Windows Analysis Report
https://palomaestro1211.github.io/microsoftlogin/

Overview

General Information

Sample URL:	https://palomaestro1211.github.io/microsoftlogin/
Analysis ID:	1521119
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected HtmlPhish64

Form action URLs do not match main URL

Found iframes

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Invalid 'forgot password' link found

Stores files to the Windows start menu directory

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://palomaestro1211.github.io/microsoftlogin/

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Multi AV Scanner detection for domain / URL

Source: palomaestro1211.github.io

Virustotal: Detection: 7%

Perma Link

Multi AV Scanner detection for submitted file

Source: https://palomaestro1211.github.io/microsoftlogin/

Virustotal: Detection: 5%

Perma Link

Phishing

Yara detected HtmlPhish64

Source: Yara match

File source: 3.0.pages.csv, type: HTML

Form action URLs do not match main URL

Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0

HTTP Parser: Form action: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877689952661.ZTAzZDM4NTItMTU1MC00ZGEzLTg0MGYtNzg0ZTAwMGQ5OGQwNGI1Zjc3YWYtMjU4MS00ZmVhLWIxNGMtOWMxNDNlNzk0ZmQ5&prompt=none&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL1rGRxz1Qa6V8xBjJTTStzmnyuJNSl1suC5yHePBlGLndHJJN9iFKklNt0tnlpaBNtaCfhYEevYuB4-XvBdyAD3ftK0cP916NkTul_2tRHN8HYSXunUDFcD1w6NDYe-OYw3pa69sxmSuNBjkHPD3h6XwBlytPMPYdXoR4tJiEvMYTjOckScgBgBVgHzAjzd81j_Wd0EYvI6MnfcRgULyHYb-RqTtHbaAL0zJ-Sve_EFAyHoYzcfB6PgIm9B6Ed-b6aR_8uQUwsOhf-wC8L9BnK-bASJQRAfaMt9db4v9WIlHyi20JMK-Ff42w7aJukHVKoQS1h96QK-cJYWmJ9J46ic&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0&sso_reload=true microsoft microsoftonline

Found iframes

Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

HTML body contains low number of good links

Source: https://palomaestro1211.github.io/microsoftlogin/	HTTP Parser: Number of links: 0
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://palomaestro1211.github.io/microsoftlogin/

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden javascript code

Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0

HTTP Parser: Base64 decoded: e03d3852-1550-4da3-840f-784e000d98d04b5f77af-2581-4fea-b14c-9c143e794fd9

HTML title does not match URL

Source: https://palomaestro1211.github.io/microsoftlogin/	HTTP Parser: Title: Sign in to your Microsoft account does not match URL
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: Title: Sign in to your account does not match URL

Invalid 'forgot password' link found

Source: https://palomaestro1211.github.io/microsoftlogin/

HTTP Parser: Invalid link: Forgot password?

Source: https://palomaestro1211.github.io/microsoftlogin/	HTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: <input type="password" .../> found

Source: https://signup.live.com/?lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/?lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/?lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/?lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/?lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/?lic=1	HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No favicon

Source: https://palomaestro1211.github.io/microsoftlogin/	HTTP Parser: No <meta name="author".. found
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No <meta name="author".. found
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: No <meta name="author".. found

Source: https://palomaestro1211.github.io/microsoftlogin/	HTTP Parser: No <meta name="copyright".. found
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No <meta name="copyright".. found
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.189.173.20:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49746 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 39MB

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /microsoftlogin/ HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/css/styles.min.css HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://palomaestro1211.github.io/microsoftlogin/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://palomaestro1211.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://palomaestro1211.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/line-awesome/1.1/css/line-awesome.min.css HTTP/1.1Host: maxcdn.icons8.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://palomaestro1211.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/img/stertile.png HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://palomaestro1211.github.io/microsoftlogin/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/js/script.min.js HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://palomaestro1211.github.io/microsoftlogin/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://palomaestro1211.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/img/background.png HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://palomaestro1211.github.io/microsoftlogin/assets/css/styles.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/line-awesome/1.1/fonts/line-awesome.woff2?v=1.1. HTTP/1.1Host: maxcdn.icons8.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://palomaestro1211.github.iosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://maxcdn.icons8.com/fonts/line-awesome/1.1/css/line-awesome.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/img/stertile.png HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/js/script.min.js HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/img/favicon32.svg HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://palomaestro1211.github.io/microsoftlogin/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/img/background.png HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/img/favicon32.svg HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_l7exbVZEGzG2v4FeAaRSUA2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_l7exbVZEGzG2v4FeAaRSUA2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_l7exbVZEGzG2v4FeAaRSUA2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=64596b30-7d42-11ef-a7dd-d78ef7f1d590 HTTP/1.1Host: stk.hsprotect.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://msft.hsprotect.netSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://msft.hsprotect.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=64596b30-7d42-11ef-a7dd-d78ef7f1d590 HTTP/1.1Host: stk.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/FetchSessions_Core_VRFGv7Cn5qZDpUQIsx-pnA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000/content/js/MeControl_byKfhfjpuoP7eXmeHHGYoA2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/FetchSessions_Core_VRFGv7Cn5qZDpUQIsx-pnA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000/content/js/MeControl_byKfhfjpuoP7eXmeHHGYoA2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_198.2.dr

String found in binary or memory: * Facebook [ https://www.facebook.com/Icons8 ] equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: palomaestro1211.github.io
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: use.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.icons8.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: signup.live.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: fpt.live.com
Source: global traffic	DNS traffic detected: DNS query: msft.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: client.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: stk.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: collector-pxzc5j78di.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: support.content.office.net
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: mem.gfx.ms
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: acctcdn.msftauth.net

Source: unknown

HTTP traffic detected: POST /Telemetry.Request HTTP/1.1Connection: Keep-AliveUser-Agent: MSDWMSA_DeviceTicket_Error: 0x80004004Content-Length: 5110Host: umwatson.events.data.microsoft.com

Source: chromecache_227.2.dr, chromecache_247.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_283.2.dr, chromecache_253.2.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_159.2.dr, chromecache_278.2.dr, chromecache_167.2.dr, chromecache_231.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_159.2.dr, chromecache_278.2.dr, chromecache_167.2.dr, chromecache_231.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_281.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: chromecache_281.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css
Source: chromecache_281.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js
Source: chromecache_267.2.dr	String found in binary or memory: https://client.hsprotect.net/PXzC5j78di/main.min.js
Source: chromecache_208.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_208.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_189.2.dr	String found in binary or memory: https://fpt.live.com/
Source: chromecache_213.2.dr, chromecache_233.2.dr, chromecache_238.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_198.2.dr	String found in binary or memory: https://github.com/FontCustom/fontcustom
Source: chromecache_286.2.dr, chromecache_227.2.dr, chromecache_159.2.dr, chromecache_278.2.dr, chromecache_167.2.dr, chromecache_193.2.dr, chromecache_256.2.dr, chromecache_231.2.dr, chromecache_247.2.dr, chromecache_186.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_198.2.dr	String found in binary or memory: https://github.com/icons8
Source: chromecache_213.2.dr, chromecache_233.2.dr, chromecache_238.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_233.2.dr, chromecache_238.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_198.2.dr	String found in binary or memory: https://icons8.com/
Source: chromecache_198.2.dr	String found in binary or memory: https://icons8.com/contact
Source: chromecache_198.2.dr	String found in binary or memory: https://icons8.com/good-boy-license/
Source: chromecache_198.2.dr	String found in binary or memory: https://icons8.com/line-awesome
Source: chromecache_166.2.dr, chromecache_153.2.dr, chromecache_150.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_166.2.dr, chromecache_153.2.dr, chromecache_150.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_281.2.dr	String found in binary or memory: https://maxcdn.icons8.com/fonts/line-awesome/1.1/css/line-awesome.min.css
Source: chromecache_252.2.dr, chromecache_277.2.dr	String found in binary or memory: https://palomaestro1211.github.io/yougotphished/
Source: chromecache_198.2.dr	String found in binary or memory: https://plus.google.com/
Source: chromecache_281.2.dr	String found in binary or memory: https://signup.live.com/?lic=1
Source: chromecache_198.2.dr	String found in binary or memory: https://twitter.com/icons_8
Source: chromecache_281.2.dr	String found in binary or memory: https://use.fontawesome.com/releases/v5.12.0/css/all.css

