Windows Analysis Report
https://www.phsinc.com/?bwfan-track-action=click&bwfan-track-id=0ecdd1bdf2276cad3fa2d27ffa918e84&bwfan-uid=e2dffed46dd69d19d18bc527d6255bd5&bwfan-link=%68%74%74%70%73%3A%2F%2F%6D%61%69%6C%2E%72%69%67%6F%74%69%6C%65%73%2E%63%6F%6D%2F%6A%50%73%51%57%55%63%42

Overview

General Information

Sample URL: https://www.phsinc.com/?bwfan-track-action=click&bwfan-track-id=0ecdd1bdf2276cad3fa2d27ffa918e84&bwfan-uid=e2dffed46dd69d19d18bc527d6255bd5&bwfan-link=%68%74%74%70%73%3A%2F%2F%6D%61%69%6C%2E%72%69%67%
Analysis ID: 1546429
Infos:

Detection

HTMLPhisher, ReCaptcha Phish
Score: 88
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Yara detected HtmlPhish54
Yara detected Recaptcha Phish
Phishing site detected (based on favicon image match)
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
Phishing site or detected (based on various text indicators)
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML page contains string obfuscation
HTML title does not match URL
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: https://www.phsinc.com/?bwfan-track-action=click&bwfan-track-id=0ecdd1bdf2276cad3fa2d27ffa918e84&bwfan-uid=e2dffed46dd69d19d18bc527d6255bd5&bwfan-link=%68%74%74%70%73%3A%2F%2F%6D%61%69%6C%2E%72%69%67%6F%74%69%6C%65%73%2E%63%6F%6D%2F%6A%50%73%51%57%55%63%42 SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing
barindex
AI detected phishing page
Source: https://mail.rigotiles.com/jPsQWUcB LLM: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'mail.rigotiles.com' does not match the legitimate domain for Microsoft., The domain 'rigotiles.com' does not appear to be associated with Microsoft., The presence of a subdomain 'mail' could be an attempt to mimic a legitimate service like Outlook or Office 365., The input fields labeled as 'unknown' suggest a lack of clarity or potential obfuscation, which is common in phishing sites. DOM: 1.4.pages.csv
Source: https://mail.rigotiles.com/jPsQWUcB LLM: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL 'mail.rigotiles.com' does not match the legitimate domain 'microsoft.com'., The domain 'rigotiles.com' does not have any known association with Microsoft., The presence of a subdomain 'mail' could be an attempt to mimic a legitimate service like Outlook or Office 365., The URL does not contain any direct reference to Microsoft, which is suspicious., The input fields labeled as 'unknown' do not provide any context or association with Microsoft services. DOM: 1.2.pages.csv
Yara detected HtmlPhish54
Source: Yara match File source: 0.16.id.script.csv, type: HTML
Source: Yara match File source: 0.28.i.script.csv, type: HTML
Source: Yara match File source: 2.6.pages.csv, type: HTML
Source: Yara match File source: 3.7.pages.csv, type: HTML
Source: Yara match File source: 3.8.pages.csv, type: HTML
Source: Yara match File source: 3.10.pages.csv, type: HTML
Yara detected Recaptcha Phish
Source: Yara match File source: 0.6.id.script.csv, type: HTML
Source: Yara match File source: 0.7.id.script.csv, type: HTML
Source: Yara match File source: 0.11.i.script.csv, type: HTML
Source: Yara match File source: 0.12.i.script.csv, type: HTML
Source: Yara match File source: 1.0.pages.csv, type: HTML
Source: Yara match File source: 1.5.pages.csv, type: HTML
Source: Yara match File source: 1.1.pages.csv, type: HTML
Phishing site detected (based on favicon image match)
Source: https://rigotiles.com Matcher: Template: microsoft matched with high similarity
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true Matcher: Template: microsoft matched with high similarity
Phishing site detected (based on image similarity)
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true Matcher: Found strong image similarity, brand: MICROSOFT
Phishing site detected (based on logo match)
Source: https://mail.rigotiles.com/jPsQWUcB Matcher: Template: cloudflare matched
Source: https://mail.rigotiles.com/jPsQWUcB Matcher: Template: cloudflare matched
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeH Matcher: Template: microsoft matched
Phishing site or detected (based on various text indicators)
Source: Chrome DOM: 1.4 OCR Text: Microsoft Please stand by, while we are checking if the site connection is secure Verifying... CLOUDFLARE Ten-ns Microsoft needs to review the security of your connection before proceeding. Performance & security by Microsoft
HTML body contains low number of good links
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: Number of links: 0
HTML page contains hidden javascript code
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP Parser: Base64 decoded: 877f58f4-876f-4823-a4ef-e90455ab491b3ce9aa71-2567-4f60-8371-823bb0c08834
HTML page contains string obfuscation
Source: https://mail.rigotiles.com/jPsQWUcB HTTP Parser: Found new string: script ...var verifyCallback_CF = function (response) {. console.log("verified");. window.location.assign('h' + 'ttp' + 's' + '://' + 'm' + 'ai' + 'l' + '.' + 'ri' + 'go' + 't' + 'il' + 'e' + 's.' + 'c' + 'om' + '/jP' + 's' + 'QW' + 'Uc' + 'B?' + 'y=' + 'IU' + 'm' + 'JJi' + 'k');. };.....
