Windows Analysis Report
https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1

Overview

General Information

Sample URL:	https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1
Analysis ID:	1520327
Infos:

Detection

HTMLPhisher

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Suricata IDS alerts for network traffic

Yara detected HtmlPhish29

Yara detected HtmlPhish54

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected hidden input values containing email addresses (often used in phishing pages)

Form action URLs do not match main URL

Found iframes

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://cnrsys.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	Avira URL Cloud: Label: phishing
Source: https://cnrsys.com/.jhg/	Avira URL Cloud: Label: phishing
Source: https://cnrsys.com/cdn-cgi/challenge-platform/h/g/jsd/r/8c9960913bc242c7	Avira URL Cloud: Label: phishing
Source: https://cnrsys.com/cdn-cgi/challenge-platform/h/g/jsd/r/8c99609c4fe34276	Avira URL Cloud: Label: phishing
Source: https://cnrsys.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0#

LLM: Score: 9 Reasons: The brand 'HOERBIGER' is known and has an official domain 'hoerbiger.com'., The provided URL '69cde8a9-b98cbfac.signform.us' does not match the legitimate domain 'hoerbiger.com'., The URL contains suspicious elements such as a random string and an unusual domain extension 'signform.us'., The use of a subdomain with a random string is a common tactic in phishing attempts., The input fields requesting a password and sign-in credentials are typical targets for phishing. DOM: 12.4.pages.csv

Yara detected HtmlPhish29

Source: Yara match

File source: 4.0.pages.csv, type: HTML

Yara detected HtmlPhish54

Source: Yara match	File source: 10.24.id.script.csv, type: HTML
Source: Yara match	File source: 10.3.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1#40444/docu8ign.web.app/user/settings/notification-4e0rr70db9ec/oauth2/_3TUE34aDfFZ4KFYPT2LS/redirecting_to_organisation

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

Detected hidden input values containing email addresses (often used in phishing pages)

HTTP Parser: stefan.bubestinger@hoerbiger.com

Form action URLs do not match main URL

HTTP Parser: Form action: https://login.microsoftonline.com/common/login web microsoftonline

Found iframes

HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

HTML body contains low number of good links

Source: https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1#40444/docu8ign.web.app/user/settings/notification-4e0rr70db9ec/oauth2/_3TUE34aDfFZ4KFYPT2LS/redirecting_to_organisation	HTTP Parser: Number of links: 0
Source: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0#	HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.com#/common/oauth2/authorize?client_id=0.45184072966307-0ff1-0.062128664488964&auth=1-0.95789965379885

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

HTML title does not match URL

HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.com#/common/oauth2/authorize?client_id=0.45184072966307-0ff1-0.062128664488964&auth=1-0.95789965379885	HTTP Parser: No favicon
Source: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0#	HTTP Parser: No favicon

Source: https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1#40444/docu8ign.web.app/user/settings/notification-4e0rr70db9ec/oauth2/_3TUE34aDfFZ4KFYPT2LS/redirecting_to_organisation	HTTP Parser: No <meta name="author".. found
Source: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0#	HTTP Parser: No <meta name="author".. found

Source: https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1#40444/docu8ign.web.app/user/settings/notification-4e0rr70db9ec/oauth2/_3TUE34aDfFZ4KFYPT2LS/redirecting_to_organisation	HTTP Parser: No <meta name="copyright".. found
Source: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0#	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49729 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 206.206.125.198:443 -> 192.168.2.5:49751