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 20.189.173.20:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49746 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@25/235@72/14

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2312,i,4350751207003056008,12659932731048082581,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://palomaestro1211.github.io/microsoftlogin/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2312,i,4350751207003056008,12659932731048082581,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.42	s-part-0014.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
35.190.10.96	inbound-weighted.protechts.net	United States	15169	GOOGLEUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.107.199.61	stk.hsprotect.net	United States	15169	GOOGLEUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
185.199.109.153	unknown	Netherlands	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
212.102.56.178	1220595937.rsc.cdn77.org	Italy	60068	CDN77GB	false
152.199.21.175	sni1gl.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
185.199.108.153	palomaestro1211.github.io	Netherlands	54113	FASTLYUS	false

Private

IP
192.168.2.6
192.168.2.5

Contacted Domains

Name	IP	Active
sni1gl.wpc.alphacdn.net	152.199.21.175	true
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true
palomaestro1211.github.io	185.199.108.153	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
s-part-0029.t-0009.t-msedge.net	13.107.246.57	true
s-part-0014.t-0009.t-msedge.net	13.107.246.42	true
inbound-weighted.protechts.net	35.190.10.96	true
cdnjs.cloudflare.com	104.17.24.14	true
sni1gl.wpc.omegacdn.net	152.199.21.175	true
www.google.com	142.250.185.132	true
stk.hsprotect.net	34.107.199.61	true
1220595937.rsc.cdn77.org	212.102.56.178	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
js.monitor.azure.com	unknown	unknown
signup.live.com	unknown	unknown
collector-pxzc5j78di.hsprotect.net	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
logincdn.msftauth.net	unknown	unknown
mem.gfx.ms	unknown	unknown
use.fontawesome.com	unknown	unknown
client.hsprotect.net	unknown	unknown
c.s-microsoft.com	unknown	unknown
maxcdn.icons8.com	unknown	unknown
msft.hsprotect.net	unknown	unknown
support.content.office.net	unknown	unknown
login.microsoftonline.com	unknown	unknown
fpt.live.com	unknown	unknown
acctcdn.msftauth.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://palomaestro1211.github.io/microsoftlogin/assets/js/script.min.js	true		unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/FetchSessions_Core_VRFGv7Cn5qZDpUQIsx-pnA2.js	false	0%, Virustotal, Browse	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	false	0%, Virustotal, Browse	unknown
https://palomaestro1211.github.io/microsoftlogin/assets/img/background.png	true		unknown
https://palomaestro1211.github.io/microsoftlogin/assets/img/stertile.png	true		unknown
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	false	0%, Virustotal, Browse	unknown
https://logincdn.msftauth.net/shared/5/js/signup-fabric_en_l7exbVZEGzG2v4FeAaRSUA2.js	false		unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js	false		unknown
https://palomaestro1211.github.io/microsoftlogin/assets/img/favicon32.svg	true		unknown
https://collector-pxzc5j78di.hsprotect.net/api/v2/msft	false		unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false		unknown
https://stk.hsprotect.net/ns?c=64596b30-7d42-11ef-a7dd-d78ef7f1d590	false		unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js	false		unknown
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js	false		unknown
https://logincdn.msftauth.net/16.000/content/js/MeControl_byKfhfjpuoP7eXmeHHGYoA2.js	false		unknown
https://logincdn.msftauth.net/shared/5/images/2_bc3d32a696895f78c19d.svg	false		unknown
https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js	false		unknown
https://palomaestro1211.github.io/microsoftlogin/	true		unknown
https://signup.live.com/?lic=1	false		unknown
https://mem.gfx.ms/scripts/me/MeControl/10.24228.4/en-US/meCore.min.js	false		unknown
https://palomaestro1211.github.io/microsoftlogin/assets/css/styles.min.css	true		unknown
https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1	false		unknown
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js	false		unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	false		unknown
https://maxcdn.icons8.com/fonts/line-awesome/1.1/css/line-awesome.min.css	false		unknown
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css	false		unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js	false		unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif	false		unknown
https://maxcdn.icons8.com/fonts/line-awesome/1.1/fonts/line-awesome.woff2?v=1.1.	false		unknown
https://logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg	false		unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif	false		unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg	false		unknown
https://logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js	false		unknown
https://mem.gfx.ms/scripts/me/MeControl/10.24228.4/en-US/meBoot.min.js	false		unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js	false		unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 01:35:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D43CA92920E995768181A9A2C0F7A916	85676525F234DE977D3D5247D9AA7D740274F940	F635B1D3A24B1941860C0DF51782C3DE35E58FFDA12DEE93F56D7B4AEA3FCFC3
