Windows Analysis Report
https://pepe-memes.com/d/ax/q?user=mbraedel@hilcorp.com

Overview

General Information

Sample URL:	https://pepe-memes.com/d/ax/q?user=mbraedel@hilcorp.com
Analysis ID:	1417271
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected hidden input values containing email addresses (often used in phishing pages)

Found iframes

HTML body contains low number of good links

URL contains potential PII (phishing indication)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://pepe-memes.com/d/ax/q?user=mbraedel@hilcorp.com

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://royaldesignbuild.site

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 3.8.pages.csv, type: HTML
Source: Yara match	File source: 3.9.pages.csv, type: HTML
Source: Yara match	File source: 3.10.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true

Matcher: Template: microsoft matched

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true

HTTP Parser: mbraedel@hilcorp.com

Found iframes

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: Iframe src: https://2f2fa290-e19815ab.royaldesignbuild.site/Prefetch/Prefetch.aspx
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: Iframe src: https://2f2fa290-e19815ab.royaldesignbuild.site/Prefetch/Prefetch.aspx
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: Iframe src: https://2f2fa290-e19815ab.royaldesignbuild.site/Prefetch/Prefetch.aspx
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: Iframe src: https://2f2fa290-e19815ab.royaldesignbuild.site/Prefetch/Prefetch.aspx

HTML body contains low number of good links

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true

HTTP Parser: Number of links: 0

URL contains potential PII (phishing indication)

Source: https://pepe-memes.com/d/ax/q?user=mbraedel@hilcorp.com

Sample URL: PII: mbraedel@hilcorp.com

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com	HTTP Parser: No favicon
Source: https://2f2fa290-e19815ab.royaldesignbuild.site/Prefetch/Prefetch.aspx	HTTP Parser: No favicon

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49753 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /d/ax/q?user=mbraedel@hilcorp.com HTTP/1.1Host: pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /index.html%7D?i=mbraedel@hilcorp.com HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/ HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/css/main.1b019d38.css HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/js/bundle.js HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/js/main.bdf2bc27.js HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im/shar2.jpg HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im/spina.gif HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/public/favicon.ico HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/public/manifest.json HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im/shar2.jpg HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im/spina.gif HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/public/favicon.ico HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /aaa/shsjjsjs/mbraedel@hilcorp.com HTTP/1.1Host: monroelarealtor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: monroelarealtor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://monroelarealtor.com/aaa/shsjjsjs/mbraedel@hilcorp.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?username=mbraedel@hilcorp.com HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://monroelarealtor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?username=mbraedel@hilcorp.com HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_HC7t4HZ_o96i0-T341lIwg2.js HTTP/1.1Host: 053a3106-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nline.royaldesignbuild.sitesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="Sec-WebSocket-Key: 9m5wHEqTASUHyXAp+7AUuA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?username=mbraedel@hilcorp.com&sso_reload=true HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nline.royaldesignbuild.sitesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_QMJbZSc_Phofl-lfd63BLw2.js HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nline.royaldesignbuild.sitesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_pevuvrbnnz-5coi_b4jtbw2.js HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nline.royaldesignbuild.sitesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: 3RtFLeeE/LuiVKE71XBaaA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 2f2fa290-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: KQHsj3T8/0mPjGmePh3guw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /hilcorp.com/winauth/ssoprobe?client-request-id=ceb7a41a-b756-43bf-b7d3-066e9fffa22a&_=1711654473870 HTTP/1.1Host: 898f3bcd-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: df0ahfCF54XPgMKjVf513A==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_beba75e58c98af016c6f.js HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /common/instrumentation/dssostatus HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/illustration?ts=637898708869671586 HTTP/1.1Host: 795496cd-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/bannerlogo?ts=638254708363776654 HTTP/1.1Host: 795496cd-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/favicon?ts=638254683966698186 HTTP/1.1Host: 795496cd-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/illustration?ts=637898708869671586 HTTP/1.1Host: 795496cd-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/favicon?ts=638254683966698186 HTTP/1.1Host: 795496cd-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/bannerlogo?ts=638254708363776654 HTTP/1.1Host: 795496cd-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: Y/25clMboyGggEprGHYS6g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: h15Y/5gIrRQA0eK5ZMpvZA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: N1zpA2R/uqMX50/0SLFJaQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: V6F80T5V7ZymM8jF/R3SQA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: unknown