HTML title does not match URL
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: Title: Sign in to your account does not match URL
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: Iframe src: https://ywnjb.rigotiles.com/Me.htm?v=3
Source: https://mail.rigotiles.com/jPsQWUcB HTTP Parser: No favicon
Source: https://mail.rigotiles.com/jPsQWUcB HTTP Parser: No favicon
Source: https://mail.rigotiles.com/jPsQWUcB HTTP Parser: No favicon
Source: https://mail.rigotiles.com/jPsQWUcB HTTP Parser: No favicon
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP Parser: No favicon
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.16:51028 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:51032 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:51035 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:51038 version: TLS 1.2
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.16:49711 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.16:53699 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.16:51025 -> 162.159.36.2:53
Detected suspicious crossdomain redirect
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: www.phsinc.com to https://mail.rigotiles.com/jpsqwucb
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.16:49746
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.16:51035
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.16:51038
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global traffic HTTP traffic detected: GET /?bwfan-track-action=click&bwfan-track-id=0ecdd1bdf2276cad3fa2d27ffa918e84&bwfan-uid=e2dffed46dd69d19d18bc527d6255bd5&bwfan-link=%68%74%74%70%73%3A%2F%2F%6D%61%69%6C%2E%72%69%67%6F%74%69%6C%65%73%2E%63%6F%6D%2F%6A%50%73%51%57%55%63%42 HTTP/1.1Host: www.phsinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jPsQWUcB HTTP/1.1Host: mail.rigotiles.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /1/api.js HTTP/1.1Host: js.hcaptcha.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SJ5tdZc/download.png[/img HTTP/1.1Host: i.ibb.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/b/22755d9a86c9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /captcha/v1/05c78a4/static/hcaptcha.html HTTP/1.1Host: newassets.hcaptcha.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /1/api.js HTTP/1.1Host: js.hcaptcha.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SJ5tdZc/download.png HTTP/1.1Host: i.ibb.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/b/22755d9a86c9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qh7j5/0x4AAAAAAAyr4qst3s0poVsP/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SJ5tdZc/download.png HTTP/1.1Host: i.ibb.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8db68aefa9dee71a&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qh7j5/0x4AAAAAAAyr4qst3s0poVsP/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qh7j5/0x4AAAAAAAyr4qst3s0poVsP/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /c/0d69d1a359119bd0e2c5ca7f11f300ac050517fd19b612f86c0c75a2b0b39cbe/hsw.js HTTP/1.1Host: newassets.hcaptcha.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://newassets.hcaptcha.com/captcha/v1/05c78a4/static/hcaptcha.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /checksiteconfig?v=05c78a4&host=mail.rigotiles.com&sitekey=234adb2f-52ba-4697-82fa-abecbb14b173&sc=1&swa=1&spst=1 HTTP/1.1Host: api2.hcaptcha.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cflb=0H28vk2VKwPbLoawFj9ote4RZxB9Q78v8RVsZqVRRd7
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8db68aefa9dee71a&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mail.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mail.rigotiles.com/jPsQWUcBAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157
Source: global traffic HTTP traffic detected: GET /c/0d69d1a359119bd0e2c5ca7f11f300ac050517fd19b612f86c0c75a2b0b39cbe/hsw.js HTTP/1.1Host: newassets.hcaptcha.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1827530087:1730405642:ltd0wnhF-wNUZPhVAbzH59KppvuK_FKCeFGLBlDqCYQ/8db68aefa9dee71a/7cykXcorcTo1NInY40PyAW.pmxtDKZjwQymE_8quY0M-1730408092-1.1.1.1-Ke.D64bIfKYJPApeFdyVZtu8wbDtjaUMDXBNn45ZRomcSu7xIPnksyDPYrWEyyBv HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8db68aefa9dee71a/1730408094291/1DUK2cFFx0Ov71K HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qh7j5/0x4AAAAAAAyr4qst3s0poVsP/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8X286xg78epWUlZ&MD=DApwh8vU HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8db68aefa9dee71a/1730408094291/1DUK2cFFx0Ov71K HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8db68aefa9dee71a/1730408094294/bfc9350757dc2b54cda47f1ce8f7cb0fee63827b7d6473a6f9e3352166586cbd/I6Sy_RrFs8HulFz HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qh7j5/0x4AAAAAAAyr4qst3s0poVsP/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1827530087:1730405642:ltd0wnhF-wNUZPhVAbzH59KppvuK_FKCeFGLBlDqCYQ/8db68aefa9dee71a/7cykXcorcTo1NInY40PyAW.pmxtDKZjwQymE_8quY0M-1730408092-1.1.1.1-Ke.D64bIfKYJPApeFdyVZtu8wbDtjaUMDXBNn45ZRomcSu7xIPnksyDPYrWEyyBv HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jPsQWUcB?y=IUmJJik HTTP/1.1Host: mail.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://mail.rigotiles.com/jPsQWUcBAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1827530087:1730405642:ltd0wnhF-wNUZPhVAbzH59KppvuK_FKCeFGLBlDqCYQ/8db68aefa9dee71a/7cykXcorcTo1NInY40PyAW.pmxtDKZjwQymE_8quY0M-1730408092-1.1.1.1-Ke.D64bIfKYJPApeFdyVZtu8wbDtjaUMDXBNn45ZRomcSu7xIPnksyDPYrWEyyBv HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: mail.rigotiles.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://mail.rigotiles.com/jPsQWUcBAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd
Source: global traffic HTTP traffic detected: GET /login HTTP/1.1Host: react.rigotiles.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157