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 01:35:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F686AFE2943A27B3A47F277FBE00E275	CEAFDB27BC1F7CA221F961E2CD8653B91636C4BB	ADAC803ADF16E7F73C286D4EA997085D24F2FC29EFE2B0C11C4BEF18C483102E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	3D7E825D6BA8EF04CB58217F1D0AF62F	CCFD4C39B6671C76F9B93CCB042499B51B8FD349	638B423A2528CE3A55C74B2BDEAEEC994B4005A03B824DF3004A6D02190E07BB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 01:35:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0CFBBAA6B6D036E6FF866CF45ECDD976	2F516A3F8090D7EE968478E623CE940067B7C396	AE42A781C9FC051C0259C061D02D57FB96A77EA8EDC87D8E8BECCA1B0C0D8497
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 01:35:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	C35402A3F769BCAE8E8C9AFC8D1CAF0E	CBD42117B0CEBAF43BAE085B2E2468EA4D940307	F48335DBD2E70B2A31EC23CA3A68F431DDFD39B1BF819933C85134E4C28464C6
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 01:35:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6EFFE0D96DBC549C552EDDAC399E1A84	849106BECA55C0D0DB076AF24ADA31E65F023AF5	C2A7A5FA1DB8C878DC2A7104C4B9C96935D749A2BA25763BCBF636867F2CA663
Chrome Cache Entry: 147	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	9F14C20150A003D7CE4DE57C298F0FBA	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
Chrome Cache Entry: 148	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866	6DE768A4DF1E0D0061CDB52EF06346C4	3829A667B97668008023DDA98F4C0772174C8EF6	58732EEE2ED9091F4F5776DC8A8A14116CBE5A2BA1CCDA0256896BAB08A52128
Chrome Cache Entry: 149	PNG image data, 32 x 32, 8-bit colormap, non-interlaced	FB2ED9313C602F40B7A2762ACC15FF89	8A390D07A8401D40CBC1A16D873911FA4CB463F5	B241D02FAB4B17291AF37993EB249F9303EB5897610ABAFAC4C9F6AA6A878369
Chrome Cache Entry: 150	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators	CB06E9A552B197D5C0EA600B431A3407	04E167433F2F1038C78F387F8A166BB6542C2008	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
Chrome Cache Entry: 151	ASCII text, with very long lines (3637)	A249B03B72AB5E7B60E7806457B9BE61	FF0B5F4FB91A9DBF147262AD59B292C6C2DFE122	48FF8C6449BEF199F206C7A1C49403E10DC6341A9D4A1F8946B042DDE66E315F
Chrome Cache Entry: 152	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 153	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators	CB06E9A552B197D5C0EA600B431A3407	04E167433F2F1038C78F387F8A166BB6542C2008	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
Chrome Cache Entry: 154	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 155	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 156	PNG image data, 1704 x 1188, 8-bit/color RGBA, non-interlaced	78AEBE1B0915496628AB38474002E9C2	6F956EE0B45CB709EEE1FCDA9EF5DB61D7E119B5	1FDDF163B3925FF6E0B606A074D69A5A823D51235F681374DD65B4B4DEF1C64D
Chrome Cache Entry: 157	PNG image data, 964 x 604, 8-bit/color RGBA, non-interlaced	3B5120961679C5317DF2D3704A5A187F	71042510EFF3CA2316E28A99CD2F26937C0731C6	EBB327D6AF7DEC63A7861428BD5FED958E3F80D64D0261C4652F6F4925E7B8BE
Chrome Cache Entry: 158	ASCII text, with very long lines (65402)	31D64D7AB5E2355F283B3BA3DBAB8650	B01573B01AF5A7915C1E2F17D6BBDA91EA1A9AAB	717BA1B81A40E2A0D36BF7DEF5663B5AB2CFD715601F50B4F507B0468190DF29
Chrome Cache Entry: 159	ASCII text, with very long lines (52064)	551146BFB0A7E6A643A54408B31FA99C	659BA9C42AB4B1A6DE7F943129D870DBFD36409A	AE95EBC7F7A48F110E33D61414CE33E3E06AC62246FDB27A8CD027F4D371CDBC
Chrome Cache Entry: 160	SVG Scalable Vector Graphics image	2EFC4FB9CD13F0C74773A74A657D64BD	32A08F76E79DC7A275401007D53A5BE4E6723A01	B2842A5D18759A07B479B01E41D9D186254F2361DAFCB80A5A9F2C2F6B688AFF
Chrome Cache Entry: 161	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 162	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 163	ASCII text, with very long lines (2824)	78C4311E4D7A1AFDE2EC6FB093FE40A2	FB9A1881E03ADF12A393759606FF384F847A52A8	2CA909B3DA6E4A4FC7FD3C9DD490C4DB45435C995177AA5D7D154852EFD69E25
Chrome Cache Entry: 164	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 165	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 166	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators	CB06E9A552B197D5C0EA600B431A3407	04E167433F2F1038C78F387F8A166BB6542C2008	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
Chrome Cache Entry: 167	ASCII text, with very long lines (64616)	10BB4002DD986BC2121AE7343C970128	3EA61169BD06FF06B405CB59CE11506C301DF16B	7DC87D100FFDA0B44300291491BBE7AC8A6EAE94937CCEC0494D5F154C07C3A0
Chrome Cache Entry: 168	Unicode text, UTF-8 (with BOM) text, with very long lines (5167), with no line terminators	DE166AA9ADF2414323C2753B85A1A15B	5A22600FE878C436AAC125FAF8CC5B7AB56A3116	3F8BEE024642190823492958CD4EB3E45B5D1B29191E3794B61A8BA6DC813C09
Chrome Cache Entry: 169	ASCII text, with CRLF line terminators	C49C34EE38F103BCB82F58DED32F57DB	757C8CE6D92102903F636C20B70E414A5E9A2E20	BDBBDA3BD97031FF5BCB76B427D2ECD9C4617922C3860F662E51FB18AC5CC591
Chrome Cache Entry: 170	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	68B6034D22E6083CF2592BF4B8B71F0E	0981B22AF5F2BF930794557717FF7C7F4FF563FF	56E5D47C342207184BE9DE6E3CF06CF26C32B34EE799B3ACC95EBEEEEFA5484A
Chrome Cache Entry: 171	ASCII text, with very long lines (65462)	97B7B16D56441B31B6BF815E01A45250	52143F2FFD2E63179F086411C47CAA6DA456199F	0B21564A0717D5738559FE6006A3B9DEDD78837F42774F3A8EF596EBE41CD016
Chrome Cache Entry: 172	ASCII text, with very long lines (2674)	468D4ACC570CFFC7101AC8A63514AD31	6983E89B6EC798B5B8C2B3B76D9311808437B572	B4B342F2025799CA602A75590B324E7493B0903726720BCE4CA793207C83255C
