Windows Analysis Report
https://hillsclerk.securityeducation.com/

Overview

General Information

Sample URL:	https://hillsclerk.securityeducation.com/
Analysis ID:	1417030
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body contains low number of good links

HTML title does not match URL

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

HTML body contains low number of good links

Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio...	HTTP Parser: Number of links: 0
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio...

HTTP Parser: Title: Redirecting does not match URL

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio...	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49785 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49729 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49785 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/ie10-4d8fefae653b9ade02759391caba3c56.js HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform-ember/vendor-a951d76bce4e0eb0f86ae64748ba6fda.css HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform-ember/platform-ember-cc9f435ba7b105175f5d2dfbfb14d579.css HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform-ember/vendor-02d26fd8e43c2236915f27156ef6f4a3.js HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform-ember/chunk.131.abd4932d5d56930bc068.js HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform-ember/chunk.143.6d853b71ed5687725e31.js HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform-ember/platform-ember-a841ee5014fc18a82dc1fc9e41b64f7c.js HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /localizejs/localize.js HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wombat-style-guide/fonts/wombaticons.woff2?00965ec43b6dcef594e13da207312244 HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hillsclerk.securityeducation.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hillsclerk.securityeducation.com/platform-ember/platform-ember-cc9f435ba7b105175f5d2dfbfb14d579.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wombat-style-guide/fonts/roboto-latin-400italic.woff2 HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hillsclerk.securityeducation.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hillsclerk.securityeducation.com/platform-ember/platform-ember-cc9f435ba7b105175f5d2dfbfb14d579.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/companymanagement/api/companyLoginProfile/hillsclerk HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/vnd.api+jsonX-Requested-With: XMLHttpRequesttraceparent: 00-9df5594fc660ffa3c976f45e637aa009-73888404e5b568c7-01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /manifest.json HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/auth/jsonapi/authDetails/hillsclerk HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/vnd.api+jsonX-Requested-With: XMLHttpRequesttraceparent: 00-fca9b9409dd6638ac28d6fcaf7c06c4b-bb42b33b47890f9a-01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /images/android-chrome-144x144.png HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /api/companymanagement/api/companyLoginProfile/hillsclerk HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/tu?v=474 HTTP/1.1Host: global.localizecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://hillsclerk.securityeducation.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/tl.gif?l=en&c=6828485 HTTP/1.1Host: global.localizecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/g?v=0&l=en HTTP/1.1Host: global.localizecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://hillsclerk.securityeducation.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /api/auth/saml/login?targetUrl=https://hillsclerk.securityeducation.com/ HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wombat-style-guide/images/logo.png HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hillsclerk.securityeducation.com/sso-authAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/g?v=8209&l=en HTTP/1.1Host: global.localizecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://hillsclerk.securityeducation.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wombat-style-guide/fonts/roboto-latin-400.woff2 HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hillsclerk.securityeducation.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hillsclerk.securityeducation.com/platform-ember/platform-ember-cc9f435ba7b105175f5d2dfbfb14d579.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /wombat-style-guide/fonts/roboto-latin-500.woff2 HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hillsclerk.securityeducation.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hillsclerk.securityeducation.com/platform-ember/platform-ember-cc9f435ba7b105175f5d2dfbfb14d579.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /api/auth/jsonapi/authDetails/hillsclerk HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /images/android-chrome-144x144.png HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /wombat-style-guide/images/logo.png HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/tu?v=474 HTTP/1.1Host: global.localizecdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/tl.gif?l=en&c=6828485 HTTP/1.1Host: global.localizecdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/g?v=0&l=en HTTP/1.1Host: global.localizecdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/g?v=8209&l=en HTTP/1.1Host: global.localizecdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_HC7t4HZ_o96i0-T341lIwg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_QMJbZSc_Phofl-lfd63BLw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_pevuvrbnnz-5coi_b4jtbw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f8c5973a-b6e5-4635-99d8-335ed112cd2f/winauth/ssoprobe?client-request-id=cc54fe41-ad30-4fb9-98bf-40b0918028c3&_=1711632820509 HTTP/1.1Host: autologon.microsoftazuread-sso.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_3c78f555810791db83a9.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/reset-password-signinname_en_8qvvLKBP0Aes1nPeyZ0lbw2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_c53074e74ebeb8e140d6_en.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: hillsclerk.securityeducation.com