DNS traffic detected: queries for: pepe-memes.com

Source: unknown

HTTP traffic detected: POST /?username=mbraedel@hilcorp.com HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: keep-aliveContent-Length: 1134Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://0nline.royaldesignbuild.siteContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 19:34:07 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 72662ebe-6f1d-4588-a44f-13194d4db802x-ms-ests-server: 2.1.17573.7 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 6c6a21aa-e025-4bdb-a395-0d08a4569102x-ms-ests-server: 2.1.17573.7 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 7B1C056712DB486E856C036183F5F369 Ref B: DFW311000103047 Ref C: 2024-03-28T19:34:29Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: b3ac6b2f-c2b5-47ab-91cf-0bb338160900x-ms-ests-server: 2.1.17615.13 - NCUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 822f8a58-c75d-430d-bcbf-2f414bff1800x-ms-ests-server: 2.1.17615.13 - WUS3 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: b5ae912e-12fd-4fa5-b22a-e1b8b5f50b00x-ms-ests-server: 2.1.17615.13 - WUS3 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: c87ab9c0-e51c-4e86-8b06-a39488a30b00x-ms-ests-server: 2.1.17615.13 - SCUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:35:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 466e25b8-6e37-476e-bfcf-ab58573e0500x-ms-ests-server: 2.1.17615.13 - EUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:35:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 89d8e578-79f2-465d-9b04-9a0f953b0900x-ms-ests-server: 2.1.17615.13 - NCUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: chromecache_71.2.dr, chromecache_81.2.dr