Chrome Cache Entry: 173	ASCII text, with very long lines (503)	A3BC5418F2834309CE2918B15F3B8EEA	62BA2712C6D4960F1057E103F6E1F3C95F2C701B	B2B62643A7C4FE4A4E12934AD819F0293CC00181B78D8091AFFFF3617CEB96B1
Chrome Cache Entry: 174	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	9AA997545CAD62F24960E39B773AE81C	3EBF01E3B3630F127309F816F13FF86B94798E07	BC5E9528086858FD7BFF758A1B0AE0D559A9930E279ECDF4955572B6AD1E53EA
Chrome Cache Entry: 175	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 176	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 177	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866	6DE768A4DF1E0D0061CDB52EF06346C4	3829A667B97668008023DDA98F4C0772174C8EF6	58732EEE2ED9091F4F5776DC8A8A14116CBE5A2BA1CCDA0256896BAB08A52128
Chrome Cache Entry: 178	ASCII text, with CRLF line terminators	03A0A6F0EBBF9056B9CC2B51B6D0FF5D	9C453B7ECA3DBF720412378849D79B09E5E5E14F	1FCD49D36C8C661EC065FE795F87024985E844ED04FC1B0941F5E43773144892
Chrome Cache Entry: 179	HTML document, ASCII text, with very long lines (2627), with CRLF line terminators	5CCBE23634E49E72640EB9CF6EA2402A	DB60E4820889740697769DB15FA9E3BB8A76D0CD	D33FD9A3D981F20106FE9A932990B827CF6EEB7BA8740749A522297801B60972
Chrome Cache Entry: 180	JSON data	5FC018D9E6C56911BBC8DC5DDCD0C768	70979F57A85D527ED8ABCBF02CFF44640C58BDE6	2E6D78A4AE644F3B60AFD3C33E66539FF6C5F6A8ED6ABC40A3AF06AC020EC020
Chrome Cache Entry: 181	Web Open Font Format (Version 2), TrueType, length 45108, version 1.0	452A5B42CB4819F09D35BCF6CBDB24C1	4344BF7FDB2B5E538FB4859DF945FC1A21D2A83C	063A952901506E6CBCC2ABDD1995EA387E4AE9138993F5517834A75FAEE165D0
Chrome Cache Entry: 182	ASCII text, with very long lines (65398)	107489D1ED6BE77BFD69EBE4D7B52B6D	FD56DF206A1DD0223D6D18ADAC841582282A346E	3BBC0000E28054DDBE38B2E7A21DCA8D66FDA56EA48448BCE4658BC6B518A970
Chrome Cache Entry: 183	ASCII text, with very long lines (65398)	107489D1ED6BE77BFD69EBE4D7B52B6D	FD56DF206A1DD0223D6D18ADAC841582282A346E	3BBC0000E28054DDBE38B2E7A21DCA8D66FDA56EA48448BCE4658BC6B518A970
Chrome Cache Entry: 184	Unicode text, UTF-8 text, with very long lines (45900)	F00CFBA8F9859DFEFDFE90EA520C6FCF	B32E153588A287DE81050E327EB5BD7A90B04D99	977CC9882BA50763333DF64E98D26BC3C60A15D6EFA4A2C1FE70579985EDDF84
Chrome Cache Entry: 185	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	DDCB4FCA39CCADCDF6C1FE2E1F717867	88238D53920F32AF37A802A5E6BFEEC3B1E6F75D	097DF2DFA3781F1AEDB631C968D04D8152D7C7FA8E92BC91E233B3000E2F34BB
Chrome Cache Entry: 186	ASCII text, with very long lines (64612)	C6C029BA88D52E5312FEC69603A00340	079011F6F0662C11AE907C773EFE8E0C9338EAD0	DDD0BB1C19B3D2D045BFCDE85D2020BBA57854C887A6691B66DBA3DA1BB3AFBE
Chrome Cache Entry: 187	ASCII text, with no line terminators	F79FFC1767406D43B996B050CEC09ED2	EA4F919251BCDE6EE3CB2E45C0356E1FA3B86661	1E62D5B3EFE0ECE892FF79BD65457FF2DC48A840444AFD53DEEDF2F2869BD685
Chrome Cache Entry: 188	ASCII text, with very long lines (2230), with no line terminators	4D56AF8ACF934242A6D0C2D5FD5785E1	9D58373C57C53221C4762B87BDC186F6E38384D0	6F26F0CC605A8C789C557B2956CE78D147D5D2CC16D2F09B3A606306BCA3F4DE
Chrome Cache Entry: 189	HTML document, Unicode text, UTF-8 text, with very long lines (23174), with CRLF line terminators	DE26792B801CCEF24118A6F43CAFB15D	562E4F773797EA6E4AF81806B3EF688788A50771	DB8B53FCB4DBE07B770C4235BD8F7AAA9DB3EFB3465A4F925E50B108890AEDD4
Chrome Cache Entry: 190	Unicode text, UTF-8 (with BOM) text, with very long lines (65513), with no line terminators	880C609018928AB1C02017657E02B73B	AD20D8C1EADE04CA4A9957CCDDD1D62398FEFBE4	8E87A39060BB8E68153DA5EFE90632DB4B568E09A4861ECBED0D461D83B3A18B
Chrome Cache Entry: 191	ASCII text, with CRLF line terminators	C49C34EE38F103BCB82F58DED32F57DB	757C8CE6D92102903F636C20B70E414A5E9A2E20	BDBBDA3BD97031FF5BCB76B427D2ECD9C4617922C3860F662E51FB18AC5CC591
Chrome Cache Entry: 192	ASCII text, with very long lines (65402)	31D64D7AB5E2355F283B3BA3DBAB8650	B01573B01AF5A7915C1E2F17D6BBDA91EA1A9AAB	717BA1B81A40E2A0D36BF7DEF5663B5AB2CFD715601F50B4F507B0468190DF29
Chrome Cache Entry: 193	ASCII text, with very long lines (64612)	C6C029BA88D52E5312FEC69603A00340	079011F6F0662C11AE907C773EFE8E0C9338EAD0	DDD0BB1C19B3D2D045BFCDE85D2020BBA57854C887A6691B66DBA3DA1BB3AFBE
Chrome Cache Entry: 194	ASCII text, with very long lines (65394)	CF5CC7F4B57526CC37893DCB83DED031	E953783BE0A7894585778455AAE3D0DF094D6F29	3A790B6C0D26D7A4D292CB27F992EAFAFF42C37E9318B2AB704207039127FCB8
Chrome Cache Entry: 195	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 196	ASCII text, with very long lines (3637)	A249B03B72AB5E7B60E7806457B9BE61	FF0B5F4FB91A9DBF147262AD59B292C6C2DFE122	48FF8C6449BEF199F206C7A1C49403E10DC6341A9D4A1F8946B042DDE66E315F
Chrome Cache Entry: 197	PNG image data, 297 x 166, 8-bit/color RGBA, non-interlaced	5C04A186E00E47C2F90ED18E03AB4093	AC859795B92E3FA0FA88868AF532A3ED6F30F12A	1A16DBCD6926721D9C3AEB85429586B307F11D2093CF9AEEFDAA37898CB74D46
Chrome Cache Entry: 198	ASCII text, with very long lines (27557)	4334C8C70998D81BDE3E6765828811A6	DE27D3920885BE830EBA8B77FF1C3B320AFC5B98	1E8638F605575BD335D49EFA95E165ADF7EF06DDA8E367661AC2517A0A3A96B4
Chrome Cache Entry: 199	ASCII text, with very long lines (65439)	0BABAF1D46ACDFADC9FE4AFA5C0354C3	3407BD2EE6AFB10ACD3DAB966CF05C42FE4B1DCC	23EF819E5C8868FFFB2C9C99201DA945887DE5ED5B260A81646BE624F681EBF2
Chrome Cache Entry: 200	PNG image data, 964 x 604, 8-bit/color RGBA, non-interlaced	3B5120961679C5317DF2D3704A5A187F	71042510EFF3CA2316E28A99CD2F26937C0731C6	EBB327D6AF7DEC63A7861428BD5FED958E3F80D64D0261C4652F6F4925E7B8BE