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /.jhg/ HTTP/1.1Host: cnrsys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: cnrsys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: McbEYet2v09v_3mL4sQI2byZSN8=yvHly5o5fyP3h84K6G_T2AUi0gk; Hf0Pjp-DSxE9Av575dQ0UtIZPm4=1727417913; otTRaleSHwO5ofIElCiiijhfVFk=1727504313; meWWe2_espbdrxvUJHYxXvRB2Uo=CM76pA-ZlAOqg04ulzzxvwGM4_U; ZuEkyrklGF1CBRt5A7qtYcXb9O4=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /.jhg/ HTTP/1.1Host: cnrsys.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://cnrsys.com/.jhg/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: McbEYet2v09v_3mL4sQI2byZSN8=yvHly5o5fyP3h84K6G_T2AUi0gk; Hf0Pjp-DSxE9Av575dQ0UtIZPm4=1727417913; otTRaleSHwO5ofIElCiiijhfVFk=1727504313; meWWe2_espbdrxvUJHYxXvRB2Uo=CM76pA-ZlAOqg04ulzzxvwGM4_U; ZuEkyrklGF1CBRt5A7qtYcXb9O4=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; zEnEuj91S7R0AJxSrRV_wCsAUQA=1727417915; S-f7HVeKw3jZHc7j-xrPP51lHEE=1727504315; ZDbk1gXpcq4Sa0Y9D2ZondlRw74=xSwK5DLtLfziIvBBNjwsLzS6sts
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js? HTTP/1.1Host: cnrsys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: McbEYet2v09v_3mL4sQI2byZSN8=yvHly5o5fyP3h84K6G_T2AUi0gk; Hf0Pjp-DSxE9Av575dQ0UtIZPm4=1727417913; otTRaleSHwO5ofIElCiiijhfVFk=1727504313; meWWe2_espbdrxvUJHYxXvRB2Uo=CM76pA-ZlAOqg04ulzzxvwGM4_U; ZuEkyrklGF1CBRt5A7qtYcXb9O4=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; zEnEuj91S7R0AJxSrRV_wCsAUQA=1727417915; S-f7HVeKw3jZHc7j-xrPP51lHEE=1727504315; ZDbk1gXpcq4Sa0Y9D2ZondlRw74=xSwK5DLtLfziIvBBNjwsLzS6sts
Source: global traffic	HTTP traffic detected: GET /5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1 HTTP/1.1Host: docu8ign.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://cnrsys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://docu8ign.web.appsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://docu8ign.web.appsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://docu8ign.web.appsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js? HTTP/1.1Host: cnrsys.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: McbEYet2v09v_3mL4sQI2byZSN8=yvHly5o5fyP3h84K6G_T2AUi0gk; Hf0Pjp-DSxE9Av575dQ0UtIZPm4=1727417913; otTRaleSHwO5ofIElCiiijhfVFk=1727504313; meWWe2_espbdrxvUJHYxXvRB2Uo=CM76pA-ZlAOqg04ulzzxvwGM4_U; ZuEkyrklGF1CBRt5A7qtYcXb9O4=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; zEnEuj91S7R0AJxSrRV_wCsAUQA=1727417915; S-f7HVeKw3jZHc7j-xrPP51lHEE=1727504315; ZDbk1gXpcq4Sa0Y9D2ZondlRw74=xSwK5DLtLfziIvBBNjwsLzS6sts
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/8c99609c4fe34276 HTTP/1.1Host: cnrsys.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: McbEYet2v09v_3mL4sQI2byZSN8=yvHly5o5fyP3h84K6G_T2AUi0gk; Hf0Pjp-DSxE9Av575dQ0UtIZPm4=1727417913; otTRaleSHwO5ofIElCiiijhfVFk=1727504313; meWWe2_espbdrxvUJHYxXvRB2Uo=CM76pA-ZlAOqg04ulzzxvwGM4_U; ZuEkyrklGF1CBRt5A7qtYcXb9O4=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; zEnEuj91S7R0AJxSrRV_wCsAUQA=1727417915; S-f7HVeKw3jZHc7j-xrPP51lHEE=1727504315; ZDbk1gXpcq4Sa0Y9D2ZondlRw74=xSwK5DLtLfziIvBBNjwsLzS6sts
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dobe.php?url=https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1 HTTP/1.1Host: ingenieriawj.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?username=stefan.bubestinger@hoerbiger.com HTTP/1.1Host: accounts.signform.usConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?username=stefan.bubestinger@hoerbiger.com HTTP/1.1Host: accounts.signform.usConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: 3555af0f-b98cbfac.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://accounts.signform.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://accounts.signform.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b98cbfac3b4f48f1a0cb583440b2d360/ HTTP/1.1Host: accounts.signform.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://accounts.signform.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="Sec-WebSocket-Key: 9oTOC+PO0iQbeQkc5dpruQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?username=stefan.bubestinger@hoerbiger.com&sso_reload=true HTTP/1.1Host: accounts.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: accounts.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: 3555af0f-b98cbfac.signform.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0 HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://accounts.signform.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /adfs/portal/css/style.css?id=3B1A0C704CDAE8ECD48AA8F0D50409D981CEF21D7AE6DC85B0797D270101B151 HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.png?id=ED67F68E42EDB0D1E6087D97445D46B2A475DAD7A6697670C1F161B419E5D2B4 HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.png?id=0C5D289F7460277C6F03A53FB814E3CB9DFED9A48038DB976535D9C1A7B89970 HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.png?id=ED67F68E42EDB0D1E6087D97445D46B2A475DAD7A6697670C1F161B419E5D2B4 HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.png?id=0C5D289F7460277C6F03A53FB814E3CB9DFED9A48038DB976535D9C1A7B89970 HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /dobe.php?url=https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1 HTTP/1.1Host: www.ingenieriawj.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: cnrsys.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: docu8ign.web.app
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: ingenieriawj.com
Source: global traffic	DNS traffic detected: DNS query: www.ingenieriawj.com
Source: global traffic	DNS traffic detected: DNS query: accounts.signform.us
Source: global traffic	DNS traffic detected: DNS query: 3555af0f-b98cbfac.signform.us
Source: global traffic	DNS traffic detected: DNS query: 69cde8a9-b98cbfac.signform.us
Source: global traffic	DNS traffic detected: DNS query: 134694a7-b98cbfac.signform.us

