
nam.safelink.emails.azure.net	unknown	unknown
signup.live.com	unknown	unknown
client.hsprotect.net	unknown	unknown
identity.nel.measure.office.net	unknown	unknown
msft.hsprotect.net	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
collector-pxzc5j78di.hsprotect.net	unknown	unknown
logincdn.msftauth.net	unknown	unknown
login.microsoftonline.com	unknown	unknown
fpt.live.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js	false	Avira URL Cloud: safe	unknown
https://stk.hsprotect.net/ns?c=8e918b00-66ed-11ef-8007-db71fc4d53af	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js	false	Avira URL Cloud: safe	unknown
https://collector-pxzc5j78di.hsprotect.net/api/v2/msft	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js	false	URL Reputation: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	ASCII text, with no line terminators	AAAB7A355103063D9EEB4824A3A6B374	E51555F02C32321F3E48F07A0FA5AF46DF835BFC	79BA862622D6FA84AC7E4F98EB95043A255FC2C81711E9400A8AA4D4B1608471
Chrome Cache Entry: 101	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 102	ASCII text, with no line terminators	9AA944A957E251529CCAC696D6608E4F	AB49ABC5AFF324B9134F0B33E833446158923866	2F276D600D41568347F52FC97D64113E0A755D08A0E2CC1BB0080A397D389EF3
Chrome Cache Entry: 103	ASCII text, with very long lines (45797)	033A93064FBF6C5BEA2377A5D08D554D	75524ED095D9ACDD42EA8D67D38A5B0793081D70	1EC87632EE58734951AA02813EF07AD377126A39A16F063C181519B98FFFFC07
Chrome Cache Entry: 104	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 105	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678	BCD68C8A4F1BB13B272E02FDA0EB5460	57C81EE13D027556D54744C9246226E1E85C211C	25D5832DE46E5170761BA826342655D7C5550451332E4086EC366E79D359BD51
Chrome Cache Entry: 106	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 107	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 108	ASCII text, with no line terminators	F955BC05661F6D436E9D0F787A1E8B47	B39F244C51B4B87726CBE4FE98CF04F0076728CD	2D4EDDC91424E8059B6E1C0A2197C23FB973B42F7222246D07C850E6804CBB43
Chrome Cache Entry: 109	HTML document, ASCII text, with very long lines (918)	5DC258F6742F6D22A4CD80F50926ED70	2925F965C31990E0F883E2E885A3D57056168DCC	3B8D3C93FD78C24F4C175C8515E4A5DF79AEE536AF4CED58BA078EA591569EAC
Chrome Cache Entry: 110	ASCII text, with very long lines (64616)	D8FF67E1334DAD67202B05BA32DEAD18	7AAA398BA53310D793E4BB28E6D5F118EF342254	4DC06BDE66FF69C3CD7A67B5745C329571334A98ED7AF7C356241CFED32FA6D2
Chrome Cache Entry: 111	ASCII text, with very long lines (61177)	41955034BB6BC6963DF5A8ECA72C5B81	D4B9E8C46100BDDACE8DFA08BDFF1F6F3D3B0A81	1F8CEB44FE7CFCF7E71DBD5122210335CA3821D697A851D2900B95AF7D92D69D
Chrome Cache Entry: 112	ASCII text, with very long lines (45797)	033A93064FBF6C5BEA2377A5D08D554D	75524ED095D9ACDD42EA8D67D38A5B0793081D70	1EC87632EE58734951AA02813EF07AD377126A39A16F063C181519B98FFFFC07
Chrome Cache Entry: 113	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678	BCD68C8A4F1BB13B272E02FDA0EB5460	57C81EE13D027556D54744C9246226E1E85C211C	25D5832DE46E5170761BA826342655D7C5550451332E4086EC366E79D359BD51
Chrome Cache Entry: 114	Unicode text, UTF-8 text, with very long lines (32057)	B59C16ABA59DB0BC490C85B30C0B60E8	7B708EC7EDC902283A755FC0BF4E767A2A28473E	D65E2644BEA71489D43203AA2ABCBA471C847BF2A176963BE8DB62BF1A70F7A5
Chrome Cache Entry: 115	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 73	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 74	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 75	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators	CB06E9A552B197D5C0EA600B431A3407	04E167433F2F1038C78F387F8A166BB6542C2008	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