Source: global traffic HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1Host: mail.rigotiles.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd; fpc=AruFywdRNsJGosIYeIFG8IA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe-AyN2vN-JZnTZfC12RmLUEtADKPEs35jiYAhQHvA7yy6XAZXDIvOksTiwlwkBdwZLRLEiuBbMqix2p0WltGmtzxvUP8xE8uk3ylawvpG2uOJgxdJBWBGlnqwE6QkVUUwW1cWu4pTSsWeRfeyE-7UsO2x5VMtIehx38SdhASkTlAgAA; stsservicecookie=estsfd; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /s/07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157/e912187ff14fbe0e087fdd0242e0ac50ec5f2e3b1729e3fe0d8b2bf4a69d8ad8.js HTTP/1.1Host: mail.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd; fpc=AruFywdRNsJGosIYeIFG8IA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe-AyN2vN-JZnTZfC12RmLUEtADKPEs35jiYAhQHvA7yy6XAZXDIvOksTiwlwkBdwZLRLEiuBbMqix2p0WltGmtzxvUP8xE8uk3ylawvpG2uOJgxdJBWBGlnqwE6QkVUUwW1cWu4pTSsWeRfeyE-7UsO2x5VMtIehx38SdhASkTlAgAA; stsservicecookie=estsfd; MUID=3FEF292F99CD6FE9028E3C0698816E87; esctx-tqcq03maRtc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeshBZkdRtL4uCiakvoFKUDu3OINUz_20GUUDVINotffSlbTWb7a8G4YNtFArgcCTCPKsCD9L0xmgVGLAHq1Y_wENBJBKaSY6c_QUlSL0ILScFRvwDLrvS27gX9qgXcWroShwQ2ZnyokFi_x8kbcBoYiAA
Source: global traffic HTTP traffic detected: GET /s/07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157.js HTTP/1.1Host: mail.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd; fpc=AruFywdRNsJGosIYeIFG8IA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe-AyN2vN-JZnTZfC12RmLUEtADKPEs35jiYAhQHvA7yy6XAZXDIvOksTiwlwkBdwZLRLEiuBbMqix2p0WltGmtzxvUP8xE8uk3ylawvpG2uOJgxdJBWBGlnqwE6QkVUUwW1cWu4pTSsWeRfeyE-7UsO2x5VMtIehx38SdhASkTlAgAA; stsservicecookie=estsfd; MUID=3FEF292F99CD6FE9028E3C0698816E87; esctx-tqcq03maRtc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeshBZkdRtL4uCiakvoFKUDu3OINUz_20GUUDVINotffSlbTWb7a8G4YNtFArgcCTCPKsCD9L0xmgVGLAHq1Y_wENBJBKaSY6c_QUlSL0ILScFRvwDLrvS27gX9qgXcWroShwQ2ZnyokFi_x8kbcBoYiAA
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /s/07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157.js HTTP/1.1Host: mail.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd; fpc=AruFywdRNsJGosIYeIFG8IA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe-AyN2vN-JZnTZfC12RmLUEtADKPEs35jiYAhQHvA7yy6XAZXDIvOksTiwlwkBdwZLRLEiuBbMqix2p0WltGmtzxvUP8xE8uk3ylawvpG2uOJgxdJBWBGlnqwE6QkVUUwW1cWu4pTSsWeRfeyE-7UsO2x5VMtIehx38SdhASkTlAgAA; stsservicecookie=estsfd; MUID=3FEF292F99CD6FE9028E3C0698816E87; esctx-tqcq03maRtc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeshBZkdRtL4uCiakvoFKUDu3OINUz_20GUUDVINotffSlbTWb7a8G4YNtFArgcCTCPKsCD9L0xmgVGLAHq1Y_wENBJBKaSY6c_QUlSL0ILScFRvwDLrvS27gX9qgXcWroShwQ2ZnyokFi_x8kbcBoYiAA
Source: global traffic HTTP traffic detected: GET /s/07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157/e912187ff14fbe0e087fdd0242e0ac50ec5f2e3b1729e3fe0d8b2bf4a69d8ad8.js HTTP/1.1Host: mail.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd; fpc=AruFywdRNsJGosIYeIFG8IA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe-AyN2vN-JZnTZfC12RmLUEtADKPEs35jiYAhQHvA7yy6XAZXDIvOksTiwlwkBdwZLRLEiuBbMqix2p0WltGmtzxvUP8xE8uk3ylawvpG2uOJgxdJBWBGlnqwE6QkVUUwW1cWu4pTSsWeRfeyE-7UsO2x5VMtIehx38SdhASkTlAgAA; stsservicecookie=estsfd; MUID=3FEF292F99CD6FE9028E3C0698816E87; esctx-tqcq03maRtc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeshBZkdRtL4uCiakvoFKUDu3OINUz_20GUUDVINotffSlbTWb7a8G4YNtFArgcCTCPKsCD9L0xmgVGLAHq1Y_wENBJBKaSY6c_QUlSL0ILScFRvwDLrvS27gX9qgXcWroShwQ2ZnyokFi_x8kbcBoYiAA
Source: global traffic HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP/1.1Host: mail.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd; fpc=AruFywdRNsJGosIYeIFG8IA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe-AyN2vN-JZnTZfC12RmLUEtADKPEs35jiYAhQHvA7yy6XAZXDIvOksTiwlwkBdwZLRLEiuBbMqix2p0WltGmtzxvUP8xE8uk3ylawvpG2uOJgxdJBWBGlnqwE6QkVUUwW1cWu4pTSsWeRfeyE-7UsO2x5VMtIehx38SdhASkTlAgAA; stsservicecookie=estsfd; MUID=3FEF292F99CD6FE9028E3C0698816E87; esctx-tqcq03maRtc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeshBZkdRtL4uCiakvoFKUDu3OINUz_20GUUDVINotffSlbTWb7a8G4YNtFArgcCTCPKsCD9L0xmgVGLAHq1Y_wENBJBKaSY6c_QUlSL0ILScFRvwDLrvS27gX9qgXcWroShwQ2ZnyokFi_x8kbcBoYiAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /s/07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157/e912187ff14fbe0e087fdd0242e0ac50ec5f2e3b1729e3fe0d8b2bf4a69d8ad8.js HTTP/1.1Host: mail.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=3FEF292F99CD6FE9028E3C0698816E87; esctx-tqcq03maRtc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeshBZkdRtL4uCiakvoFKUDu3OINUz_20GUUDVINotffSlbTWb7a8G4YNtFArgcCTCPKsCD9L0xmgVGLAHq1Y_wENBJBKaSY6c_QUlSL0ILScFRvwDLrvS27gX9qgXcWroShwQ2ZnyokFi_x8kbcBoYiAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AVcAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABXAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFerZf0XEYEZYyGvuOyhwJXB0SRCqxULEeublamFNpO0jFXZ9YFjqfZCaUBfBGl91uuei8RAX0IxUQQXCGAW3q6a4UUG7Lx2Kj1Cvos0cPADXEgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeAIdB6zq4vN0DWkBIaJo0qgFemNm-IOQkhwMmnl3AVpjNjIdkgwvGVpLgP48V6TVGSeTlMHBMn5NuqK4HcVUYb-QtDoYuIzsamwnhU0C1nUhK9pDAKsu3LAbS7PHWVR9E_5d-72Y7smPtaCKExlNDWP_1SD4rk6zpjT5kjDEwhcogAA; esctx-6wnTxwCVaTE=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2e65jp_s8IvfYI3DNLBSNfTbickbZmZ3ptWJ39Fra1v9JlbHB41GP3Ivl_YewUg_Ele1pR2J7OgiZm5AtQIrJJVFszzVnQV7LkcSVPhuu4TuPcf_vaaUceEZV6BFa6EDrm8AWEayHYHT7PEXmkWnXCAA; fpc=AruFywdRNsJGosIYeIFG8IC8Ae7AAQAAAKzltd4OAAAA
Source: global traffic HTTP traffic detected: GET /s/07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157.js HTTP/1.1Host: mail.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=3FEF292F99CD6FE9028E3C0698816E87; esctx-tqcq03maRtc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeshBZkdRtL4uCiakvoFKUDu3OINUz_20GUUDVINotffSlbTWb7a8G4YNtFArgcCTCPKsCD9L0xmgVGLAHq1Y_wENBJBKaSY6c_QUlSL0ILScFRvwDLrvS27gX9qgXcWroShwQ2ZnyokFi_x8kbcBoYiAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AVcAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABXAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFerZf0XEYEZYyGvuOyhwJXB0SRCqxULEeublamFNpO0jFXZ9YFjqfZCaUBfBGl91uuei8RAX0IxUQQXCGAW3q6a4UUG7Lx2Kj1Cvos0cPADXEgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeAIdB6zq4vN0DWkBIaJo0qgFemNm-IOQkhwMmnl3AVpjNjIdkgwvGVpLgP48V6TVGSeTlMHBMn5NuqK4HcVUYb-QtDoYuIzsamwnhU0C1nUhK9pDAKsu3LAbS7PHWVR9E_5d-72Y7smPtaCKExlNDWP_1SD4rk6zpjT5kjDEwhcogAA; esctx-6wnTxwCVaTE=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2e65jp_s8IvfYI3DNLBSNfTbickbZmZ3ptWJ39Fra1v9JlbHB41GP3Ivl_YewUg_Ele1pR2J7OgiZm5AtQIrJJVFszzVnQV7LkcSVPhuu4TuPcf_vaaUceEZV6BFa6EDrm8AWEayHYHT7PEXmkWnXCAA; fpc=AruFywdRNsJGosIYeIFG8IC8Ae7AAQAAAKzltd4OAAAA