String found in binary or memory: http://ns.attribution.com/ads/1.0/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49753 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@18/66@32/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2128,i,16002129619905839655,12144192990535214210,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pepe-memes.com/d/ax/q?user=mbraedel@hilcorp.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2128,i,16002129619905839655,12144192990535214210,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
69.49.230.170	monroelarealtor.com	United States	46606	UNIFIEDLAYER-AS-1US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.167.103	www.google.com	United States	15169	GOOGLEUS	false
45.33.29.109	898f3bcd-e19815ab.royaldesignbuild.site	United States	63949	LINODE-APLinodeLLCUS	false
192.185.173.88	pepe-memes.com	United States	46606	UNIFIEDLAYER-AS-1US	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
898f3bcd-e19815ab.royaldesignbuild.site	45.33.29.109	true
4178995e-e19815ab.royaldesignbuild.site	45.33.29.109	true
0nline.royaldesignbuild.site	45.33.29.109	true
pepe-memes.com	192.185.173.88	true
053a3106-e19815ab.royaldesignbuild.site	45.33.29.109	true
ee4b70c9-e19815ab.royaldesignbuild.site	45.33.29.109	true
monroelarealtor.com	69.49.230.170	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
2f2fa290-e19815ab.royaldesignbuild.site	45.33.29.109	true
795496cd-e19815ab.royaldesignbuild.site	45.33.29.109	true
www.google.com	142.251.167.103	true
l1ve.royaldesignbuild.site	45.33.29.109	true
hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com	192.185.173.88	true
windowsupdatebg.s.llnwi.net	69.164.0.0	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://4178995e-e19815ab.royaldesignbuild.site/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js	false	Avira URL Cloud: safe	unknown
https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/static/css/main.1b019d38.css	false	Avira URL Cloud: safe	unknown
https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/im/shar2.jpg	false	Avira URL Cloud: safe	unknown
https://4178995e-e19815ab.royaldesignbuild.site/shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg	false	Avira URL Cloud: safe	unknown
https://0nline.royaldesignbuild.site/websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA=	false	Avira URL Cloud: safe	unknown
https://pepe-memes.com/d/ax/q?user=mbraedel@hilcorp.com	true		unknown
https://795496cd-e19815ab.royaldesignbuild.site/dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/bannerlogo?ts=638254708363776654	false	Avira URL Cloud: safe	unknown
https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/static/js/main.bdf2bc27.js	false	Avira URL Cloud: safe	unknown
https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2	false	Avira URL Cloud: safe	unknown
https://795496cd-e19815ab.royaldesignbuild.site/dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/favicon?ts=638254683966698186	false	Avira URL Cloud: safe	unknown
https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/public/manifest.json	false	Avira URL Cloud: safe	unknown
https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/index.html%7D?i=mbraedel@hilcorp.com	false	Avira URL Cloud: safe	unknown
https://l1ve.royaldesignbuild.site/Me.htm?v=3	false	Avira URL Cloud: safe	unknown
https://4178995e-e19815ab.royaldesignbuild.site/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	false	Avira URL Cloud: safe	unknown
https://2f2fa290-e19815ab.royaldesignbuild.site/Prefetch/Prefetch.aspx	false		unknown
https://4178995e-e19815ab.royaldesignbuild.site/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	false	Avira URL Cloud: safe	unknown
https://4178995e-e19815ab.royaldesignbuild.site/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css	false	Avira URL Cloud: safe	unknown
https://0nline.royaldesignbuild.site/favicon.ico	false	Avira URL Cloud: safe	unknown
https://4178995e-e19815ab.royaldesignbuild.site/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js	false	Avira URL Cloud: safe	unknown
https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/im/spina.gif	false	Avira URL Cloud: safe	unknown
https://4178995e-e19815ab.royaldesignbuild.site/shared/1.0/content/js/ConvergedLogin_PCore_QMJbZSc_Phofl-lfd63BLw2.js	false	Avira URL Cloud: safe	unknown
https://monroelarealtor.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://0nline.royaldesignbuild.site/common/instrumentation/dssostatus	false	Avira URL Cloud: safe	unknown
https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/static/js/bundle.js	false	Avira URL Cloud: safe	unknown
https://4178995e-e19815ab.royaldesignbuild.site/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false	Avira URL Cloud: safe	unknown
https://053a3106-e19815ab.royaldesignbuild.site/shared/1.0/content/js/BssoInterrupt_Core_HC7t4HZ_o96i0-T341lIwg2.js	false	Avira URL Cloud: safe	unknown
https://4178995e-e19815ab.royaldesignbuild.site/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif	false	Avira URL Cloud: safe	unknown
https://4178995e-e19815ab.royaldesignbuild.site/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif	false	Avira URL Cloud: safe	unknown
https://795496cd-e19815ab.royaldesignbuild.site/dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/illustration?ts=637898708869671586	false	Avira URL Cloud: safe	unknown
https://4178995e-e19815ab.royaldesignbuild.site/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_pevuvrbnnz-5coi_b4jtbw2.js	false	Avira URL Cloud: safe	unknown