Source: unknown

HTTP traffic detected: POST /.jhg/ HTTP/1.1Host: cnrsys.comConnection: keep-aliveContent-Length: 22sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"InCYOsRyGtg7pOtfBseSx0TDQ: 46332950X-Requested-TimeStamp-Expire: sec-ch-ua-mobile: ?0X-Requested-TimeStamp-Combination: X-Requested-Type-Combination: GETContent-type: application/x-www-form-urlencodedX-Requested-Type: GETUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-Requested-with: XMLHttpRequestX-Requested-TimeStamp: sec-ch-ua-platform: "Windows"Accept: */*Origin: https://cnrsys.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://cnrsys.com/.jhg/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: McbEYet2v09v_3mL4sQI2byZSN8=yvHly5o5fyP3h84K6G_T2AUi0gk; Hf0Pjp-DSxE9Av575dQ0UtIZPm4=1727417913; otTRaleSHwO5ofIElCiiijhfVFk=1727504313; meWWe2_espbdrxvUJHYxXvRB2Uo=CM76pA-ZlAOqg04ulzzxvwGM4_U; ZuEkyrklGF1CBRt5A7qtYcXb9O4=cRrl2AzWkJYyEFavDJ0CEiHqe8Y

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 30066Cache-Control: max-age=3600Content-Type: text/html; charset=utf-8Etag: "f6455d71835b980547f2cea8f70e1fac5e21565ee98988421ebcb5927521f682"Last-Modified: Fri, 06 Sep 2024 08:18:30 GMTStrict-Transport-Security: max-age=31556926; includeSubDomains; preloadAccept-Ranges: bytesDate: Fri, 27 Sep 2024 06:18:38 GMTX-Served-By: cache-ewr-kewr1740027-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1727417919.719954,VS0,VE129Vary: x-fh-requested-host, accept-encodingalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 06:18:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 3d8a0cef-d42c-4b8d-8de6-6977fa5ea400x-ms-ests-server: 2.1.18947.4 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://134694a7-b98cbfac.signform.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 06:18:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 4ccb32c1-9787-4530-9ca7-f257a03d9700x-ms-ests-server: 2.1.18947.4 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://134694a7-b98cbfac.signform.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 06:18:57 GMTContent-Type: text/html; charset=us-asciiContent-Length: 256Connection: closevary: Accept-Encodingcontent-encoding: gzipaccess-control-allow-origin: access-control-allow-headers:

Source: chromecache_103.2.dr, chromecache_81.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_103.2.dr, chromecache_81.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficc
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqx
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90b
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_1
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js
Source: chromecache_86.2.dr	String found in binary or memory: https://docu8ign.web.app/$
Source: chromecache_83.2.dr, chromecache_103.2.dr, chromecache_85.2.dr, chromecache_81.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_77.2.dr	String found in binary or memory: https://ingenieriawj.com/dobe.php?url=
Source: chromecache_77.2.dr	String found in binary or memory: https://login.live.com/Me.htm?v=3
Source: chromecache_79.2.dr, chromecache_92.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_77.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/login
Source: chromecache_77.2.dr	String found in binary or memory: https://login.microsoftonline.com/jsdisabled
Source: chromecache_79.2.dr, chromecache_92.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49729 version: TLS 1.2

Source: classification engine

Classification label: mal96.phis.win@20/52@34/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,1171109190669764174,17585143211424108510,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,1171109190669764174,17585143211424108510,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
199.36.158.100	docu8ign.web.app	United States	15169	GOOGLEUS	false
149.56.200.84	ingenieriawj.com	Canada	16276	OVHFR	false
206.206.125.198	69cde8a9-b98cbfac.signform.us	United States	13332	HYPEENT-SJUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	cnrsys.com	European Union	13335	CLOUDFLARENETUS	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6
192.168.2.5