Source: global traffic HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: ywnjb.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /s/07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157/e912187ff14fbe0e087fdd0242e0ac50ec5f2e3b1729e3fe0d8b2bf4a69d8ad8.js HTTP/1.1Host: mail.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=3FEF292F99CD6FE9028E3C0698816E87; esctx-tqcq03maRtc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeshBZkdRtL4uCiakvoFKUDu3OINUz_20GUUDVINotffSlbTWb7a8G4YNtFArgcCTCPKsCD9L0xmgVGLAHq1Y_wENBJBKaSY6c_QUlSL0ILScFRvwDLrvS27gX9qgXcWroShwQ2ZnyokFi_x8kbcBoYiAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AVcAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABXAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFerZf0XEYEZYyGvuOyhwJXB0SRCqxULEeublamFNpO0jFXZ9YFjqfZCaUBfBGl91uuei8RAX0IxUQQXCGAW3q6a4UUG7Lx2Kj1Cvos0cPADXEgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeAIdB6zq4vN0DWkBIaJo0qgFemNm-IOQkhwMmnl3AVpjNjIdkgwvGVpLgP48V6TVGSeTlMHBMn5NuqK4HcVUYb-QtDoYuIzsamwnhU0C1nUhK9pDAKsu3LAbS7PHWVR9E_5d-72Y7smPtaCKExlNDWP_1SD4rk6zpjT5kjDEwhcogAA; esctx-6wnTxwCVaTE=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2e65jp_s8IvfYI3DNLBSNfTbickbZmZ3ptWJ39Fra1v9JlbHB41GP3Ivl_YewUg_Ele1pR2J7OgiZm5AtQIrJJVFszzVnQV7LkcSVPhuu4TuPcf_vaaUceEZV6BFa6EDrm8AWEayHYHT7PEXmkWnXCAA; fpc=AruFywdRNsJGosIYeIFG8IC8Ae7AAQAAAKzltd4OAAAA
Source: global traffic HTTP traffic detected: GET /s/07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157.js HTTP/1.1Host: mail.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=3FEF292F99CD6FE9028E3C0698816E87; esctx-tqcq03maRtc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeshBZkdRtL4uCiakvoFKUDu3OINUz_20GUUDVINotffSlbTWb7a8G4YNtFArgcCTCPKsCD9L0xmgVGLAHq1Y_wENBJBKaSY6c_QUlSL0ILScFRvwDLrvS27gX9qgXcWroShwQ2ZnyokFi_x8kbcBoYiAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AVcAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABXAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFerZf0XEYEZYyGvuOyhwJXB0SRCqxULEeublamFNpO0jFXZ9YFjqfZCaUBfBGl91uuei8RAX0IxUQQXCGAW3q6a4UUG7Lx2Kj1Cvos0cPADXEgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeAIdB6zq4vN0DWkBIaJo0qgFemNm-IOQkhwMmnl3AVpjNjIdkgwvGVpLgP48V6TVGSeTlMHBMn5NuqK4HcVUYb-QtDoYuIzsamwnhU0C1nUhK9pDAKsu3LAbS7PHWVR9E_5d-72Y7smPtaCKExlNDWP_1SD4rk6zpjT5kjDEwhcogAA; esctx-6wnTxwCVaTE=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2e65jp_s8IvfYI3DNLBSNfTbickbZmZ3ptWJ39Fra1v9JlbHB41GP3Ivl_YewUg_Ele1pR2J7OgiZm5AtQIrJJVFszzVnQV7LkcSVPhuu4TuPcf_vaaUceEZV6BFa6EDrm8AWEayHYHT7PEXmkWnXCAA; fpc=AruFywdRNsJGosIYeIFG8IC8Ae7AAQAAAKzltd4OAAAA
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8X286xg78epWUlZ&MD=DApwh8vU HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8X286xg78epWUlZ&MD=DApwh8vU HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mail.rigotiles.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /common/handlers/watson HTTP/1.1Host: mail.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=3FEF292F99CD6FE9028E3C0698816E87; esctx-tqcq03maRtc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeshBZkdRtL4uCiakvoFKUDu3OINUz_20GUUDVINotffSlbTWb7a8G4YNtFArgcCTCPKsCD9L0xmgVGLAHq1Y_wENBJBKaSY6c_QUlSL0ILScFRvwDLrvS27gX9qgXcWroShwQ2ZnyokFi_x8kbcBoYiAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AVcAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABXAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFerZf0XEYEZYyGvuOyhwJXB0SRCqxULEeublamFNpO0jFXZ9YFjqfZCaUBfBGl91uuei8RAX0IxUQQXCGAW3q6a4UUG7Lx2Kj1Cvos0cPADXEgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeAIdB6zq4vN0DWkBIaJo0qgFemNm-IOQkhwMmnl3AVpjNjIdkgwvGVpLgP48V6TVGSeTlMHBMn5NuqK4HcVUYb-QtDoYuIzsamwnhU0C1nUhK9pDAKsu3LAbS7PHWVR9E_5d-72Y7smPtaCKExlNDWP_1SD4rk6zpjT5kjDEwhcogAA; esctx-6wnTxwCVaTE=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2e65jp_s8IvfYI3DNLBSNfTbickbZmZ3ptWJ39Fra1v9JlbHB41GP3Ivl_YewUg_Ele1pR2J7OgiZm5AtQIrJJVFszzVnQV7LkcSVPhuu4TuPcf_vaaUceEZV6BFa6EDrm8AWEayHYHT7PEXmkWnXCAA; fpc=AruFywdRNsJGosIYeIFG8IC8Ae7AAQAAAKzltd4OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /common/handlers/watson HTTP/1.1Host: mail.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=3FEF292F99CD6FE9028E3C0698816E87; esctx-tqcq03maRtc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeshBZkdRtL4uCiakvoFKUDu3OINUz_20GUUDVINotffSlbTWb7a8G4YNtFArgcCTCPKsCD9L0xmgVGLAHq1Y_wENBJBKaSY6c_QUlSL0ILScFRvwDLrvS27gX9qgXcWroShwQ2ZnyokFi_x8kbcBoYiAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AVcAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABXAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFerZf0XEYEZYyGvuOyhwJXB0SRCqxULEeublamFNpO0jFXZ9YFjqfZCaUBfBGl91uuei8RAX0IxUQQXCGAW3q6a4UUG7Lx2Kj1Cvos0cPADXEgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeAIdB6zq4vN0DWkBIaJo0qgFemNm-IOQkhwMmnl3AVpjNjIdkgwvGVpLgP48V6TVGSeTlMHBMn5NuqK4HcVUYb-QtDoYuIzsamwnhU0C1nUhK9pDAKsu3LAbS7PHWVR9E_5d-72Y7smPtaCKExlNDWP_1SD4rk6zpjT5kjDEwhcogAA; esctx-6wnTxwCVaTE=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2e65jp_s8IvfYI3DNLBSNfTbickbZmZ3ptWJ39Fra1v9JlbHB41GP3Ivl_YewUg_Ele1pR2J7OgiZm5AtQIrJJVFszzVnQV7LkcSVPhuu4TuPcf_vaaUceEZV6BFa6EDrm8AWEayHYHT7PEXmkWnXCAA; fpc=AruFywdRNsJGosIYeIFG8IC8Ae7AAQAAAKzltd4OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: ywnjb.rigotiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://mail.rigotiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87; uaid=a2301630ceca4905bdbb1f6e71f3d515; MSPRequ=id=N&lt=1730408110&co=1