Source: unknown

HTTP traffic detected: POST /v1/rum?auth=WNIydzf5FMPgsMK0kZosBA HTTP/1.1Host: rum-ingest.us2.signalfx.comConnection: keep-aliveContent-Length: 33394sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://hillsclerk.securityeducation.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_97.2.dr	String found in binary or memory: http://dev.apollodata.com/core/fragments.html#unique-names
Source: chromecache_98.2.dr	String found in binary or memory: http://ember-concurrency.com/docs/task-cancelation-help
Source: chromecache_98.2.dr	String found in binary or memory: http://git.io/EKPpnA
Source: chromecache_98.2.dr	String found in binary or memory: http://git.io/yBU2rg
Source: chromecache_98.2.dr	String found in binary or memory: http://help.pendo.io/resources/support-library/installation/metadata.html
Source: chromecache_98.2.dr, chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/add-inverted-param/
Source: chromecache_98.2.dr, chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/define-locale/
Source: chromecache_98.2.dr, chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/dst-shifted/
Source: chromecache_98.2.dr, chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/js-date/
Source: chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/min-max/
Source: chromecache_98.2.dr, chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/zone/
Source: chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/timezone/docs/#/data-loading/.
Source: chromecache_98.2.dr	String found in binary or memory: http://testserver.example/v1/graph
Source: chromecache_97.2.dr	String found in binary or memory: http://www.ecma-international.org/ecma-262/5.1/#sec-C
Source: chromecache_98.2.dr	String found in binary or memory: https://api.feedback.us.pendo.io
Source: chromecache_98.2.dr	String found in binary or memory: https://app.pendo.io
Source: chromecache_97.2.dr	String found in binary or memory: https://code.highcharts.com/9.2.2/lib/
Source: chromecache_99.2.dr	String found in binary or memory: https://community.securityeducation.com/s/article/Interactive-Training-Section-508-WCAG-Compliant-Tr
Source: chromecache_99.2.dr	String found in binary or memory: https://community.securityeducation.com/s/article/SCORM-Export-to-SCORM
Source: chromecache_98.2.dr	String found in binary or memory: https://deprecations.emberjs.com/v1.x/#toc_binding-style-attributes.
Source: chromecache_97.2.dr	String found in binary or memory: https://export.highcharts.com/
Source: chromecache_99.2.dr	String found in binary or memory: https://featbot.io
Source: chromecache_98.2.dr	String found in binary or memory: https://feedback.us.pendo.io
Source: chromecache_97.2.dr	String found in binary or memory: https://github.com/apollographql/invariant-packages)
Source: chromecache_98.2.dr	String found in binary or memory: https://github.com/emn178/js-sha1
Source: chromecache_97.2.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: chromecache_98.2.dr	String found in binary or memory: https://github.com/taylorhakes/promise-polyfill
Source: chromecache_97.2.dr	String found in binary or memory: https://github.com/theKashey/focus-lock/#focus-fighting
Source: chromecache_97.2.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: chromecache_98.2.dr	String found in binary or memory: https://github.com/wombatsecurity/wombat-style-guide/blob/master/
Source: chromecache_98.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_98.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_98.2.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_98.2.dr	String found in binary or memory: https://local.pendo.io:8080
Source: chromecache_87.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_87.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_97.2.dr	String found in binary or memory: https://momentjs.com/timezone/docs/#/use-it/browser/
Source: chromecache_97.2.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: chromecache_98.2.dr	String found in binary or memory: https://pendo-io-static.storage.googleapis.com/agent/static/df0188cb-fe67-4565-4bef-3746994b4333/pen
Source: chromecache_98.2.dr	String found in binary or memory: https://pendo-static-5736325425922048.storage.googleapis.com
Source: chromecache_98.2.dr	String found in binary or memory: https://portal.feedback.eu.pendo.io/app/#/pendo/auth?inIframe=true
Source: chromecache_98.2.dr	String found in binary or memory: https://raw.github.com/emberjs/ember.js/master/LICENSE
Source: chromecache_97.2.dr	String found in binary or memory: https://rum-ingest.$
Source: chromecache_98.2.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_97.2.dr	String found in binary or memory: https://www.highcharts.com?credits
Source: chromecache_98.2.dr	String found in binary or memory: https://www.pendo.io/pendo-free/nps?utm_source=pendo_app&utm_medium=branded-nps&utm_campaign=free-br
Source: chromecache_98.2.dr	String found in binary or memory: https://www.proofpoint.com/us/products/security-awareness-reporting

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49729 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@18/107@28/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2012,i,694522603986261116,3156022079628551790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hillsclerk.securityeducation.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2012,i,694522603986261116,3156022079628551790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.213.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.126.62.129	autologon.microsoftazuread-sso.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.253.62.104	www.google.com	United States	15169	GOOGLEUS	false
104.18.4.175	global.localizecdn.com	United States	13335	CLOUDFLARENETUS	false
104.18.5.175	unknown	United States	13335	CLOUDFLARENETUS	false
192.229.211.199	cs1227.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
18.211.106.230	hillsclerk.securityeducation.com	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.199.162.154	ingest.us2.signalfx.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6