Chrome Cache Entry: 201	ASCII text, with very long lines (4873), with no line terminators	ED927CF0F8A1BE103DF48446270416EE	F7B2BE7FC2B063AAC03E76DF9F3E19D615970213	EBDD298DFD39A35E5F54469F12953081A17CBEA55F3A4A79C0FD4997D804F7D5
Chrome Cache Entry: 202	ASCII text, with very long lines (65460)	C0BB28600CF931A17482376C5E27CABE	3C9B65F94334C9312F168AC51D2067D07DB3A619	70EB3BBB025DC4C9CB7F7297EF68B928E4A7D9F77F8B60BD4DE6C526CF195464
Chrome Cache Entry: 203	ASCII text, with no line terminators	DAAF84584866A63F2201C65F300AD2DF	FC81E0571EB22E52CE609DEF7C82143B512601B8	A413F4EFA3F76ADC7F786DC3684B19D6E333C42FA858EC30C1C40E25ED90A381
Chrome Cache Entry: 204	ASCII text, with no line terminators	4C42AB4890733A2B01B1B3269C4855E7	5B68BFE664DCBC629042EA45C23954EEF1A9F698	F69E8FC1414A82F108CFA0725E5211AF1865A9CEA342A5F01E6B2B5ABE47E010
Chrome Cache Entry: 205	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 206	ASCII text, with very long lines (2824)	78C4311E4D7A1AFDE2EC6FB093FE40A2	FB9A1881E03ADF12A393759606FF384F847A52A8	2CA909B3DA6E4A4FC7FD3C9DD490C4DB45435C995177AA5D7D154852EFD69E25
Chrome Cache Entry: 207	Unicode text, UTF-8 text, with very long lines (45900)	F00CFBA8F9859DFEFDFE90EA520C6FCF	B32E153588A287DE81050E327EB5BD7A90B04D99	977CC9882BA50763333DF64E98D26BC3C60A15D6EFA4A2C1FE70579985EDDF84
Chrome Cache Entry: 208	ASCII text, with very long lines (56994)	500D1A92F875B1D96D37A3A3F8F0438C	703603273F5D5D52EB456D6385E1A68294FBD568	C9B46437D7418E1712DAAAD6D73FA17C2C6AFB5681770C90339C25428415B7FD
Chrome Cache Entry: 209	ASCII text, with very long lines (34235), with CRLF, LF line terminators	6FE3DD83A0D98BC1977F57EA33C37693	8DF606F40E4CC8C07CE929D5A82FD5304EAF4EB7	A5268A183F2A091D2D17773997E89A25FC45CBD60E586EDF61F544FB85D6F6A8
Chrome Cache Entry: 210	PNG image data, 297 x 166, 8-bit/color RGBA, non-interlaced	5C04A186E00E47C2F90ED18E03AB4093	AC859795B92E3FA0FA88868AF532A3ED6F30F12A	1A16DBCD6926721D9C3AEB85429586B307F11D2093CF9AEEFDAA37898CB74D46
Chrome Cache Entry: 211	ASCII text, with no line terminators	BEB5075867AC37A3C8903AB23A5ABA22	86A41106441F795558A31574CBD24D5403E2F054	BD38B37956C818D4084814F47B69B7798F07AF7889D3D13DEBBD2D76ECB86095
Chrome Cache Entry: 212	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 213	ASCII text, with very long lines (65324)	3AFE15E976734D9DAAC26310110C4594	4F14A09A606C99A11F8FDA15564EF66F70402826	680AF6669ABC319F9803F0FA26D443DF1B6BC29133D88A8E4BEA560FFED7288C
Chrome Cache Entry: 214	ASCII text, with no line terminators	AAAB7A355103063D9EEB4824A3A6B374	E51555F02C32321F3E48F07A0FA5AF46DF835BFC	79BA862622D6FA84AC7E4F98EB95043A255FC2C81711E9400A8AA4D4B1608471
Chrome Cache Entry: 215	Web Open Font Format (Version 2), TrueType, length 36748, version 0.0	88749B8058F99835F5A6B87FCC9CEDA1	A491726E067475E187E270D4469A96E016BD30A7	F447D199F99F6EC55B5308B737A69F384032D3D0C1D05FBC41782AA50ECEB92C
Chrome Cache Entry: 216	PNG image data, 2000 x 1125, 8-bit/color RGB, non-interlaced	B00A95724E913C3E9718314845CDF626	D86DA1EE9A34672958194034FDBEA8FD90124FCD	B4264EED12BB5E3655C8C98EB7FDEFFB48839AED9292DB83B1FEE53DAC5FB543
Chrome Cache Entry: 217	Unicode text, UTF-8 (with BOM) text, with very long lines (26071), with no line terminators	A923FB946929633E387E4D2017006546	84D3DCF57A9EF34EA731A1B28F9ECE4B0B267A08	67A664918FD7F224CCE362DB7078440CD693E1EF6B30EFF33C06F112C17102FA
Chrome Cache Entry: 218	ASCII text, with very long lines (65460)	C0BB28600CF931A17482376C5E27CABE	3C9B65F94334C9312F168AC51D2067D07DB3A619	70EB3BBB025DC4C9CB7F7297EF68B928E4A7D9F77F8B60BD4DE6C526CF195464
Chrome Cache Entry: 219	Unicode text, UTF-8 (with BOM) text, with very long lines (10387), with no line terminators	509E44BDCA06692FD924908DE96BE75B	2B68EABA6109F02706D13775CBC357CA40785ABE	37D8CC7CC2283BFB3B3804CDD23E4B62A98EF4C0AA1C38DFA5A515D91B9A132F
Chrome Cache Entry: 220	ASCII text, with very long lines (13140)	016DF3491DC10129A0AE8E4D746365AA	57AF9988612B0E968EF05554589FF5495CE7B81C	F44D4A6983333E0CCE8215E11484EEA375B9494A651B64B1363AFC9F7C8AD0E9
Chrome Cache Entry: 221	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 222	Unicode text, UTF-8 text, with very long lines (64241)	B7AF9FB8EB3F12D3BAA37641537BEDC2	A3FBB622FD4D19CDB371F0B71146DD9F2605D8A4	928ACFBA36CCD911340D2753DB52423F0C7F6FEAA72824E2A1EF6F5667ED4A71
Chrome Cache Entry: 223	ASCII text, with no line terminators	06B313E93DD76909460FBFC0CD98CB6B	C4F9B2BBD840A4328F85F54873C434336A193888	B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
Chrome Cache Entry: 224	ASCII text, with very long lines (1789), with no line terminators	49696FC959CE2121F8FC42BC0A295EDF	353FE5D1F17B396C81383059C66E73574991A78B	E0CFF5C0E0126AD78EB3DCDDA610AD22A32FB4AA37EBA19FEA990E8C3AB3918A
Chrome Cache Entry: 225	ASCII text, with very long lines (4370), with no line terminators	5F05B23BAD0F2D477C4E6B9266F99A74	E6CC0BE0A86B8330B4FD16CE8EB27614FB313B40	70099F944DDCE86C3B9E24CE88C3C489EF4C63CEF20C4DA64A5DC33BBFE36512
Chrome Cache Entry: 226	ASCII text, with very long lines (2974), with no line terminators	8C4035FBAA828A7E23B8584328FE8F88	F222869596F1E3E94C131DE6E85BF233ED1EC511	0F4950468225BC51D24014536FE8004392A415EF01F0DB92A258818E74F9C59E
Chrome Cache Entry: 227	ASCII text, with very long lines (45797)	E40761677762EAB0692F86B259C7D744	34A9B50CEC6E1163CEEFCD4D394DB6524C89A854	DA4A8DF0C326292B5BEE9C732B3C962FD67AAF2F99D850F1BF65068D573C5619
Chrome Cache Entry: 228	ASCII text, with very long lines (17287), with no line terminators	6F229F85F8E9BA83FB79799E1C7198A0	8BFAB2A24326C9D53F283EAF12E8457E4CB6964B	39D3E70B4FE34430E7823A17CE0857716E53855E4850BDF2FA90973E2124B6AD