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic HTTP traffic detected: GET /common/handlers/watson HTTP/1.1Host: mail.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=3FEF292F99CD6FE9028E3C0698816E87; esctx-tqcq03maRtc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeshBZkdRtL4uCiakvoFKUDu3OINUz_20GUUDVINotffSlbTWb7a8G4YNtFArgcCTCPKsCD9L0xmgVGLAHq1Y_wENBJBKaSY6c_QUlSL0ILScFRvwDLrvS27gX9qgXcWroShwQ2ZnyokFi_x8kbcBoYiAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AVcAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABXAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFerZf0XEYEZYyGvuOyhwJXB0SRCqxULEeublamFNpO0jFXZ9YFjqfZCaUBfBGl91uuei8RAX0IxUQQXCGAW3q6a4UUG7Lx2Kj1Cvos0cPADXEgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeAIdB6zq4vN0DWkBIaJo0qgFemNm-IOQkhwMmnl3AVpjNjIdkgwvGVpLgP48V6TVGSeTlMHBMn5NuqK4HcVUYb-QtDoYuIzsamwnhU0C1nUhK9pDAKsu3LAbS7PHWVR9E_5d-72Y7smPtaCKExlNDWP_1SD4rk6zpjT5kjDEwhcogAA; esctx-6wnTxwCVaTE=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2e65jp_s8IvfYI3DNLBSNfTbickbZmZ3ptWJ39Fra1v9JlbHB41GP3Ivl_YewUg_Ele1pR2J7OgiZm5AtQIrJJVFszzVnQV7LkcSVPhuu4TuPcf_vaaUceEZV6BFa6EDrm8AWEayHYHT7PEXmkWnXCAA; fpc=AruFywdRNsJGosIYeIFG8IC8Ae7AAQAAAKzltd4OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: vn3hg.rigotiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0874-e292=07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157; MUID=3FEF292F99CD6FE9028E3C0698816E87
Source: global traffic DNS traffic detected: DNS query: www.phsinc.com
Source: global traffic DNS traffic detected: DNS query: mail.rigotiles.com
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: js.hcaptcha.com
Source: global traffic DNS traffic detected: DNS query: i.ibb.co
Source: global traffic DNS traffic detected: DNS query: newassets.hcaptcha.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: api2.hcaptcha.com
Source: global traffic DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic DNS traffic detected: DNS query: react.rigotiles.com
Source: global traffic DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: vn3hg.rigotiles.com
Source: global traffic DNS traffic detected: DNS query: ywnjb.rigotiles.com
Source: global traffic DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: unknown HTTP traffic detected: POST /checksiteconfig?v=05c78a4&host=mail.rigotiles.com&sitekey=234adb2f-52ba-4697-82fa-abecbb14b173&sc=1&swa=1&spst=1 HTTP/1.1Host: api2.hcaptcha.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: text/plainsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://newassets.hcaptcha.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newassets.hcaptcha.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 20:54:54 GMTTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Credentials: trueCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: strict-origin-when-cross-originReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst"}]}X-Ms-Ests-Server: 2.1.19343.4 - EUS ProdSlicesX-Ms-Request-Id: 8e628d10-e034-41ce-96cc-d2a12f4a0e00X-Ms-Srs: 1.PCF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8db68afc9c9a44f5-ATLalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=17807&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1262&delivery_rate=162824&cwnd=32&unsent_bytes=0&cid=ef535cba73782a42&ts=530&x=0"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 20:54:55 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: PUdqZSXA2YlAOZEKCTIW6TRcp0rIvLZGwN8=$kpknp+nSzdDSstooServer: cloudflareCF-RAY: 8db68b077e514767-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 20:54:59 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: d6mYmN4/gUlx0gslQgPOrPJ80xy3ZgLWyk0=$/we/Lbp5KZkmXXWYServer: cloudflareCF-RAY: 8db68b1dadb48789-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 20:55:02 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: TwJetu7gWe4F3IwYdyG0JvdhITuzuDPWpyU=$5YzHaorwKd7i3oIdServer: cloudflareCF-RAY: 8db68b323c4fe93a-DFWalt-svc: h3=":443"; ma=86400
Source: chromecache_89.1.dr, chromecache_125.1.dr String found in binary or memory: http://feross.org
Source: chromecache_92.1.dr, chromecache_100.1.dr String found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: chromecache_105.1.dr, chromecache_107.1.dr, chromecache_97.1.dr, chromecache_123.1.dr String found in binary or memory: http://knockoutjs.com/
Source: chromecache_105.1.dr, chromecache_107.1.dr, chromecache_97.1.dr, chromecache_123.1.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_105.1.dr, chromecache_118.1.dr, chromecache_89.1.dr, chromecache_122.1.dr, chromecache_107.1.dr, chromecache_125.1.dr, chromecache_97.1.dr, chromecache_108.1.dr, chromecache_123.1.dr, chromecache_91.1.dr String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_120.1.dr, chromecache_124.1.dr, chromecache_90.1.dr String found in binary or memory: https://hcaptcha.com/license
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51029
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51027
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51028
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51026
Source: unknown Network traffic detected: HTTP traffic on port 51044 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51030
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51031
Source: unknown Network traffic detected: HTTP traffic on port 53712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 51038 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 51032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 53706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51034
Source: unknown Network traffic detected: HTTP traffic on port 51026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51035
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51032
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51033
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51038
Source: unknown Network traffic detected: HTTP traffic on port 51061 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51039
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51036
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51037
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51041
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51042
Source: unknown Network traffic detected: HTTP traffic on port 53717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51040
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 51050 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 51056 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51045
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51046