Contacted Domains

Name	IP	Active
hillsclerk.securityeducation.com	18.211.106.230	true
cs1100.wpc.omegacdn.net	152.199.4.44	true
global.localizecdn.com	104.18.4.175	true
ingest.us2.signalfx.com	35.199.162.154	true
www.google.com	172.253.62.104	true
cs1227.wpc.alphacdn.net	192.229.211.199	true
part-0012.t-0009.t-msedge.net	13.107.246.40	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
autologon.microsoftazuread-sso.com	40.126.62.129	true
windowsupdatebg.s.llnwi.net	69.164.0.0	true
identity.nel.measure.office.net	unknown	unknown
rum-ingest.us2.signalfx.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
logincdn.msftauth.net	unknown	unknown
login.microsoftonline.com	unknown	unknown
account.live.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://hillsclerk.securityeducation.com/api/companymanagement/api/companyLoginProfile/hillsclerk	false		high
https://hillsclerk.securityeducation.com/favicon-32x32.png	false		high
https://global.localizecdn.com/api/lib/xG6eDWKawYmvs/g?v=0&l=en	false	Avira URL Cloud: safe	unknown
https://hillsclerk.securityeducation.com/wombat-style-guide/fonts/roboto-latin-400.woff2	false		high
https://hillsclerk.securityeducation.com/platform-ember/vendor-a951d76bce4e0eb0f86ae64748ba6fda.css	false		high
https://hillsclerk.securityeducation.com/api/auth/saml/login?targetUrl=https://hillsclerk.securityeducation.com/	false		high
https://hillsclerk.securityeducation.com/wombat-style-guide/fonts/roboto-latin-400italic.woff2	false		high
https://hillsclerk.securityeducation.com/wombat-style-guide/images/logo.png	false		high
https://hillsclerk.securityeducation.com/localizejs/localize.js	false		high
https://hillsclerk.securityeducation.com/wombat-style-guide/fonts/wombaticons.woff2?00965ec43b6dcef594e13da207312244	false		high
https://hillsclerk.securityeducation.com/platform-ember/platform-ember-a841ee5014fc18a82dc1fc9e41b64f7c.js	false		high
https://hillsclerk.securityeducation.com/platform-ember/platform-ember-cc9f435ba7b105175f5d2dfbfb14d579.css	false		high
https://hillsclerk.securityeducation.com/platform-ember/chunk.131.abd4932d5d56930bc068.js	false		high
https://global.localizecdn.com/api/lib/xG6eDWKawYmvs/g?v=8209&l=en	false	Avira URL Cloud: safe	unknown
https://hillsclerk.securityeducation.com/images/android-chrome-144x144.png	false		high
https://hillsclerk.securityeducation.com/platform-ember/chunk.143.6d853b71ed5687725e31.js	false		high
https://hillsclerk.securityeducation.com/wombat-style-guide/fonts/roboto-latin-500.woff2	false		high
https://hillsclerk.securityeducation.com/manifest.json	false		high
https://hillsclerk.securityeducation.com/api/auth/jsonapi/authDetails/hillsclerk	false		high
https://global.localizecdn.com/api/lib/xG6eDWKawYmvs/tl.gif?l=en&c=6828485	false	Avira URL Cloud: safe	unknown
https://global.localizecdn.com/api/lib/xG6eDWKawYmvs/tu?v=474	false	Avira URL Cloud: safe	unknown
https://hillsclerk.securityeducation.com/	false		high
https://hillsclerk.securityeducation.com/platform-ember/vendor-02d26fd8e43c2236915f27156ef6f4a3.js	false		high
https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	false		high
https://autologon.microsoftazuread-sso.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/winauth/ssoprobe?client-request-id=cc54fe41-ad30-4fb9-98bf-40b0918028c3&_=1711632820509	false	Avira URL Cloud: safe	unknown
https://rum-ingest.us2.signalfx.com/v1/rum?auth=WNIydzf5FMPgsMK0kZosBA	false		high
https://hillsclerk.securityeducation.com/favicon.ico	false		high
https://hillsclerk.securityeducation.com/js/ie10-4d8fefae653b9ade02759391caba3c56.js	false		high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15708	98421BE6893CF3AA929C5F6C4A0C5C67	2BB411BB6B6C31AE02B81F199C90219717F718AF	019D26044CCF18F979DFBB8677828FA36BF5CBFC529CECD942644CFE86D90D04
Chrome Cache Entry: 101	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 4730	6B0D2BCDD2E39B2CB0BDAB6597E44505	C7199742BB5F63AEC0FD2DE7003A8B1C795D78A1	9BCEC3FDDE9BED6ABFDA1A875B596571E3DEFD078E2050DC1B2D85F4483CCAE0
Chrome Cache Entry: 102	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 103	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 104	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378	6F68E9881DF18F8E251AB57D5786239B	C0F7A01A288752833390FC330995F25488BCE8EC	B33E30351B2F4EF67D53D2C6DBE189A4D572425037E4F1264A0190DC4A820845
Chrome Cache Entry: 105	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 106	ASCII text, with very long lines (12877), with no line terminators	A951D76BCE4E0EB0F86AE64748BA6FDA	57991CBA11163C6FADE50148FEABEA124E53C848	E49335FCA147011A9057787F00204CA092FAEDA280B09452350BF225EECD82DA