Chrome Cache Entry: 76	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 77	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 78	ASCII text, with very long lines (65402)	57AC9C551618BB448D0886AEC11A4DAC	292F8E122C7EE4CB38B5E58EC7EF9BDE5F7BD86E	AA07C6925D39E7350092AAFE9C6FC0C1F47DC22AAA9526053220B8D8601E152F
Chrome Cache Entry: 79	ASCII text, with very long lines (46090)	2509D4C564AFC2C77D16BA6CA509B39F	201F1D80F8EEA9F5E8A7A7224CFF18674344F886	D468D9F009E53FE1C47B9D6FDEFA3FF1A8C239973F11A6F892848E341EA17CCD
Chrome Cache Entry: 80	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 81	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 82	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 83	ASCII text, with very long lines (64612)	21FB66A712FCAB3BF6667404C78631D6	6011F3E397AEB5B807EB6BE1A08ABFD302E9D253	BAB311BF22661B153353A159F0EC931DBCB79F950FA37DAF9D0FF180CBF45DEB
Chrome Cache Entry: 84	JSON data	5FC018D9E6C56911BBC8DC5DDCD0C768	70979F57A85D527ED8ABCBF02CFF44640C58BDE6	2E6D78A4AE644F3B60AFD3C33E66539FF6C5F6A8ED6ABC40A3AF06AC020EC020
Chrome Cache Entry: 85	Unicode text, UTF-8 text, with very long lines (32057)	B59C16ABA59DB0BC490C85B30C0B60E8	7B708EC7EDC902283A755FC0BF4E767A2A28473E	D65E2644BEA71489D43203AA2ABCBA471C847BF2A176963BE8DB62BF1A70F7A5
Chrome Cache Entry: 86	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 901881	05A20B73D23C52A09386F3222045E62D	0991D7FD9A84F82DD39FBE065C0070D3196F497C	BAB90DCF5FE87AB6DDEED7339CC36967BA7188CE3E01CCF7C65D9369056C41A4
Chrome Cache Entry: 87	ASCII text, with no line terminators	AAAB7A355103063D9EEB4824A3A6B374	E51555F02C32321F3E48F07A0FA5AF46DF835BFC	79BA862622D6FA84AC7E4F98EB95043A255FC2C81711E9400A8AA4D4B1608471
Chrome Cache Entry: 88	ASCII text, with no line terminators	F79FFC1767406D43B996B050CEC09ED2	EA4F919251BCDE6EE3CB2E45C0356E1FA3B86661	1E62D5B3EFE0ECE892FF79BD65457FF2DC48A840444AFD53DEEDF2F2869BD685
Chrome Cache Entry: 89	ASCII text, with very long lines (64612)	21FB66A712FCAB3BF6667404C78631D6	6011F3E397AEB5B807EB6BE1A08ABFD302E9D253	BAB311BF22661B153353A159F0EC931DBCB79F950FA37DAF9D0FF180CBF45DEB
Chrome Cache Entry: 90	HTML document, ASCII text, with very long lines (2633), with CRLF line terminators	4AC5534BE757FE00AEA3FBB26567219E	FCA6AF338CAE9AA53C2C0DB17DD6018812A3ACE9	C2C749250D965D76D6D1D81C087F65D74F471E274AADDBA9953E0917F0B75023
Chrome Cache Entry: 91	ASCII text, with very long lines (65402)	57AC9C551618BB448D0886AEC11A4DAC	292F8E122C7EE4CB38B5E58EC7EF9BDE5F7BD86E	AA07C6925D39E7350092AAFE9C6FC0C1F47DC22AAA9526053220B8D8601E152F
Chrome Cache Entry: 92	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 93	ASCII text, with very long lines (46090)	2509D4C564AFC2C77D16BA6CA509B39F	201F1D80F8EEA9F5E8A7A7224CFF18674344F886	D468D9F009E53FE1C47B9D6FDEFA3FF1A8C239973F11A6F892848E341EA17CCD
Chrome Cache Entry: 94	HTML document, Unicode text, UTF-8 text, with very long lines (23178), with CRLF line terminators	CDE6B6665DA94B30CB27846D7F98960C	3F5BAC1B78CA3DA21A1B34502228EF5645ADA94E	3736E423F162E08CEADF5B06CDBBCAA9B3720F6870B1220E2B83B157959489A5
Chrome Cache Entry: 95	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 96	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 901881	05A20B73D23C52A09386F3222045E62D	0991D7FD9A84F82DD39FBE065C0070D3196F497C	BAB90DCF5FE87AB6DDEED7339CC36967BA7188CE3E01CCF7C65D9369056C41A4
Chrome Cache Entry: 97	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 98	ASCII text, with no line terminators	06B313E93DD76909460FBFC0CD98CB6B	C4F9B2BBD840A4328F85F54873C434336A193888	B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
Chrome Cache Entry: 99	ASCII text, with very long lines (64616)	D8FF67E1334DAD67202B05BA32DEAD18	7AAA398BA53310D793E4BB28E6D5F118EF342254	4DC06BDE66FF69C3CD7A67B5745C329571334A98ED7AF7C356241CFED32FA6D2