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51043
Source: unknown Network traffic detected: HTTP traffic on port 53701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51044
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51049
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51047
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51048
Source: unknown Network traffic detected: HTTP traffic on port 53718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51052
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51053
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51050
Source: unknown Network traffic detected: HTTP traffic on port 53724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51051
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 53729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51056
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51057
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51054
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51055
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51058
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51059
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51060
Source: unknown Network traffic detected: HTTP traffic on port 51045 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51063
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51064
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51061
Source: unknown Network traffic detected: HTTP traffic on port 51039 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 51031 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown Network traffic detected: HTTP traffic on port 51060 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51048 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51037 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51054 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51033 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51027 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51043 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51055 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 53708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51049 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51066 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53726
Source: unknown Network traffic detected: HTTP traffic on port 51058 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53725
Source: unknown Network traffic detected: HTTP traffic on port 51035 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53724
Source: unknown Network traffic detected: HTTP traffic on port 53703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53728
Source: unknown Network traffic detected: HTTP traffic on port 53732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51064 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51029 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53721
Source: unknown Network traffic detected: HTTP traffic on port 51041 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53720
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53730
Source: unknown Network traffic detected: HTTP traffic on port 53737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53732
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53731
Source: unknown Network traffic detected: HTTP traffic on port 51047 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53740
Source: unknown Network traffic detected: HTTP traffic on port 53738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51053 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51036 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51034 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51059 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51042 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51066
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51069
Source: unknown Network traffic detected: HTTP traffic on port 53722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51051 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51057 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51040 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53702
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53709
Source: unknown Network traffic detected: HTTP traffic on port 53734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53708
Source: unknown Network traffic detected: HTTP traffic on port 53728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53701
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53700
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51046 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51069 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51030 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53714
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53717
Source: unknown Network traffic detected: HTTP traffic on port 53700 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51063 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53710
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51052 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53711 -> 443
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.16:51028 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:51032 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:51035 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:51038 version: TLS 1.2
Source: classification engine Classification label: mal88.phis.win@21/70@50/16