Chrome Cache Entry: 107	ASCII text, with very long lines (5559)	713D6715A1F01D70776F9FE10CA8E9E9	545E49DF1F97EA15D6BD08E7B23B60704A831C94	18B9E91884D30CFBE839F621D287F36E7E07C09BB4415ACD7DF95DF861EF0877
Chrome Cache Entry: 108	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 443045	714941E90C4A236DB6918F602672C07D	9B1D57F7998F6C9FB2DA297AB5EEF3E6D85653E8	9DE5D02807E988FC7270F2F2F06803A8D896CB7C224DFF1AE851C51E5D794500
Chrome Cache Entry: 109	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378	6F68E9881DF18F8E251AB57D5786239B	C0F7A01A288752833390FC330995F25488BCE8EC	B33E30351B2F4EF67D53D2C6DBE189A4D572425037E4F1264A0190DC4A820845
Chrome Cache Entry: 110	JSON data	B0D9409BBD26B8B65C567898D5446B95	3AAB7C63B7B0DEE51A97A2725A4F635DD7F44A22	55DA314AAA8E458CF9AC380DCAD0415C4A41BBFE8E2362D90F0EF8469133B927
Chrome Cache Entry: 111	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 112	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379	847A4212B99B9076EE39328B24CD30AF	73F15078CF1D396485F644A79B6E25EF0637685D	29DC0C26C372805325EB7EB926769E832A60B47BEF96A66436EC3EC05CD6128E
Chrome Cache Entry: 113	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 114	HTML document, ASCII text, with very long lines (2972)	6B9E2A5AE6EC6FB2100430DA2C329E4C	AC66FCD917EE8ED8D73662119BD04CACD905C612	5D1CBB16D3E0660037D1BB10DE2D07CD55AE94E3380BFCECE6AED5B9F1D1B2EC
Chrome Cache Entry: 115	PNG image data, 200 x 71, 8-bit/color RGBA, non-interlaced	F667124959DF088360A541A25AE7DDA8	B2DED73659F4CD8989780E17CADCF3E32CCDE048	B5368A5A9AAC3F3E04C47D93805D6A3962F38108FA26A391C9BB2BCBBEC531A0
Chrome Cache Entry: 116	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 117	Web Open Font Format (Version 2), TrueType, length 9852, version 1.0	89FE561B03A7E0CA54755CE4E3965636	4BBCAF90DB587FFDB12F8EA4F4980D2346439A8D	344FFBE54608225F8CB560A16C806D08BFA62FD77219303B7CAEB2AF7984CAE1
Chrome Cache Entry: 118	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 119	HTML document, ASCII text, with very long lines (2972)	6B9E2A5AE6EC6FB2100430DA2C329E4C	AC66FCD917EE8ED8D73662119BD04CACD905C612	5D1CBB16D3E0660037D1BB10DE2D07CD55AE94E3380BFCECE6AED5B9F1D1B2EC
Chrome Cache Entry: 120	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 223759	799F880143F17E47C4EFDBB3FF35A54C	8CECC74EB422322F78EDE1111F175A28725CCA9F	EA70CC2977F4DEB5236041A7A0628FA671FB8AD20A5E9E3FD6885A11359EF2FE
Chrome Cache Entry: 121	HTML document, ASCII text, with very long lines (2972)	6B9E2A5AE6EC6FB2100430DA2C329E4C	AC66FCD917EE8ED8D73662119BD04CACD905C612	5D1CBB16D3E0660037D1BB10DE2D07CD55AE94E3380BFCECE6AED5B9F1D1B2EC
Chrome Cache Entry: 122	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 123	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 124	ASCII text, with no line terminators	9F9FA94F28FE0DE82BC8FD039A7BDB24	6FE91F82974BD5B101782941064BCB2AFDEB17D8	9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
Chrome Cache Entry: 125	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 126	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0	285467176F7FE6BB6A9C6873B3DAD2CC	EA04E4FF5142DDD69307C183DEF721A160E0A64E	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
Chrome Cache Entry: 127	Web Open Font Format (Version 2), TrueType, length 16944, version 1.0	D8BCBE724FD6F4BA44D0EE6A2675890F	D276FD769BCB675F8EFE42EBE3003C1D3255F985	AA4650A411DFE1C9BEB794FFAF08C7909CDFBB05672D79B3A9976672CBBA75EC
Chrome Cache Entry: 128	JSON data	B0D9409BBD26B8B65C567898D5446B95	3AAB7C63B7B0DEE51A97A2725A4F635DD7F44A22	55DA314AAA8E458CF9AC380DCAD0415C4A41BBFE8E2362D90F0EF8469133B927
Chrome Cache Entry: 129	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 609680	EB6A055A72B4F1993BEC800D3C68B6B6	979A945885E56B2C61900DE2712AAE38B32DDFCB	78E21E121BC7A36B790B6F57CEE83E31B07E856C7F1DE054B723F7DC8F60A925
Chrome Cache Entry: 130	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 131	JSON data	10A089B88DC82AE5BFD300D96E73D0CE	D8853DB6363AB2C643D381CD34589EF5224E4E55	6D0AA63AFDF0E65C17E3FDEB8B3B04505F3538B72497640652F8614CCC76618F
Chrome Cache Entry: 132	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 133	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 55021	0968BAC072F4DA3F1B3A6AD508025E94	75256B8965E8C571650745D8C393996E627DF5B8	E865E78A66B5C75135E27CB03B8F6FA2281C170F454A505CC4F0D97F3C733403
Chrome Cache Entry: 134	PNG image data, 200 x 71, 8-bit/color RGBA, non-interlaced	F667124959DF088360A541A25AE7DDA8	B2DED73659F4CD8989780E17CADCF3E32CCDE048	B5368A5A9AAC3F3E04C47D93805D6A3962F38108FA26A391C9BB2BCBBEC531A0