Chrome Cache Entry: 229	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 230	ASCII text, with very long lines (65536), with no line terminators	C1338BAD680C7B30034BB2BEE2C447D3	E93C535395F25D15F4AA67E481DFCEAF94F25A1E	906A3B2A89AA06A9C0DA125FBF248D1F9FD188511B44D4822D9E3FCFD28197E8
Chrome Cache Entry: 231	ASCII text, with very long lines (64616)	10BB4002DD986BC2121AE7343C970128	3EA61169BD06FF06B405CB59CE11506C301DF16B	7DC87D100FFDA0B44300291491BBE7AC8A6EAE94937CCEC0494D5F154C07C3A0
Chrome Cache Entry: 232	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	68B6034D22E6083CF2592BF4B8B71F0E	0981B22AF5F2BF930794557717FF7C7F4FF563FF	56E5D47C342207184BE9DE6E3CF06CF26C32B34EE799B3ACC95EBEEEEFA5484A
Chrome Cache Entry: 233	ASCII text, with very long lines (65297)	7FD2F04E75BD7AB1A79D80CDD4C33085	E02A14457B25E6DF2568B772FEAB4387C00A4934	5EDF297381B409D711BC8D27676951A59E151E783412850332519C05243D1E24
Chrome Cache Entry: 234	Unicode text, UTF-8 (with BOM) text, with very long lines (12305), with no line terminators	5C417FB0C43BB893879AD3B519A46F9F	C1A9254458695F9397112101505C46195B95C295	4FD79286FA2135636879A444385A83B5F2440033096D86E6100099767D7BB4C1
Chrome Cache Entry: 235	PNG image data, 32 x 32, 8-bit colormap, non-interlaced	FB2ED9313C602F40B7A2762ACC15FF89	8A390D07A8401D40CBC1A16D873911FA4CB463F5	B241D02FAB4B17291AF37993EB249F9303EB5897610ABAFAC4C9F6AA6A878369
Chrome Cache Entry: 236	SVG Scalable Vector Graphics image	2EFC4FB9CD13F0C74773A74A657D64BD	32A08F76E79DC7A275401007D53A5BE4E6723A01	B2842A5D18759A07B479B01E41D9D186254F2361DAFCB80A5A9F2C2F6B688AFF
Chrome Cache Entry: 237	ASCII text, with very long lines (65394)	CF5CC7F4B57526CC37893DCB83DED031	E953783BE0A7894585778455AAE3D0DF094D6F29	3A790B6C0D26D7A4D292CB27F992EAFAFF42C37E9318B2AB704207039127FCB8
Chrome Cache Entry: 238	ASCII text, with very long lines (65297)	7FD2F04E75BD7AB1A79D80CDD4C33085	E02A14457B25E6DF2568B772FEAB4387C00A4934	5EDF297381B409D711BC8D27676951A59E151E783412850332519C05243D1E24
Chrome Cache Entry: 239	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	9F14C20150A003D7CE4DE57C298F0FBA	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
Chrome Cache Entry: 240	ASCII text, with no line terminators	7E7BFC5D4F0BEF4B39AEB0B1E5C0C1EB	69739342EE4CBECDF55941BB2263353E92C3308B	B802050DC3679CEB897A1D4CA3BEC89857FDBEA21ED5FC5A88BBAA8D6EF738C0
Chrome Cache Entry: 241	Unicode text, UTF-8 text, with very long lines (32009)	D580777BB3A28B94F6F1D18EE17AEDA3	E78833A2DB1AA97DA3F4A1994E6AF1F0D74D7CC7	81188E8A76162C79DB4A5C10AC933C9E874C5B9EAE10E47956AD9DF704E01B28
Chrome Cache Entry: 242	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 243	ASCII text, with very long lines (2674)	468D4ACC570CFFC7101AC8A63514AD31	6983E89B6EC798B5B8C2B3B76D9311808437B572	B4B342F2025799CA602A75590B324E7493B0903726720BCE4CA793207C83255C
Chrome Cache Entry: 244	ASCII text, with very long lines (30237)	F04D3E51969894BD486CD9A9A1549EA6	6DB7ED2E034FE99F5013144CA91DD21408F7AC36	33A747222E8AE5381AEB53C9671BB3EB309B7226587674CD6D901F99645A852B
Chrome Cache Entry: 245	ASCII text, with very long lines (65536), with no line terminators	C1338BAD680C7B30034BB2BEE2C447D3	E93C535395F25D15F4AA67E481DFCEAF94F25A1E	906A3B2A89AA06A9C0DA125FBF248D1F9FD188511B44D4822D9E3FCFD28197E8
Chrome Cache Entry: 246	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 247	ASCII text, with very long lines (45797)	3602A8C250CFC3B2498E4A2E8F37D899	14CB952E9A17166990FA5333EB9A3C616B943FB1	F13538C1B4EC6747412C77977B2519448BD2A095697AC80E7836ED15D21D8443
Chrome Cache Entry: 248	ASCII text, with very long lines (6125), with no line terminators	97C18402D0D5AD89F12C548A55C8284F	412ACD023C48FA79C9F846040497C74C2EBEC46D	464730FF27CB58E32D39C58E96330E89983298C72B1B4183A68E0B7FE4D4CCFA
Chrome Cache Entry: 249	Web Open Font Format (Version 2), TrueType, length 13576, version 330.-16253	9EFB86976BD53E159166C12365F61E25	830F8653E5F4A5331AC0B47C5701F65FE9F1BB32	86E496B536B26BA60CDB68DF9DD9143B19A63B65E30E373B0321833AAB1295D6
Chrome Cache Entry: 250	ASCII text, with very long lines (780), with no line terminators	CB3531F56366637C3E928C625264646D	3F6B2AC9B3A9C76EF8410FCA587105F1D95238A5	47F3F44C9BC3F47A111D004476F051D5684D9FB7526EF3985A6540F6D6B16E93
Chrome Cache Entry: 251	ASCII text, with very long lines (17287), with no line terminators	6F229F85F8E9BA83FB79799E1C7198A0	8BFAB2A24326C9D53F283EAF12E8457E4CB6964B	39D3E70B4FE34430E7823A17CE0857716E53855E4850BDF2FA90973E2124B6AD
Chrome Cache Entry: 252	ASCII text	7A8E7C1CD51967EA8532ACF4D117846B	CB22CAE41616EA0FFA42617CCF736B963E550CE9	F166D532752C0B9C3163F620218A9D0439AAE078BC72099370EEC6EC9D0303F5
Chrome Cache Entry: 253	ASCII text, with very long lines (42133)	B9C3E4320DB870036919F1EE117BDA6E	29B5A9066B5B1F1FE5AFE7EE986E80A49E86606A	A1FE019388875B696EDB373B51A51C0A8E3BAD52CD489617D042C0722BDB1E48
Chrome Cache Entry: 254	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	9AA997545CAD62F24960E39B773AE81C	3EBF01E3B3630F127309F816F13FF86B94798E07	BC5E9528086858FD7BFF758A1B0AE0D559A9930E279ECDF4955572B6AD1E53EA
Chrome Cache Entry: 255	ASCII text, with no line terminators	AAAB7A355103063D9EEB4824A3A6B374	E51555F02C32321F3E48F07A0FA5AF46DF835BFC	79BA862622D6FA84AC7E4F98EB95043A255FC2C81711E9400A8AA4D4B1608471
Chrome Cache Entry: 256	ASCII text, with very long lines (14782)	630831903F4BA9060856520624E34CFC	36DC15B9CCC3FC8EF627354BF55EF44EBD10E203	BC6804D058D5BD5B24FC04E479FC8973BEF5D3EFEAFAA9C19C60A009BF0FAC0B