Contacted Domains

Name	IP	Active
69cde8a9-b98cbfac.signform.us	206.206.125.198	true
a.nel.cloudflare.com	35.190.80.1	true
134694a7-b98cbfac.signform.us	206.206.125.198	true
accounts.signform.us	206.206.125.198	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
3555af0f-b98cbfac.signform.us	206.206.125.198	true
sni1gl.wpc.omegacdn.net	152.199.21.175	true
www.google.com	142.250.186.164	true
ingenieriawj.com	149.56.200.84	true
docu8ign.web.app	199.36.158.100	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
cnrsys.com	188.114.96.3	true
windowsupdatebg.s.llnwi.net	46.228.146.128	true
www.ingenieriawj.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.com#/common/oauth2/authorize?client_id=0.45184072966307-0ff1-0.062128664488964&auth=1-0.95789965379885	false		unknown
https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1	false	Avira URL Cloud: safe	unknown
https://cnrsys.com/.jhg/	true	Avira URL Cloud: phishing	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js	false	Avira URL Cloud: safe	unknown
https://69cde8a9-b98cbfac.signform.us/favicon.ico	true	Avira URL Cloud: safe	unknown
https://cnrsys.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	true	Avira URL Cloud: phishing	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	false	Avira URL Cloud: safe	unknown
https://cnrsys.com/cdn-cgi/challenge-platform/h/g/jsd/r/8c9960913bc242c7	false	Avira URL Cloud: phishing	unknown
https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0#	true		unknown
https://a.nel.cloudflare.com/report/v4?s=YMLOLPGSRSsmwqIpR3fASjuCOZFyw2vqRj30ILIMSrYqMs%2BSqnDEjfXqZcDkX7Ba3r%2Bnd0eB9RJep02H0bLqRSKLTKeluxI%2FFC6uy6lWSfTwTYgQT%2FO0KIiV436O	false	Avira URL Cloud: safe	unknown
https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.com	true	Avira URL Cloud: safe	unknown
https://accounts.signform.us/favicon.ico	true	Avira URL Cloud: safe	unknown
https://69cde8a9-b98cbfac.signform.us/adfs/portal/logo/logo.png?id=ED67F68E42EDB0D1E6087D97445D46B2A475DAD7A6697670C1F161B419E5D2B4	true	Avira URL Cloud: safe	unknown
https://accounts.signform.us/common/instrumentation/reportbssotelemetry?hpgid=6&hpgact=2101&client-request-id=3a0a2696-c8bc-49cf-8889-338545843932&hpgrequestid=02e5502b-6a80-4091-90bd-8fa0da3eb300	true	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js	false	Avira URL Cloud: safe	unknown
https://cnrsys.com/cdn-cgi/challenge-platform/h/g/jsd/r/8c99609c4fe34276	false	Avira URL Cloud: phishing	unknown
https://134694a7-b98cbfac.signform.us/api/report?catId=GW+estsfd+ams2	true	Avira URL Cloud: safe	unknown
https://ingenieriawj.com/dobe.php?url=https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=ZXLKTnD3NvmH3q%2BrR84lxrDyALoZ9B34Rs29sdUWQ2cB1BnFFlAvE%2Bt%2FFSnUcL9vr6%2FKoFU4KyJUf4x5lcItQ1VRMj1H5WDLXrx%2FWoyGZqE%2F%2FrPPc8zysNvO2UKa	false	Avira URL Cloud: safe	unknown
https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0	true	Avira URL Cloud: safe	unknown
https://accounts.signform.us/b98cbfac3b4f48f1a0cb583440b2d360/	true	Avira URL Cloud: safe	unknown
http://www.ingenieriawj.com/dobe.php?url=https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css	false	Avira URL Cloud: safe	unknown
https://69cde8a9-b98cbfac.signform.us/adfs/portal/css/style.css?id=3B1A0C704CDAE8ECD48AA8F0D50409D981CEF21D7AE6DC85B0797D270101B151	true	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	false	Avira URL Cloud: safe	unknown
https://69cde8a9-b98cbfac.signform.us/adfs/portal/illustration/illustration.png?id=0C5D289F7460277C6F03A53FB814E3CB9DFED9A48038DB976535D9C1A7B89970	true	Avira URL Cloud: safe	unknown
https://cnrsys.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?	false	Avira URL Cloud: phishing	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js	false	Avira URL Cloud: safe	unknown