Chrome Cache Entry: 135	HTML document, ASCII text, with very long lines (2972)	6B9E2A5AE6EC6FB2100430DA2C329E4C	AC66FCD917EE8ED8D73662119BD04CACD905C612	5D1CBB16D3E0660037D1BB10DE2D07CD55AE94E3380BFCECE6AED5B9F1D1B2EC
Chrome Cache Entry: 136	HTML document, ASCII text, with very long lines (2972)	6B9E2A5AE6EC6FB2100430DA2C329E4C	AC66FCD917EE8ED8D73662119BD04CACD905C612	5D1CBB16D3E0660037D1BB10DE2D07CD55AE94E3380BFCECE6AED5B9F1D1B2EC
Chrome Cache Entry: 137	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 138	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 139	JSON data	3547502C80B5D31848620538CEF2F4DE	DDC0AD4C8404C555D406F4186FE04A461011063A	C7E67D837D9EBE0238D3213AE4A6CFF5ACA16707BFC8A45AAAA11340FBBEEA5D
Chrome Cache Entry: 140	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 141	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113084	92A840DC3D177339DAE03FEDF22A22B5	C1C9A6E6442388D07A9D9D72C12DA25094D6920F	4A986BA8875F22A0EABC356112A6790F90E114ADB72EAEC4632E03812EC1EDE4
Chrome Cache Entry: 142	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 143	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113657	57911010756C90D58754C91EF1EE2765	BAA48FEF4866D7DAFD9F59417745EE838F0E63CA	87C5385BA17F84CC25FB7BBE1EDB4169BC702842BD74B758ACDC130986D55BC2
Chrome Cache Entry: 144	ASCII text	6DF5DDE38EC3C12329A97C5CDEF18D26	589B055AF4FFE981F073C7E3EC8C5E62B725B3AF	D0239B745F9020D3F03785B130E6370202FD27597EFFB433ADED633A7E5AA311
Chrome Cache Entry: 82	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 83	ASCII text, with very long lines (65536), with no line terminators	CC9F435BA7B105175F5D2DFBFB14D579	20890B7EE76629BDFF1E4A04967225238BD74FCF	FE0FF23EE97F48E2F47FF5DA00EEC80B5986C5C569406E30C83A7441B119F77F
Chrome Cache Entry: 84	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 85	HTML document, ASCII text, with very long lines (2972)	6B9E2A5AE6EC6FB2100430DA2C329E4C	AC66FCD917EE8ED8D73662119BD04CACD905C612	5D1CBB16D3E0660037D1BB10DE2D07CD55AE94E3380BFCECE6AED5B9F1D1B2EC
Chrome Cache Entry: 86	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141289	462394CA2CEA9EFD7907540CBA6FF476	16B41B5BFDE870C38B481E3418B900AAFB0F6E29	440AFCE54C4215A9A6CEAF3303E44CDBBD3D2A31FF17295074858DE108B1F880
Chrome Cache Entry: 87	HTML document, ASCII text, with very long lines (2345), with CRLF line terminators	E86EF8B6111E5FB1D1665BCDC90888C9	994BF7651CB967CD9053056AF2D69ACB74DB7F29	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
Chrome Cache Entry: 88	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 89	ASCII text, with no line terminators	7F6C2F2EC0AC79AF93AC42E55601E0D8	8DE377E67C5B4919C767A044051BFD52C77A985E	5F1077DECBD2768AD99AF5D592C4DDE934F19682BB8BAD05599F9D403344DA27
Chrome Cache Entry: 90	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 91	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379	847A4212B99B9076EE39328B24CD30AF	73F15078CF1D396485F644A79B6E25EF0637685D	29DC0C26C372805325EB7EB926769E832A60B47BEF96A66436EC3EC05CD6128E
Chrome Cache Entry: 92	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 93	JSON data	3547502C80B5D31848620538CEF2F4DE	DDC0AD4C8404C555D406F4186FE04A461011063A	C7E67D837D9EBE0238D3213AE4A6CFF5ACA16707BFC8A45AAAA11340FBBEEA5D
Chrome Cache Entry: 94	HTML document, ASCII text, with very long lines (2972)	6B9E2A5AE6EC6FB2100430DA2C329E4C	AC66FCD917EE8ED8D73662119BD04CACD905C612	5D1CBB16D3E0660037D1BB10DE2D07CD55AE94E3380BFCECE6AED5B9F1D1B2EC
Chrome Cache Entry: 95	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90613	B3DF30AE70C34BAC95FC91544D9209BD	68E1316DE3CD5FEEBCB4DA17AFC80EAFD7FB2234	B06F7F7C91DA1E7A195A508913008E0427889447B9697E090CC8ADC7D4E6564E
Chrome Cache Entry: 96	ASCII text, with very long lines (61641)	B334E888CE2E9C455EC9B381FA5D067D	FE630F8042A90397AF33747FAC3D541A8DE17079	AB70314B3A292BE07387E0548D0925724B3638994CFC3E65C097998CA833F913
Chrome Cache Entry: 97	ASCII text, with very long lines (2409)	A1A803531FD35A357B75A720640A33E1	E87561EA0D30726D664294007AA6865AB0DEF326	1DACB2946732A6781FB6FE226E3BC10CEB3172D33CCCB5BC223533705575B002
Chrome Cache Entry: 98	ASCII text, with very long lines (1592)	76686B36170E28BA5519C5C93422C756	3DA991FF5A43B3930AB2BB04B2DF119FEE3CA68D	FC3B6C90F6F15607329495E877119CCD40B5B1260184DC6DBE7E6D8DA4810307
Chrome Cache Entry: 99	ASCII text, with very long lines (3234)	24A6CD95A8B04ABEA1C913748F9BBF57	064FD8DD6DFDC71A2987ED1A2D71BB601785DF84	F2739AF41961C433996F88F9E2DA960A98AD4D7BB6541E9A91CD4153365AC477