Chrome Cache Entry: 257	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 63x56, components 3	EB68DE31FCF7D77F8E2F3A97CA5CCE8D	CA3D9AE11F0CA7FCD9F8093FEED9FAFEC048FDB5	7924757A88FF7868AD410113F30854515F356A0086BD500996C6D6286E54317A
Chrome Cache Entry: 258	Unicode text, UTF-8 text, with very long lines (56015)	449A9DEF2F0C6FC3B72C71164A97BDA3	25852714E23804A5500D693786CA8254025EE205	220F5BD08E467A31A10A9CA1548E3580CEEB6064EAFC047ACFE35C2589BEC54F
Chrome Cache Entry: 259	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 260	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 261	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	DDCB4FCA39CCADCDF6C1FE2E1F717867	88238D53920F32AF37A802A5E6BFEEC3B1E6F75D	097DF2DFA3781F1AEDB631C968D04D8152D7C7FA8E92BC91E233B3000E2F34BB
Chrome Cache Entry: 262	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 263	PNG image data, 1704 x 1188, 8-bit/color RGBA, non-interlaced	78AEBE1B0915496628AB38474002E9C2	6F956EE0B45CB709EEE1FCDA9EF5DB61D7E119B5	1FDDF163B3925FF6E0B606A074D69A5A823D51235F681374DD65B4B4DEF1C64D
Chrome Cache Entry: 264	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 265	ASCII text, with very long lines (65462)	97B7B16D56441B31B6BF815E01A45250	52143F2FFD2E63179F086411C47CAA6DA456199F	0B21564A0717D5738559FE6006A3B9DEDD78837F42774F3A8EF596EBE41CD016
Chrome Cache Entry: 266	Unicode text, UTF-8 text, with very long lines (56015)	449A9DEF2F0C6FC3B72C71164A97BDA3	25852714E23804A5500D693786CA8254025EE205	220F5BD08E467A31A10A9CA1548E3580CEEB6064EAFC047ACFE35C2589BEC54F
Chrome Cache Entry: 267	HTML document, ASCII text, with very long lines (918)	5DC258F6742F6D22A4CD80F50926ED70	2925F965C31990E0F883E2E885A3D57056168DCC	3B8D3C93FD78C24F4C175C8515E4A5DF79AEE536AF4CED58BA078EA591569EAC
Chrome Cache Entry: 268	Web Open Font Format (Version 2), TrueType, length 29888, version 0.0	E465F101F881B07CCFBB55D51D18135F	0D76B152EA1AE4AA68DB36DCC7BD204ACDC571D3	6F5EBFD0FC9A520ADCA234FDD34B4DFBEB106942A6F44E65FC1AC54F7D2D6498
Chrome Cache Entry: 269	ASCII text, with very long lines (503)	A3BC5418F2834309CE2918B15F3B8EEA	62BA2712C6D4960F1057E103F6E1F3C95F2C701B	B2B62643A7C4FE4A4E12934AD819F0293CC00181B78D8091AFFFF3617CEB96B1
Chrome Cache Entry: 270	ASCII text, with very long lines (65439)	0BABAF1D46ACDFADC9FE4AFA5C0354C3	3407BD2EE6AFB10ACD3DAB966CF05C42FE4B1DCC	23EF819E5C8868FFFB2C9C99201DA945887DE5ED5B260A81646BE624F681EBF2
Chrome Cache Entry: 271	PNG image data, 2000 x 1125, 8-bit/color RGB, non-interlaced	B00A95724E913C3E9718314845CDF626	D86DA1EE9A34672958194034FDBEA8FD90124FCD	B4264EED12BB5E3655C8C98EB7FDEFFB48839AED9292DB83B1FEE53DAC5FB543
Chrome Cache Entry: 272	Web Open Font Format, TrueType, length 26288, version 0.0	D0263DC03BE4C393A90BDA733C57D6DB	8A032B6DEAB53A33234C735133B48518F8643B92	22B4DF5C33045B645CAFA45B04685F4752E471A2E933BFF5BF14324D87DEEE12
Chrome Cache Entry: 273	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 274	ASCII text, with very long lines (61177)	41955034BB6BC6963DF5A8ECA72C5B81	D4B9E8C46100BDDACE8DFA08BDFF1F6F3D3B0A81	1F8CEB44FE7CFCF7E71DBD5122210335CA3821D697A851D2900B95AF7D92D69D
Chrome Cache Entry: 275	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 276	ASCII text, with very long lines (30237)	F04D3E51969894BD486CD9A9A1549EA6	6DB7ED2E034FE99F5013144CA91DD21408F7AC36	33A747222E8AE5381AEB53C9671BB3EB309B7226587674CD6D901F99645A852B
Chrome Cache Entry: 277	ASCII text	7A8E7C1CD51967EA8532ACF4D117846B	CB22CAE41616EA0FFA42617CCF736B963E550CE9	F166D532752C0B9C3163F620218A9D0439AAE078BC72099370EEC6EC9D0303F5
Chrome Cache Entry: 278	ASCII text, with very long lines (52064)	551146BFB0A7E6A643A54408B31FA99C	659BA9C42AB4B1A6DE7F943129D870DBFD36409A	AE95EBC7F7A48F110E33D61414CE33E3E06AC62246FDB27A8CD027F4D371CDBC
Chrome Cache Entry: 279	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 63x56, components 3	EB68DE31FCF7D77F8E2F3A97CA5CCE8D	CA3D9AE11F0CA7FCD9F8093FEED9FAFEC048FDB5	7924757A88FF7868AD410113F30854515F356A0086BD500996C6D6286E54317A
Chrome Cache Entry: 280	Unicode text, UTF-8 text, with very long lines (32009)	D580777BB3A28B94F6F1D18EE17AEDA3	E78833A2DB1AA97DA3F4A1994E6AF1F0D74D7CC7	81188E8A76162C79DB4A5C10AC933C9E874C5B9EAE10E47956AD9DF704E01B28
Chrome Cache Entry: 281	HTML document, Unicode text, UTF-8 text	569B18325D78AFECB33CE1432B2E80FA	E2F57C8BCA63466084F6BD8706531D5286725D3F	5EEA976D57BA4F18F575AE84F073E0EA80155F92472ECFF00BABE12CAF0B2B54
Chrome Cache Entry: 282	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 283	ASCII text, with very long lines (42133)	B9C3E4320DB870036919F1EE117BDA6E	29B5A9066B5B1F1FE5AFE7EE986E80A49E86606A	A1FE019388875B696EDB373B51A51C0A8E3BAD52CD489617D042C0722BDB1E48
Chrome Cache Entry: 284	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 285	ASCII text, with very long lines (34235), with CRLF, LF line terminators	6FE3DD83A0D98BC1977F57EA33C37693	8DF606F40E4CC8C07CE929D5A82FD5304EAF4EB7	A5268A183F2A091D2D17773997E89A25FC45CBD60E586EDF61F544FB85D6F6A8
Chrome Cache Entry: 286	ASCII text, with very long lines (14782)	630831903F4BA9060856520624E34CFC	36DC15B9CCC3FC8EF627354BF55EF44EBD10E203	BC6804D058D5BD5B24FC04E479FC8973BEF5D3EFEAFAA9C19C60A009BF0FAC0B
Chrome Cache Entry: 287	ASCII text, with very long lines (13140)	016DF3491DC10129A0AE8E4D746365AA	57AF9988612B0E968EF05554589FF5495CE7B81C	F44D4A6983333E0CCE8215E11484EEA375B9494A651B64B1363AFC9F7C8AD0E9
Chrome Cache Entry: 288	ASCII text, with very long lines (3385), with no line terminators	838B4CF03009164350BEE28EC54B1B28	7289901F526CD15984F080E40BBF8B8B6098EB73	70C7CD74052E7BB3716548F7748B7FBF90C8BB39B0F688495B5D3D8974295A72