HTML body contains low number of good links

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true	HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

HTTP Parser: Base64 decoded: 8dd5b474-c918-40fa-882b-b8c8233a9878ac23d0d4-6e9a-43aa-96b7-12fa7aa2be65

HTML title does not match URL

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d3FED2D1BB2A9063D%26opidt%3d1725035589%26uaid%3d176ed3cd16544edda2fd4ba7fcbcc236%26contextid%3dF73B7E951EFA85C4%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=176ed3cd16544edda2fd4ba7fcbcc236&suc=00000006-0000-0ff1-ce00-000000000000&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d3FED2D1BB2A9063D%26opidt%3d1725035589%26uaid%3d176ed3cd16544edda2fd4ba7fcbcc236%26contextid%3dF73B7E951EFA85C4%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=176ed3cd16544edda2fd4ba7fcbcc236&suc=00000006-0000-0ff1-ce00-000000000000&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d3FED2D1BB2A9063D%26opidt%3d1725035589%26uaid%3d176ed3cd16544edda2fd4ba7fcbcc236%26contextid%3dF73B7E951EFA85C4%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=176ed3cd16544edda2fd4ba7fcbcc236&suc=00000006-0000-0ff1-ce00-000000000000&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d3FED2D1BB2A9063D%26opidt%3d1725035589%26uaid%3d176ed3cd16544edda2fd4ba7fcbcc236%26contextid%3dF73B7E951EFA85C4%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=176ed3cd16544edda2fd4ba7fcbcc236&suc=00000006-0000-0ff1-ce00-000000000000&lic=1	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DGdToELmZ3YbyI-gKi85PXqLwJ-r7GrFRuOOxkZq3hzAV6NnFBftcuFvQP4xWUST1xzYpCzSG4sx-Mhrs0RcPAIMm1wVmXoRXYl7NUB0sulWpz-Vw1T3K8SB3CnlQdNrdHXQSzbm4plzBIUrbrWN-pACdijsKN_u04ZoF07uz0cA55kBMxzXKF5gcGQtsp3Pc&response_mode=form_post&nonce=638606323714428193.OGRkNWI0NzQtYzkxOC00MGZhLTg4MmItYjhjODIzM2E5ODc4YWMyM2QwZDQtNmU5YS00M2FhLTk2YjctMTJmYTdhYTJiZTY1&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=176ed3cd-1654-4edd-a2fd-4ba7fcbcc236&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: nam.safelink.emails.azure.net to https://admin.microsoft.com/adminportal/home?#/subscriptions

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.205.0
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.205.0
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.137
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.137
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /redirect/?destination=https%3A%2F%2Fadmin.microsoft.com%2Fadminportal%2Fhome%3F%23%2Fsubscriptions&p=bT0wN2RkNTQyZS1hZGNiLTQyZTgtODFiYS0zZDdjYjNmYTEyNTYmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1ob21l HTTP/1.1Host: nam.safelink.emails.azure.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=8e918b00-66ed-11ef-8007-db71fc4d53af HTTP/1.1Host: stk.hsprotect.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://msft.hsprotect.netSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://msft.hsprotect.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=8e918b00-66ed-11ef-8007-db71fc4d53af HTTP/1.1Host: stk.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: nam.safelink.emails.azure.net
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: signup.live.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: fpt.live.com
Source: global traffic	DNS traffic detected: DNS query: msft.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: client.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: stk.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: collector-pxzc5j78di.hsprotect.net

Source: unknown

Source: chromecache_112.2.dr, chromecache_103.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_93.2.dr, chromecache_79.2.dr, chromecache_99.2.dr, chromecache_110.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_93.2.dr, chromecache_79.2.dr, chromecache_99.2.dr, chromecache_110.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_109.2.dr	String found in binary or memory: https://client.hsprotect.net/PXzC5j78di/main.min.js
Source: chromecache_94.2.dr	String found in binary or memory: https://fpt.live.com/
Source: chromecache_83.2.dr, chromecache_93.2.dr, chromecache_89.2.dr, chromecache_112.2.dr, chromecache_79.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_110.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_75.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_75.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@21/67@36/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2220,i,16230979761057172952,5645982782825242545,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fadmin.microsoft.com%2Fadminportal%2Fhome%3F%23%2Fsubscriptions&p=bT0wN2RkNTQyZS1hZGNiLTQyZTgtODFiYS0zZDdjYjNmYTEyNTYmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1ob21l"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2220,i,16230979761057172952,5645982782825242545,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1501916
Product:	CloudBasic
Start time:	18:31:54
Start date:	30.08.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fadmin.microsoft.com%2Fadminportal%2Fhome%3F%23%2FsubscriΡtions&p=bT0wN2RkNTQyZS1hZGNiLTQyZTgtODFiYS0zZDdjYjNmYTEyNTYmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1ob21l

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fadmin.microsoft.com%2Fadminportal%2Fhome%3F%23%2FsubscriΡtions&p=bT0wN2RkNTQyZS1hZGNiLTQyZTgtODFiYS0zZDdjYjNmYTEyNTYmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1ob21l

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fadmin.microsoft.com%2Fadminportal%2Fhome%3F%23%2FsubscriΡtions&p=bT0wN2RkNTQyZS1hZGNiLTQyZTgtODFiYS0zZDdjYjNmYTEyNTYmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1ob21l