HTML body contains low number of good links

Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio...	HTTP Parser: Number of links: 0
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Redirecting does not match URL

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/f8c5973a-b6e5-4635-99d8-335ed112cd2f/saml2?SAMLRequest=nVJbb9sgFP4riHd8gTixUZwqW1WtUqdmsbuHvRF83KBhyDg42v79XCdVu5c%2BTOIF8d3O%2BVjf%2FB4sOUNA411N8ySjBJz2nXHPNX1q71hJbzZrVIPlJ7kd49Ht4dcIGMlEdCgvLzUdg5NeoUHp1AAoo5bN9uuD5EkmT8FHr72lZIsIIU5Wn73DcYDQQDgbDU%2F7h5oeYzyhTNOjsRa1hfAzQdBjMPEPdKNWL7xE%2ByFVJ5OqKUr6Yp42zSMlt1Mi42bIm5D1z8Ylg9HBo%2B%2Bjd9Y4mBX6UhfVSih2WELBFktRsKrqSiZEAV2ec93xflbnlNz5oGGevKa9sgiU3N%2FWdLv%2FlouVKtSB9Ys8Y4vywFklFLBuJUTVL3O9yrsJizuFaM7wxkYc4d5hVC7WlGd8wTLBeNnmQorpFAkvqx%2BU7K5r%2B2TcpY6Pdny4gFB%2Badsd2z02LSXfX2udAPRaopzdw%2Fv2PhZWr5XRzX8WNEBUnYpqnb5PsLle%2F%2F1Vm78%3D&RelayState=https%3A%2F%2Fhillsclerk.securityeducation.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=On9dAULqMpco2YalkQNqE80LzbmGLdk4mwbChX%2Bieq1WjHK3%2FHZzbi2LFsYJYh6sce%2B5hbnB2oinQpZqvGZsOjSSYDIfBGcpzscrwSgZe9vTl0YSIIvcZSbSYoFzG0HHoenyfXTo7XLX7xV%2BM3HD4t1B8a%2FBvurLQzCv2%2BAhvHk8aF%2FOsE8Rlq3CgKNixMrI8ZhGgBIikLK5ztoPpE1Yu7QKR0u8zxs8LVy5IEyZE7RMwkIJio...	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2ff8c5973a-b6e5-4635-99d8-335ed112cd2f%2freprocess%3fctx%3drQQIARAA42Kwss8oKSkottLXz8jMySlOzkktytYrTk0uLcosqUxNKU1OLMnMz9NLzs_VTyzI1E8sLcnQL07MzdHPTS1JTEksSSwS4hJw_BdyxmDtTv8Z-x02TGzQOLyK0YpMU4OD_Q8xqjkGBRoamyeaJibpppkYGuiaWCQZ6VoaJ6bqppgbG1ummRkmmxumXGBkfMHIeIuJNRio02gWsybRdm5iVkmzSDa1NDdO1E0ySzXVNTEzNtW1tEyx0DU2Nk1NMTQ0Sk4xSrvAwvOKhceA2YqDg0uAQYJBgeEHC-MiVqCH1-9sWbV9mYLXrO_XZksrxDOcYtXXTzO3TEkx9jFPN4yycC4IDS0OrjBycfFL8Sz0cCoq9k_NDc5yDfIoSnOJtLWwMpzAxnuKjeEDG2MHO8MsdoZdnBSE2AFehh98a07deLLr6eR3Hq_4dbzdzSz1TXwTiz0qIyqd9X1TTQrKXdwKA8JNEqMCM10MjVNKQ7yLLNJTzCNtNwgwAAA1&mkt=en-US	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49785 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49729 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49785 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/ie10-4d8fefae653b9ade02759391caba3c56.js HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform-ember/vendor-a951d76bce4e0eb0f86ae64748ba6fda.css HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform-ember/platform-ember-cc9f435ba7b105175f5d2dfbfb14d579.css HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform-ember/vendor-02d26fd8e43c2236915f27156ef6f4a3.js HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform-ember/chunk.131.abd4932d5d56930bc068.js HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform-ember/chunk.143.6d853b71ed5687725e31.js HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform-ember/platform-ember-a841ee5014fc18a82dc1fc9e41b64f7c.js HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /localizejs/localize.js HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wombat-style-guide/fonts/wombaticons.woff2?00965ec43b6dcef594e13da207312244 HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hillsclerk.securityeducation.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hillsclerk.securityeducation.com/platform-ember/platform-ember-cc9f435ba7b105175f5d2dfbfb14d579.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wombat-style-guide/fonts/roboto-latin-400italic.woff2 HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hillsclerk.securityeducation.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hillsclerk.securityeducation.com/platform-ember/platform-ember-cc9f435ba7b105175f5d2dfbfb14d579.