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://palomaestro1211.github.io/microsoftlogin/

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Multi AV Scanner detection for domain / URL

Source: palomaestro1211.github.io

Virustotal: Detection: 7%

Perma Link

Multi AV Scanner detection for submitted file

Source: https://palomaestro1211.github.io/microsoftlogin/

Virustotal: Detection: 5%

Perma Link

Phishing

Yara detected HtmlPhish64

Source: Yara match

File source: 3.0.pages.csv, type: HTML

Form action URLs do not match main URL

Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0

Found iframes

Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

HTML body contains low number of good links

Source: https://palomaestro1211.github.io/microsoftlogin/	HTTP Parser: Number of links: 0
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://palomaestro1211.github.io/microsoftlogin/

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden javascript code

Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0

HTTP Parser: Base64 decoded: e03d3852-1550-4da3-840f-784e000d98d04b5f77af-2581-4fea-b14c-9c143e794fd9

HTML title does not match URL

Source: https://palomaestro1211.github.io/microsoftlogin/	HTTP Parser: Title: Sign in to your Microsoft account does not match URL
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: Title: Sign in to your account does not match URL

Invalid 'forgot password' link found

Source: https://palomaestro1211.github.io/microsoftlogin/

HTTP Parser: Invalid link: Forgot password?

Source: https://palomaestro1211.github.io/microsoftlogin/	HTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: <input type="password" .../> found

Source: https://signup.live.com/?lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/?lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/?lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/?lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/?lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/?lic=1	HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No favicon

Source: https://palomaestro1211.github.io/microsoftlogin/	HTTP Parser: No <meta name="author".. found
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No <meta name="author".. found
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: No <meta name="author".. found

Source: https://palomaestro1211.github.io/microsoftlogin/	HTTP Parser: No <meta name="copyright".. found
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No <meta name="copyright".. found
Source: https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638630877815334557.MjRjMTRmZTItMjgwMy00ZGQ4LWEzN2EtYTY1NjY4OWIwYTYzYjBhMDc1OTEtZjEwNS00Y2UxLThmYzctMGFiYTkwZDY0NGQ1&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL29zbH4GsbKbuSLZMtTnJibXqs9IlqgAp3LJlFSUKTLpwvSJiJDsm826hZQf2R8kKb8jR9qglrNkV9NMdDtKTRNWr0ebJJB_e3WATebxkK1FvN8vzxy4kTXzXTfsO7Nq8gnwqv2clz7XaZsWWvD3eAD-gpH2RrE7yX_Bo7-HKGdxG9XGOUc9sYWICPzhOvhMtNabRKcyndVpaLsJc8npnRYBKppFZqiMxJQtqJUR1Hsl8aTUJcu4EZPujYHwragPmBC1TmkHPsh-rouuJ-OkO1_2ApE9LbjR45RcwX9oJ3lty1G00MluTdiR49ZL1Yj0yoVj3h2XSaPlYRv0_MyCV2cF0U8zafdE77t2NAMUiEVWWHLsRwcUAQXc1K0JWRVOCY&x-client-SKU=ID_NET6_0&x-client-ver=8.0.2.0	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.189.173.20:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49746 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 39MB

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /microsoftlogin/ HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/css/styles.min.css HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://palomaestro1211.github.io/microsoftlogin/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://palomaestro1211.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://palomaestro1211.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/line-awesome/1.1/css/line-awesome.min.css HTTP/1.1Host: maxcdn.icons8.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://palomaestro1211.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/img/stertile.png HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://palomaestro1211.github.io/microsoftlogin/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/js/script.min.js HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://palomaestro1211.github.io/microsoftlogin/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://palomaestro1211.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/img/background.png HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://palomaestro1211.github.io/microsoftlogin/assets/css/styles.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/line-awesome/1.1/fonts/line-awesome.woff2?v=1.1. HTTP/1.1Host: maxcdn.icons8.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://palomaestro1211.github.iosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://maxcdn.icons8.com/fonts/line-awesome/1.1/css/line-awesome.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/img/stertile.png HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/js/script.min.js HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/img/favicon32.svg HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://palomaestro1211.github.io/microsoftlogin/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/img/background.png HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoftlogin/assets/img/favicon32.svg HTTP/1.1Host: palomaestro1211.github.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_l7exbVZEGzG2v4FeAaRSUA2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_l7exbVZEGzG2v4FeAaRSUA2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_l7exbVZEGzG2v4FeAaRSUA2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=64596b30-7d42-11ef-a7dd-d78ef7f1d590 HTTP/1.1Host: stk.hsprotect.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://msft.hsprotect.netSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://msft.hsprotect.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=64596b30-7d42-11ef-a7dd-d78ef7f1d590 HTTP/1.1Host: stk.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/FetchSessions_Core_VRFGv7Cn5qZDpUQIsx-pnA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000/content/js/MeControl_byKfhfjpuoP7eXmeHHGYoA2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/FetchSessions_Core_VRFGv7Cn5qZDpUQIsx-pnA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000/content/js/MeControl_byKfhfjpuoP7eXmeHHGYoA2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_198.2.dr

String found in binary or memory: * Facebook [ https://www.facebook.com/Icons8 ] equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: palomaestro1211.github.io
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: use.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.icons8.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: signup.live.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: fpt.live.com
Source: global traffic	DNS traffic detected: DNS query: msft.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: client.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: stk.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: collector-pxzc5j78di.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: support.content.office.net
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: mem.gfx.ms
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: acctcdn.msftauth.net

Source: unknown

HTTP traffic detected: POST /Telemetry.Request HTTP/1.1Connection: Keep-AliveUser-Agent: MSDWMSA_DeviceTicket_Error: 0x80004004Content-Length: 5110Host: umwatson.events.data.microsoft.com

Source: chromecache_227.2.dr, chromecache_247.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_283.2.dr, chromecache_253.2.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_159.2.dr, chromecache_278.2.dr, chromecache_167.2.dr, chromecache_231.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_159.2.dr, chromecache_278.2.dr, chromecache_167.2.dr, chromecache_231.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_281.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: chromecache_281.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css
Source: chromecache_281.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js
Source: chromecache_267.2.dr	String found in binary or memory: https://client.hsprotect.net/PXzC5j78di/main.min.js
Source: chromecache_208.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_208.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_189.2.dr	String found in binary or memory: https://fpt.live.com/
Source: chromecache_213.2.dr, chromecache_233.2.dr, chromecache_238.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_198.2.dr	String found in binary or memory: https://github.com/FontCustom/fontcustom
Source: chromecache_286.2.dr, chromecache_227.2.dr, chromecache_159.2.dr, chromecache_278.2.dr, chromecache_167.2.dr, chromecache_193.2.dr, chromecache_256.2.dr, chromecache_231.2.dr, chromecache_247.2.dr, chromecache_186.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_198.2.dr	String found in binary or memory: https://github.com/icons8
Source: chromecache_213.2.dr, chromecache_233.2.dr, chromecache_238.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_233.2.dr, chromecache_238.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_198.2.dr	String found in binary or memory: https://icons8.com/
Source: chromecache_198.2.dr	String found in binary or memory: https://icons8.com/contact
Source: chromecache_198.2.dr	String found in binary or memory: https://icons8.com/good-boy-license/
Source: chromecache_198.2.dr	String found in binary or memory: https://icons8.com/line-awesome
Source: chromecache_166.2.dr, chromecache_153.2.dr, chromecache_150.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_166.2.dr, chromecache_153.2.dr, chromecache_150.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_281.2.dr	String found in binary or memory: https://maxcdn.icons8.com/fonts/line-awesome/1.1/css/line-awesome.min.css
Source: chromecache_252.2.dr, chromecache_277.2.dr	String found in binary or memory: https://palomaestro1211.github.io/yougotphished/
Source: chromecache_198.2.dr	String found in binary or memory: https://plus.google.com/
Source: chromecache_281.2.dr	String found in binary or memory: https://signup.live.com/?lic=1
Source: chromecache_198.2.dr	String found in binary or memory: https://twitter.com/icons_8
Source: chromecache_281.2.dr	String found in binary or memory: https://use.fontawesome.com/releases/v5.12.0/css/all.css

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 20.189.173.20:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49746 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@25/235@72/14

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2312,i,4350751207003056008,12659932731048082581,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://palomaestro1211.github.io/microsoftlogin/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2312,i,4350751207003056008,12659932731048082581,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1521119
Product:	CloudBasic
Start time:	04:34:43
Start date:	28.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://palomaestro1211.github.io/microsoftlogin/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://palomaestro1211.github.io/microsoftlogin/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://palomaestro1211.github.io/microsoftlogin/