https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1#40444/docu8ign.web.app/user/settings/notification-4e0rr70db9ec/oauth2/_3TUE34aDfFZ4KFYPT2LS/redirecting_to_organisation	true		unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js	false	Avira URL Cloud: safe	unknown
https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.com&sso_reload=true	true	Avira URL Cloud: safe	unknown
https://3555af0f-b98cbfac.signform.us/shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js	true	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:18:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	4E3561E0991B27438E268F04C42F131F	DA99C2918A0F652203B777752B76CB01356BA3B5	C206214BA6102C2F92A9B74DF04D46C532CB08F8A12B61D4773F95C5A0019D1C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:18:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	53B8B574A5906C2F21DE5197E4F62650	D6B179189484755927E829F2228DD85CDD9ED451	95B6FD738694C46C09879BB0CF8906F5FF02C0AF7DB70FC03A24950E382D8AEB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	CED86AFC5448B14803F2C4FBED7533DD	DFB379E9078761D358465E72685AD2A77247503C	FAE73CAA32A2A220C87BF0E648DF1D93D1F8AA1D29526BA8BA6C85041488EFAB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:18:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	53631737C3C2B5CB1829BED649BFEB7D	ADDDA86ECB724C72A3C62868313750F6F4576BFB	B671EC6BAAC6956DD60BCA57840ADF97F5D74BEB0673ABBAC883DF5ACA44E10B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:18:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	ACA2AC11A084487019E88B531A545FDC	7C010A4EA59C7DBF52FEBA1A28132F66C9C84F7D	1B443629163C3A2DE24437CD1CC6291FA363C9D22F9AB72139D9E9FFC62EBCE9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:18:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	5EDCD7A2F666A128017E32952AEAEDC5	67B5F16D88BBFDC354A2E2C265AF09B27641AE9F	9715E7F91F44CB2358DCE3A2D484827787C26A33A8AABA9D1E7BE7F9D7A207A1
Chrome Cache Entry: 100	ASCII text, with very long lines (49529)	CFA8BA56849C0B404D176F121879730A	5B7876A7D7EDCB703A0854F0011DE1EE01183EC9	235B558B77AB36F63C1439A68AC2410AAF8F42F7B9C93C0BFDC9AF662ABAB8B6
Chrome Cache Entry: 101	gzip compressed data, from Unix, original size modulo 2^32 141803	958EE3414979B72E04E61F10ADE44C80	355FA38C1593BE8CED09B8C6656F28A2CCD1692D	8FC0A13E838EAB447C76FE18A907E4EB69C923E2DD35174F08DA7ECC28C5042F
Chrome Cache Entry: 102	PNG image data, 1420 x 1080, 8-bit/color RGB, non-interlaced	AF05462B2AE350481A9CED3D7F28F168	694284605ADE02E82B57EBBE071431D6803360C2	0C5D289F7460277C6F03A53FB814E3CB9DFED9A48038DB976535D9C1A7B89970
Chrome Cache Entry: 103	ASCII text, with very long lines (64616)	6BA3DE22069F4A77AEA2EA31FAA53938	05DEA88E8D1F201378424DB6F51EF190950EB522	CE768E83BE373F5303CE3117CBA6E60874A328C5FB740FB4DBC14989105E0A0D
Chrome Cache Entry: 104	Unicode text, UTF-8 text, with very long lines (32002)	FA18DC190C5F6455340B0CDB2DA083A9	7ADE83BA171ABEE5803D093CCA708D45954EB4FA	A423AC7E2310BC44A1DEFEB1F6DF180CAB8A59442E7F41D093F21649FCC86E69
Chrome Cache Entry: 77	HTML document, ASCII text, with very long lines (1101)	9768C09792F81509B6B6649B42C246A5	1C4D0F954BC6303EFF8E37BCC6E1BC549BA0D378	E211E26FA2C01976590A1414CEED7F63DD6169938772F80F08470442CA326A98
Chrome Cache Entry: 78	PNG image data, 260 x 35, 8-bit/color RGBA, non-interlaced	D51552C81BCCD2272BA876356395AF5B	D8A0FC6D4198DEBB810BCA3A9D1DF929EE637C95	ED67F68E42EDB0D1E6087D97445D46B2A475DAD7A6697670C1F161B419E5D2B4
Chrome Cache Entry: 79	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators	CB06E9A552B197D5C0EA600B431A3407	04E167433F2F1038C78F387F8A166BB6542C2008	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
Chrome Cache Entry: 80	PNG image data, 1420 x 1080, 8-bit/color RGB, non-interlaced	AF05462B2AE350481A9CED3D7F28F168	694284605ADE02E82B57EBBE071431D6803360C2	0C5D289F7460277C6F03A53FB814E3CB9DFED9A48038DB976535D9C1A7B89970