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/companymanagement/api/companyLoginProfile/hillsclerk HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/vnd.api+jsonX-Requested-With: XMLHttpRequesttraceparent: 00-9df5594fc660ffa3c976f45e637aa009-73888404e5b568c7-01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /manifest.json HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/auth/jsonapi/authDetails/hillsclerk HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/vnd.api+jsonX-Requested-With: XMLHttpRequesttraceparent: 00-fca9b9409dd6638ac28d6fcaf7c06c4b-bb42b33b47890f9a-01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /images/android-chrome-144x144.png HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /api/companymanagement/api/companyLoginProfile/hillsclerk HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/tu?v=474 HTTP/1.1Host: global.localizecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://hillsclerk.securityeducation.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/tl.gif?l=en&c=6828485 HTTP/1.1Host: global.localizecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/g?v=0&l=en HTTP/1.1Host: global.localizecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://hillsclerk.securityeducation.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /api/auth/saml/login?targetUrl=https://hillsclerk.securityeducation.com/ HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wombat-style-guide/images/logo.png HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hillsclerk.securityeducation.com/sso-authAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/g?v=8209&l=en HTTP/1.1Host: global.localizecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://hillsclerk.securityeducation.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hillsclerk.securityeducation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wombat-style-guide/fonts/roboto-latin-400.woff2 HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hillsclerk.securityeducation.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hillsclerk.securityeducation.com/platform-ember/platform-ember-cc9f435ba7b105175f5d2dfbfb14d579.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /wombat-style-guide/fonts/roboto-latin-500.woff2 HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hillsclerk.securityeducation.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hillsclerk.securityeducation.com/platform-ember/platform-ember-cc9f435ba7b105175f5d2dfbfb14d579.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /api/auth/jsonapi/authDetails/hillsclerk HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /images/android-chrome-144x144.png HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /wombat-style-guide/images/logo.png HTTP/1.1Host: hillsclerk.securityeducation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _splunk_rum_sid=%7B%22id%22%3A%2246314e6b64621c2916795bf573ac0095%22%2C%22startTime%22%3A1711632812383%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/tu?v=474 HTTP/1.1Host: global.localizecdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/tl.gif?l=en&c=6828485 HTTP/1.1Host: global.localizecdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/g?v=0&l=en HTTP/1.1Host: global.localizecdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/lib/xG6eDWKawYmvs/g?v=8209&l=en HTTP/1.1Host: global.localizecdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_HC7t4HZ_o96i0-T341lIwg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_QMJbZSc_Phofl-lfd63BLw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_pevuvrbnnz-5coi_b4jtbw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f8c5973a-b6e5-4635-99d8-335ed112cd2f/winauth/ssoprobe?client-request-id=cc54fe41-ad30-4fb9-98bf-40b0918028c3&_=1711632820509 HTTP/1.1Host: autologon.microsoftazuread-sso.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_3c78f555810791db83a9.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/reset-password-signinname_en_8qvvLKBP0Aes1nPeyZ0lbw2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_c53074e74ebeb8e140d6_en.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: hillsclerk.securityeducation.com