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1952,i,4673534725158447727,11309025112400644165,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.phsinc.com/?bwfan-track-action=click&bwfan-track-id=0ecdd1bdf2276cad3fa2d27ffa918e84&bwfan-uid=e2dffed46dd69d19d18bc527d6255bd5&bwfan-link=%68%74%74%70%73%3A%2F%2F%6D%61%69%6C%2E%72%69%67%6F%74%69%6C%65%73%2E%63%6F%6D%2F%6A%50%73%51%57%55%63%42"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1952,i,4673534725158447727,11309025112400644165,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1546429 URL: https://www.phsinc.com/?bwf... Startdate: 31/10/2024 Architecture: WINDOWS Score: 88 15 mail.rigotiles.com 2->15 17 identity.nel.measure.office.net 2->17 19 8 other IPs or domains 2->19 31 Antivirus / Scanner detection for submitted sample 2->31 33 AI detected phishing page 2->33 35 Yara detected HtmlPhish54 2->35 37 5 other signatures 2->37 7 chrome.exe 9 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 21 192.168.2.16, 138, 443, 49338 unknown unknown 7->21 23 239.255.255.250 unknown Reserved 7->23 12 chrome.exe 7->12         started        process6 dnsIp7 25 mail.rigotiles.com 188.114.97.3, 443, 49712, 49739 CLOUDFLARENETUS European Union 12->25 27 www.phsinc.com 12->27 29 21 other IPs or domains 12->29
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
216.58.212.164
 unknown United States
15169 GOOGLEUS false
13.107.246.67
 s-part-0039.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
104.18.94.41
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false
3.132.253.175
 phsinc.com United States
16509 AMAZON-02US false
104.19.230.21
 js.hcaptcha.com United States
13335 CLOUDFLARENETUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
169.197.85.95
 unknown United States
26548 PUREVOLTAGE-INCUS false
104.18.95.41
 unknown United States
13335 CLOUDFLARENETUS false
162.19.58.157
 i.ibb.co United States
209 CENTURYLINK-US-LEGACY-QWESTUS false
216.58.206.68
 www.google.com United States
15169 GOOGLEUS false
104.19.229.21
 unknown United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
188.114.97.3
 mail.rigotiles.com European Union
13335 CLOUDFLARENETUS true
188.114.96.3
 react.rigotiles.com European Union
13335 CLOUDFLARENETUS false
152.199.21.175
 sni1gl.wpc.omegacdn.net United States
15133 EDGECASTUS false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
a.nel.cloudflare.com 35.190.80.1 true
react.rigotiles.com 188.114.96.3 true
s-part-0039.t-0009.t-msedge.net 13.107.246.67 true
mail.rigotiles.com 188.114.97.3 true
vn3hg.rigotiles.com 188.114.96.3 true
i.ibb.co 162.19.58.157 true
phsinc.com 3.132.253.175 true
js.hcaptcha.com 104.19.230.21 true
challenges.cloudflare.com 104.18.94.41 true
sni1gl.wpc.omegacdn.net 152.199.21.175 true
www.google.com 216.58.206.68 true
ywnjb.rigotiles.com 188.114.96.3 true
api2.hcaptcha.com 104.19.230.21 true
newassets.hcaptcha.com 104.19.230.21 true
www.phsinc.com unknown unknown
aadcdn.msftauth.net unknown unknown
identity.nel.measure.office.net unknown unknown
206.23.85.13.in-addr.arpa unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://newassets.hcaptcha.com/captcha/v1/05c78a4/static/hcaptcha.html false
    		unknown
    https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js false
      		unknown
      https://a.nel.cloudflare.com/report/v4?s=ctuXg0CF%2FmAcRHMKXW664gMZvvIPm5eQQ5smhIGrVczEx2QIzScsyeEM4XNiU12AjL0Ag42dHxzewCZurKVysJlYEq0FxJa159Sxh48%2BC0v7eor7oo0SGEtlLDbxdQUclbv791sN false
        		unknown
        https://mail.rigotiles.com/ false
          		unknown
          https://vn3hg.rigotiles.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js false
            		unknown
            https://vn3hg.rigotiles.com/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js false
              		unknown
              https://mail.rigotiles.com/common/handlers/watson false
                		unknown
                https://vn3hg.rigotiles.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico false
                  		unknown
                  https://vn3hg.rigotiles.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg false
                    		unknown
                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qh7j5/0x4AAAAAAAyr4qst3s0poVsP/auto/fbE/normal/auto/ false
                      		unknown
                      https://react.rigotiles.com/login false
                        		unknown
                        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1 false
                          		unknown
                          https://i.ibb.co/SJ5tdZc/download.png[/img false
                            		unknown
                            https://js.hcaptcha.com/1/api.js false
                              		unknown
                              https://vn3hg.rigotiles.com/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js false
                                		unknown
                                https://www.phsinc.com/?bwfan-track-action=click&bwfan-track-id=0ecdd1bdf2276cad3fa2d27ffa918e84&bwfan-uid=e2dffed46dd69d19d18bc527d6255bd5&bwfan-link=%68%74%74%70%73%3A%2F%2F%6D%61%69%6C%2E%72%69%67%6F%74%69%6C%65%73%2E%63%6F%6D%2F%6A%50%73%51%57%55%63%42 true
                                  		unknown
                                  https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js false
                                    		unknown
                                    https://vn3hg.rigotiles.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif false
                                      		unknown
                                      https://mail.rigotiles.com/s/07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157/e912187ff14fbe0e087fdd0242e0ac50ec5f2e3b1729e3fe0d8b2bf4a69d8ad8.js false
                                        		unknown
                                        https://newassets.hcaptcha.com/c/0d69d1a359119bd0e2c5ca7f11f300ac050517fd19b612f86c0c75a2b0b39cbe/hsw.js false
                                          		unknown
                                          https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js false
                                            		unknown
                                            https://vn3hg.rigotiles.com/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css false
                                              		unknown
                                              https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js false
                                                		unknown
                                                https://challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/api.js false
                                                  		unknown