Chrome Cache Entry: 81	ASCII text, with very long lines (64616)	6BA3DE22069F4A77AEA2EA31FAA53938	05DEA88E8D1F201378424DB6F51EF190950EB522	CE768E83BE373F5303CE3117CBA6E60874A328C5FB740FB4DBC14989105E0A0D
Chrome Cache Entry: 82	PNG image data, 260 x 35, 8-bit/color RGBA, non-interlaced	D51552C81BCCD2272BA876356395AF5B	D8A0FC6D4198DEBB810BCA3A9D1DF929EE637C95	ED67F68E42EDB0D1E6087D97445D46B2A475DAD7A6697670C1F161B419E5D2B4
Chrome Cache Entry: 83	ASCII text, with very long lines (14442)	EF8B670E11BA41BCA22629AE914377E0	AD19924E781747B81A8E3116B98C8B2FE2D9B83B	2B3DF4D53882FBA74216D365E7344C782145F2FAF8E08A2D69C548F5FBC7FBF5
Chrome Cache Entry: 84	gzip compressed data, from Unix, original size modulo 2^32 315	554EE433F6E24995619C11375209439C	EAA950B21275644989D84B22F6644AF9F4F240C1	9D8F2ED25D84DF87564EB3D08B8501252586FBCDE5F63FA1059E17317199D49E
Chrome Cache Entry: 85	ASCII text, with very long lines (14442)	EF8B670E11BA41BCA22629AE914377E0	AD19924E781747B81A8E3116B98C8B2FE2D9B83B	2B3DF4D53882FBA74216D365E7344C782145F2FAF8E08A2D69C548F5FBC7FBF5
Chrome Cache Entry: 86	HTML document, ASCII text, with very long lines (945)	D32D315F024B1C1C22B3CE897AE72F15	DB15C32C91BD31977B775C7DD3501D87AAE38B63	A09D2AB1792E4F33922F34A128FAF7B91771CA856B7CA5B97D8CA878633BA3CE
Chrome Cache Entry: 87	ASCII text, with very long lines (8095), with no line terminators	39CE029E27FDFD3729A6C644579435FE	14132237B89B5319A907E2DE41912F3F84F740B6	F9B45D07836B8CAC27171F7A14A1BCA43D03D5222FF9D8AC0B855D33EC3816F1
Chrome Cache Entry: 88	gzip compressed data, from Unix, original size modulo 2^32 10462	BE1B3D03896D9534FE2B09F7B4FD823C	0F2E4BB87F35057FB7744C2659876FCB4F8F9884	BDDA821EB8C7C9D65AD353A0C520B4AA1A9225263622D53E45B3D86CD63716C7
Chrome Cache Entry: 89	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 90	ASCII text, with very long lines (49529)	CFA8BA56849C0B404D176F121879730A	5B7876A7D7EDCB703A0854F0011DE1EE01183EC9	235B558B77AB36F63C1439A68AC2410AAF8F42F7B9C93C0BFDC9AF662ABAB8B6
Chrome Cache Entry: 91	ASCII text, with very long lines (61177)	29F1D1172158F929B64CC926E4521C0B	AF19579C25EBBFD3BBC82A5AB77479647FE02AB8	8B6A3B17737161E5FE8C29E401372A94B8E650226CF0CD17B4C3C4DE5B380B11
Chrome Cache Entry: 92	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators	CB06E9A552B197D5C0EA600B431A3407	04E167433F2F1038C78F387F8A166BB6542C2008	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
Chrome Cache Entry: 93	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 94	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 95	ASCII text, with very long lines (7960), with no line terminators	AA9DFD4E8F89119E4BE31A1DD7360FDA	6BB39CC08C16632A708CD5531DD56CDD3756D70D	80707ADDB1E400294A8B15C00C79A77ECF580FBB846ACE38CF07D3849A15D33D
Chrome Cache Entry: 96	Unicode text, UTF-8 text, with very long lines (32002)	FA18DC190C5F6455340B0CDB2DA083A9	7ADE83BA171ABEE5803D093CCA708D45954EB4FA	A423AC7E2310BC44A1DEFEB1F6DF180CAB8A59442E7F41D093F21649FCC86E69
Chrome Cache Entry: 97	gzip compressed data, from Unix, original size modulo 2^32 141803	958EE3414979B72E04E61F10ADE44C80	355FA38C1593BE8CED09B8C6656F28A2CCD1692D	8FC0A13E838EAB447C76FE18A907E4EB69C923E2DD35174F08DA7ECC28C5042F
Chrome Cache Entry: 98	ASCII text, with no line terminators	C63BBD329146AA451DFCD7D4CD572DF5	6DEFC8FED9CD924EF3946AB5A64C472C0D998E8D	22993D2C8488DBF170D5C18CD16A5F40539C17AADBF97BA58360EFB296539335
Chrome Cache Entry: 99	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://cnrsys.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	Avira URL Cloud: Label: phishing
Source: https://cnrsys.com/.jhg/	Avira URL Cloud: Label: phishing
Source: https://cnrsys.com/cdn-cgi/challenge-platform/h/g/jsd/r/8c9960913bc242c7	Avira URL Cloud: Label: phishing
Source: https://cnrsys.com/cdn-cgi/challenge-platform/h/g/jsd/r/8c99609c4fe34276	Avira URL Cloud: Label: phishing
Source: https://cnrsys.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Yara detected HtmlPhish29