Source: unknown

Source: chromecache_97.2.dr	String found in binary or memory: http://dev.apollodata.com/core/fragments.html#unique-names
Source: chromecache_98.2.dr	String found in binary or memory: http://ember-concurrency.com/docs/task-cancelation-help
Source: chromecache_98.2.dr	String found in binary or memory: http://git.io/EKPpnA
Source: chromecache_98.2.dr	String found in binary or memory: http://git.io/yBU2rg
Source: chromecache_98.2.dr	String found in binary or memory: http://help.pendo.io/resources/support-library/installation/metadata.html
Source: chromecache_98.2.dr, chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/add-inverted-param/
Source: chromecache_98.2.dr, chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/define-locale/
Source: chromecache_98.2.dr, chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/dst-shifted/
Source: chromecache_98.2.dr, chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/js-date/
Source: chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/min-max/
Source: chromecache_98.2.dr, chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/zone/
Source: chromecache_97.2.dr	String found in binary or memory: http://momentjs.com/timezone/docs/#/data-loading/.
Source: chromecache_98.2.dr	String found in binary or memory: http://testserver.example/v1/graph
Source: chromecache_97.2.dr	String found in binary or memory: http://www.ecma-international.org/ecma-262/5.1/#sec-C
Source: chromecache_98.2.dr	String found in binary or memory: https://api.feedback.us.pendo.io
Source: chromecache_98.2.dr	String found in binary or memory: https://app.pendo.io
Source: chromecache_97.2.dr	String found in binary or memory: https://code.highcharts.com/9.2.2/lib/
Source: chromecache_99.2.dr	String found in binary or memory: https://community.securityeducation.com/s/article/Interactive-Training-Section-508-WCAG-Compliant-Tr
Source: chromecache_99.2.dr	String found in binary or memory: https://community.securityeducation.com/s/article/SCORM-Export-to-SCORM
Source: chromecache_98.2.dr	String found in binary or memory: https://deprecations.emberjs.com/v1.x/#toc_binding-style-attributes.
Source: chromecache_97.2.dr	String found in binary or memory: https://export.highcharts.com/
Source: chromecache_99.2.dr	String found in binary or memory: https://featbot.io
Source: chromecache_98.2.dr	String found in binary or memory: https://feedback.us.pendo.io
Source: chromecache_97.2.dr	String found in binary or memory: https://github.com/apollographql/invariant-packages)
Source: chromecache_98.2.dr	String found in binary or memory: https://github.com/emn178/js-sha1
Source: chromecache_97.2.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: chromecache_98.2.dr	String found in binary or memory: https://github.com/taylorhakes/promise-polyfill
Source: chromecache_97.2.dr	String found in binary or memory: https://github.com/theKashey/focus-lock/#focus-fighting
Source: chromecache_97.2.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: chromecache_98.2.dr	String found in binary or memory: https://github.com/wombatsecurity/wombat-style-guide/blob/master/
Source: chromecache_98.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_98.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_98.2.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_98.2.dr	String found in binary or memory: https://local.pendo.io:8080
Source: chromecache_87.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_87.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_97.2.dr	String found in binary or memory: https://momentjs.com/timezone/docs/#/use-it/browser/
Source: chromecache_97.2.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: chromecache_98.2.dr	String found in binary or memory: https://pendo-io-static.storage.googleapis.com/agent/static/df0188cb-fe67-4565-4bef-3746994b4333/pen
Source: chromecache_98.2.dr	String found in binary or memory: https://pendo-static-5736325425922048.storage.googleapis.com
Source: chromecache_98.2.dr	String found in binary or memory: https://portal.feedback.eu.pendo.io/app/#/pendo/auth?inIframe=true
Source: chromecache_98.2.dr	String found in binary or memory: https://raw.github.com/emberjs/ember.js/master/LICENSE
Source: chromecache_97.2.dr	String found in binary or memory: https://rum-ingest.$
Source: chromecache_98.2.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_97.2.dr	String found in binary or memory: https://www.highcharts.com?credits
Source: chromecache_98.2.dr	String found in binary or memory: https://www.pendo.io/pendo-free/nps?utm_source=pendo_app&utm_medium=branded-nps&utm_campaign=free-br
Source: chromecache_98.2.dr	String found in binary or memory: https://www.proofpoint.com/us/products/security-awareness-reporting

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49729 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@18/107@28/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2012,i,694522603986261116,3156022079628551790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hillsclerk.securityeducation.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2012,i,694522603986261116,3156022079628551790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1417030
Product:	CloudBasic
Start time:	14:32:41
Start date:	28.03.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://hillsclerk.securityeducation.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://hillsclerk.securityeducation.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://hillsclerk.securityeducation.com/