                                                  https://mail.rigotiles.com/jPsQWUcB true
                                                    		unknown
                                                    https://i.ibb.co/SJ5tdZc/download.png false
                                                      		unknown
                                                      https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js false
                                                        		unknown
                                                        https://mail.rigotiles.com/s/07f1e878a6a4099a22d191aa8620db246a4d51250183c5b6fa76fa586131f157.js false
                                                          		unknown
                                                          https://mail.rigotiles.com/jPsQWUcB?y=IUmJJik true
                                                            		unknown
                                                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8db68aefa9dee71a/1730408094291/1DUK2cFFx0Ov71K false
                                                              		unknown
                                                              https://ywnjb.rigotiles.com/Me.htm?v=3 false
                                                                		unknown
                                                                https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback false
                                                                  		unknown
                                                                  https://vn3hg.rigotiles.com/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js false
                                                                    		unknown
                                                                    https://vn3hg.rigotiles.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js false
                                                                      		unknown
                                                                      https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true true
                                                                        		unknown
                                                                        https://vn3hg.rigotiles.com/shared/1.0/content/js/ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js false
                                                                          		unknown
                                                                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8db68aefa9dee71a&lang=auto false
                                                                            		unknown
                                                                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1827530087:1730405642:ltd0wnhF-wNUZPhVAbzH59KppvuK_FKCeFGLBlDqCYQ/8db68aefa9dee71a/7cykXcorcTo1NInY40PyAW.pmxtDKZjwQymE_8quY0M-1730408092-1.1.1.1-Ke.D64bIfKYJPApeFdyVZtu8wbDtjaUMDXBNn45ZRomcSu7xIPnksyDPYrWEyyBv false
                                                                              		unknown
                                                                              https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css false
                                                                                		unknown
                                                                                https://vn3hg.rigotiles.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js false
                                                                                  		unknown
                                                                                  https://mail.rigotiles.com/favicon.ico false
                                                                                    		unknown
                                                                                    https://api2.hcaptcha.com/checksiteconfig?v=05c78a4&host=mail.rigotiles.com&sitekey=234adb2f-52ba-4697-82fa-abecbb14b173&sc=1&swa=1&spst=1 false
                                                                                      		unknown
                                                                                      https://vn3hg.rigotiles.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif false
                                                                                        		unknown
                                                                                        https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js false
                                                                                          		unknown
                                                                                          https://vn3hg.rigotiles.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg false
                                                                                            		unknown
                                                                                            https://mail.rigotiles.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638660049050246663.ODc3ZjU4ZjQtODc2Zi00ODIzLWE0ZWYtZTkwNDU1YWI0OTFiM2NlOWFhNzEtMjU2Ny00ZjYwLTgzNzEtODIzYmIwYzA4ODM0&ui_locales=en-US&mkt=en-US&client-request-id=38bb8568-fea6-41ed-ae3e-ed6af3504c2b&state=x4Aec5a0t6Chw2Cmg3oyOPc-mwB2u0ch0KBYfu6mFO5Ma9nmM_3GwZPFX412dON63puN8EmddEU_qbWoXhATmOc0tMJNkQgq5JBQxfDDFQOnDaAULmUWlGDanz3aCy4nYqKb7pQIfefqVH19cqYbRn5LhF6TdIjTRmTo2w8AteES04W1enQACj8zsPIvZTVP2q0Ivk-tgunlyCULGc3oUQHLKsH_aN5xgAMMDXqLt9ycip-0aqZMys4sowroO7trqWt3x56-Y1VnFgP7VP530Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 true
                                                                                              		unknown
                                                                                              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8db68aefa9dee71a/1730408094294/bfc9350757dc2b54cda47f1ce8f7cb0fee63827b7d6473a6f9e3352166586cbd/I6Sy_RrFs8HulFz false
                                                                                                		unknown