Source: Yara match

File source: 4.0.pages.csv, type: HTML

Yara detected HtmlPhish54

Source: Yara match	File source: 10.24.id.script.csv, type: HTML
Source: Yara match	File source: 10.3.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

Detected hidden input values containing email addresses (often used in phishing pages)

HTTP Parser: stefan.bubestinger@hoerbiger.com

Form action URLs do not match main URL

HTTP Parser: Form action: https://login.microsoftonline.com/common/login web microsoftonline

Found iframes

HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

HTML body contains low number of good links

Source: https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1#40444/docu8ign.web.app/user/settings/notification-4e0rr70db9ec/oauth2/_3TUE34aDfFZ4KFYPT2LS/redirecting_to_organisation	HTTP Parser: Number of links: 0
Source: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0#	HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.com#/common/oauth2/authorize?client_id=0.45184072966307-0ff1-0.062128664488964&auth=1-0.95789965379885

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

HTML title does not match URL

HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.com#/common/oauth2/authorize?client_id=0.45184072966307-0ff1-0.062128664488964&auth=1-0.95789965379885	HTTP Parser: No favicon
Source: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0#	HTTP Parser: No favicon

Source: https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1#40444/docu8ign.web.app/user/settings/notification-4e0rr70db9ec/oauth2/_3TUE34aDfFZ4KFYPT2LS/redirecting_to_organisation	HTTP Parser: No <meta name="author".. found
Source: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0#	HTTP Parser: No <meta name="author".. found

Source: https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1#40444/docu8ign.web.app/user/settings/notification-4e0rr70db9ec/oauth2/_3TUE34aDfFZ4KFYPT2LS/redirecting_to_organisation	HTTP Parser: No <meta name="copyright".. found
Source: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0#	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49729 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 206.206.125.198:443 -> 192.168.2.5:49751

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /.jhg/ HTTP/1.1Host: cnrsys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: cnrsys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: McbEYet2v09v_3mL4sQI2byZSN8=yvHly5o5fyP3h84K6G_T2AUi0gk; Hf0Pjp-DSxE9Av575dQ0UtIZPm4=1727417913; otTRaleSHwO5ofIElCiiijhfVFk=1727504313; meWWe2_espbdrxvUJHYxXvRB2Uo=CM76pA-ZlAOqg04ulzzxvwGM4_U; ZuEkyrklGF1CBRt5A7qtYcXb9O4=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /.jhg/ HTTP/1.1Host: cnrsys.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://cnrsys.com/.jhg/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: McbEYet2v09v_3mL4sQI2byZSN8=yvHly5o5fyP3h84K6G_T2AUi0gk; Hf0Pjp-DSxE9Av575dQ0UtIZPm4=1727417913; otTRaleSHwO5ofIElCiiijhfVFk=1727504313; meWWe2_espbdrxvUJHYxXvRB2Uo=CM76pA-ZlAOqg04ulzzxvwGM4_U; ZuEkyrklGF1CBRt5A7qtYcXb9O4=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; zEnEuj91S7R0AJxSrRV_wCsAUQA=1727417915; S-f7HVeKw3jZHc7j-xrPP51lHEE=1727504315; ZDbk1gXpcq4Sa0Y9D2ZondlRw74=xSwK5DLtLfziIvBBNjwsLzS6sts
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js? HTTP/1.1Host: cnrsys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: McbEYet2v09v_3mL4sQI2byZSN8=yvHly5o5fyP3h84K6G_T2AUi0gk; Hf0Pjp-DSxE9Av575dQ0UtIZPm4=1727417913; otTRaleSHwO5ofIElCiiijhfVFk=1727504313; meWWe2_espbdrxvUJHYxXvRB2Uo=CM76pA-ZlAOqg04ulzzxvwGM4_U; ZuEkyrklGF1CBRt5A7qtYcXb9O4=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; zEnEuj91S7R0AJxSrRV_wCsAUQA=1727417915; S-f7HVeKw3jZHc7j-xrPP51lHEE=1727504315; ZDbk1gXpcq4Sa0Y9D2ZondlRw74=xSwK5DLtLfziIvBBNjwsLzS6sts
Source: global traffic	HTTP traffic detected: GET /5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1 HTTP/1.1Host: docu8ign.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://cnrsys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://docu8ign.web.appsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://docu8ign.web.appsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://docu8ign.web.appsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js? HTTP/1.1Host: cnrsys.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: McbEYet2v09v_3mL4sQI2byZSN8=yvHly5o5fyP3h84K6G_T2AUi0gk; Hf0Pjp-DSxE9Av575dQ0UtIZPm4=1727417913; otTRaleSHwO5ofIElCiiijhfVFk=1727504313; meWWe2_espbdrxvUJHYxXvRB2Uo=CM76pA-ZlAOqg04ulzzxvwGM4_U; ZuEkyrklGF1CBRt5A7qtYcXb9O4=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; zEnEuj91S7R0AJxSrRV_wCsAUQA=1727417915; S-f7HVeKw3jZHc7j-xrPP51lHEE=1727504315; ZDbk1gXpcq4Sa0Y9D2ZondlRw74=xSwK5DLtLfziIvBBNjwsLzS6sts
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/8c99609c4fe34276 HTTP/1.1Host: cnrsys.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: McbEYet2v09v_3mL4sQI2byZSN8=yvHly5o5fyP3h84K6G_T2AUi0gk; Hf0Pjp-DSxE9Av575dQ0UtIZPm4=1727417913; otTRaleSHwO5ofIElCiiijhfVFk=1727504313; meWWe2_espbdrxvUJHYxXvRB2Uo=CM76pA-ZlAOqg04ulzzxvwGM4_U; ZuEkyrklGF1CBRt5A7qtYcXb9O4=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; zEnEuj91S7R0AJxSrRV_wCsAUQA=1727417915; S-f7HVeKw3jZHc7j-xrPP51lHEE=1727504315; ZDbk1gXpcq4Sa0Y9D2ZondlRw74=xSwK5DLtLfziIvBBNjwsLzS6sts
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dobe.php?url=https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1 HTTP/1.1Host: ingenieriawj.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://docu8ign.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?username=stefan.bubestinger@hoerbiger.com HTTP/1.1Host: accounts.signform.usConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?username=stefan.bubestinger@hoerbiger.com HTTP/1.1Host: accounts.signform.usConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: 3555af0f-b98cbfac.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://accounts.signform.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://accounts.signform.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b98cbfac3b4f48f1a0cb583440b2d360/ HTTP/1.1Host: accounts.signform.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://accounts.signform.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="Sec-WebSocket-Key: 9oTOC+PO0iQbeQkc5dpruQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?username=stefan.bubestinger@hoerbiger.com&sso_reload=true HTTP/1.1Host: accounts.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: accounts.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: 3555af0f-b98cbfac.signform.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0 HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://accounts.signform.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /adfs/portal/css/style.css?id=3B1A0C704CDAE8ECD48AA8F0D50409D981CEF21D7AE6DC85B0797D270101B151 HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.png?id=ED67F68E42EDB0D1E6087D97445D46B2A475DAD7A6697670C1F161B419E5D2B4 HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.png?id=0C5D289F7460277C6F03A53FB814E3CB9DFED9A48038DB976535D9C1A7B89970 HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.png?id=ED67F68E42EDB0D1E6087D97445D46B2A475DAD7A6697670C1F161B419E5D2B4 HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.png?id=0C5D289F7460277C6F03A53FB814E3CB9DFED9A48038DB976535D9C1A7B89970 HTTP/1.1Host: 69cde8a9-b98cbfac.signform.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qCAVv7="Yjk4Y2JmYWMtM2I0Zi00OGYxLWEwY2ItNTgzNDQwYjJkMzYwOmNhNzNiNTEyLTY3MzQtNDRkOC04OTE5LTJmOTE5MzZhYThhMQ=="
Source: global traffic	HTTP traffic detected: GET /dobe.php?url=https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1 HTTP/1.1Host: www.ingenieriawj.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: cnrsys.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: docu8ign.web.app
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: ingenieriawj.com
Source: global traffic	DNS traffic detected: DNS query: www.ingenieriawj.com
Source: global traffic	DNS traffic detected: DNS query: accounts.signform.us
Source: global traffic	DNS traffic detected: DNS query: 3555af0f-b98cbfac.signform.us
Source: global traffic	DNS traffic detected: DNS query: 69cde8a9-b98cbfac.signform.us
Source: global traffic	DNS traffic detected: DNS query: 134694a7-b98cbfac.signform.us

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 30066Cache-Control: max-age=3600Content-Type: text/html; charset=utf-8Etag: "f6455d71835b980547f2cea8f70e1fac5e21565ee98988421ebcb5927521f682"Last-Modified: Fri, 06 Sep 2024 08:18:30 GMTStrict-Transport-Security: max-age=31556926; includeSubDomains; preloadAccept-Ranges: bytesDate: Fri, 27 Sep 2024 06:18:38 GMTX-Served-By: cache-ewr-kewr1740027-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1727417919.719954,VS0,VE129Vary: x-fh-requested-host, accept-encodingalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 06:18:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 3d8a0cef-d42c-4b8d-8de6-6977fa5ea400x-ms-ests-server: 2.1.18947.4 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://134694a7-b98cbfac.signform.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 06:18:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 4ccb32c1-9787-4530-9ca7-f257a03d9700x-ms-ests-server: 2.1.18947.4 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://134694a7-b98cbfac.signform.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 06:18:57 GMTContent-Type: text/html; charset=us-asciiContent-Length: 256Connection: closevary: Accept-Encodingcontent-encoding: gzipaccess-control-allow-origin: access-control-allow-headers:

Source: chromecache_103.2.dr, chromecache_81.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_103.2.dr, chromecache_81.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficc
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqx
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90b
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_1
Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js
Source: chromecache_86.2.dr	String found in binary or memory: https://docu8ign.web.app/$
Source: chromecache_83.2.dr, chromecache_103.2.dr, chromecache_85.2.dr, chromecache_81.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_77.2.dr	String found in binary or memory: https://ingenieriawj.com/dobe.php?url=
Source: chromecache_77.2.dr	String found in binary or memory: https://login.live.com/Me.htm?v=3
Source: chromecache_79.2.dr, chromecache_92.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_77.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/login
Source: chromecache_77.2.dr	String found in binary or memory: https://login.microsoftonline.com/jsdisabled
Source: chromecache_79.2.dr, chromecache_92.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49729 version: TLS 1.2

Source: classification engine

Classification label: mal96.phis.win@20/52@34/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,1171109190669764174,17585143211424108510,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,1171109190669764174,17585143211424108510,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1520327
Product:	CloudBasic
Start time:	08:17:38
Start date:	27.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1