https://monroelarealtor.com/aaa/shsjjsjs/mbraedel@hilcorp.com	false		unknown
https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/public/favicon.ico	false	Avira URL Cloud: safe	unknown
https://4178995e-e19815ab.royaldesignbuild.site/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_beba75e58c98af016c6f.js	false	Avira URL Cloud: safe	unknown
https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/	false		unknown
https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com	false		unknown
https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	true		unknown
https://898f3bcd-e19815ab.royaldesignbuild.site/hilcorp.com/winauth/ssoprobe?client-request-id=ceb7a41a-b756-43bf-b7d3-066e9fffa22a&_=1711654473870	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 61	gzip compressed data, from Unix, original size modulo 2^32 15726	EE322FB10E2647405632CB114D89263C	808216C849D86FDD2BCF54A82FAC95A9CC584E33	D7E80C6F02208BECC7E1ABD26F300104573E549A74720F07CB1D73EDB40FE2C6
Chrome Cache Entry: 62	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
Chrome Cache Entry: 63	GIF image data, version 89a, 200 x 200	2746720A36753363798163BD0A3C678A	147B24522C5CF383DEC9B1F7BB48455E60C53C27	5D1CF7A38B838253D16D17B74AD87AA674F502C1DDA5CFCB06DD18DF222852C9
Chrome Cache Entry: 64	gzip compressed data, from Unix, original size modulo 2^32 26685	86300BA60863064296566B23ECE61EAB	9ADC423B871D1A5A7111823558CA9E526814762A	8807B89B718569215352FB3D4C61C4E9DE616A4B8A5AF1D58BBF673DD659BBC1
Chrome Cache Entry: 65	HTML document, ASCII text, with very long lines (688), with no line terminators	EC6A14EF5DA32466A9AEC602E2A27A54	E0910D800516025A428A9FE0ACFAFA97BD44EDD9	837FC091D645F7409C466909C68E2BC383DC52B7CE2B0F6B816B0ECA7E0AC434
Chrome Cache Entry: 66	gzip compressed data, from Unix, original size modulo 2^32 2512	CA39E07BBB83462BED534D314D04BEB1	E7346E73FF5CA0264D2A182FCE63698118A4652F	C8A6A1ADC7E343E7082FFDF93748CA35D8D4D8FCB1FE4F11F364EE19350517BA
Chrome Cache Entry: 67	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 68	gzip compressed data, from Unix, original size modulo 2^32 113084	7B082644CE5A069FB55F47B1A6B667F2	6A5FFA5369BF15FA42446C6EDE88E9E40A40E0E9	8E34884C24973C66D83BAFDEC9445F746BEFEE773A384B340CA24C7B7703AF3A
Chrome Cache Entry: 69	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 70	ASCII text, with very long lines (65465)	7D60560A69215D657153A5B94166BC0D	D0DF5E0F0D6198A861D5F9E44B00A714FB1D0C0B	11A6D081BFA9862ABE9597C6C68D9870E55A1B1893E8ECC0E94CA49323FFFF97
Chrome Cache Entry: 71	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x500, components 3	0C0FD43502755B59E08CE4402273EF93	FB59064837CFD2EB2B2509C7CC43F6E23A6ECCEC	F1D7A82BF3E34F900E8CEE2F6A62B133405BA6A782782EEFA8BB7EE99BC141D6
Chrome Cache Entry: 72	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 73	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	8F8620B390E539BD9EE91F8EF2819A6D	003EB5379E1B6903BE1A85961B874DF99F741A03	8F49694E0325365F92936499A9AA02CD770716D8D6DEFEDDCDA4F5DC4D7AD319
Chrome Cache Entry: 74	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6], baseline, precision 8, 1920x1080, components 3	F7D18D898C87A580308430E46F1C3F00	B697DA9E168EB040F2E66E022388F033081CCC35	9FB3456226A8CB2F7C594C0B412478643E307EDBAACC43D7C66BF775A1229454
Chrome Cache Entry: 75	ASCII text, with no line terminators	17C4BD96DCB397D1D62D24921BC4FEBA	2C0F2AFF858069D582A97867B183EBD5DC8A9FCB	3549DBC06BDD994A38C9A29AECD7E8F9577E2150D15F8D6B0533B4D250666514
Chrome Cache Entry: 76	gzip compressed data, original size modulo 2^32 513	44D8807C223B5C6DEF6E75A602F314EF	E061C196D771661D6C47336C50EAFE2B3BA14130	BA9816D7AF3E3B0EA5B6B34BAA0C99FE5EDCF4CA9BE30307AAA2956F994A8B1E
Chrome Cache Entry: 77	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 78	GIF image data, version 89a, 200 x 200	2746720A36753363798163BD0A3C678A	147B24522C5CF383DEC9B1F7BB48455E60C53C27	5D1CF7A38B838253D16D17B74AD87AA674F502C1DDA5CFCB06DD18DF222852C9
Chrome Cache Entry: 79	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
Chrome Cache Entry: 80	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 81	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x500, components 3	0C0FD43502755B59E08CE4402273EF93	FB59064837CFD2EB2B2509C7CC43F6E23A6ECCEC	F1D7A82BF3E34F900E8CEE2F6A62B133405BA6A782782EEFA8BB7EE99BC141D6
Chrome Cache Entry: 82	gzip compressed data, original size modulo 2^32 513	44D8807C223B5C6DEF6E75A602F314EF	E061C196D771661D6C47336C50EAFE2B3BA14130	BA9816D7AF3E3B0EA5B6B34BAA0C99FE5EDCF4CA9BE30307AAA2956F994A8B1E
Chrome Cache Entry: 83	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 84	HTML document, ASCII text, with very long lines (688), with no line terminators	EC6A14EF5DA32466A9AEC602E2A27A54	E0910D800516025A428A9FE0ACFAFA97BD44EDD9	837FC091D645F7409C466909C68E2BC383DC52B7CE2B0F6B816B0ECA7E0AC434
Chrome Cache Entry: 85	PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced	1A5375D43A6F15FE83F723051CF37B16	2956DD49752BE1B0E2BE9E399436543A5AD8B4F6	CFFE7A6B0FF892FF7BF29D8F84760DF0A4AA82A00E4F5F5BE84CA45705316D4E
Chrome Cache Entry: 86	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 87	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6], baseline, precision 8, 1920x1080, components 3	F7D18D898C87A580308430E46F1C3F00	B697DA9E168EB040F2E66E022388F033081CCC35	9FB3456226A8CB2F7C594C0B412478643E307EDBAACC43D7C66BF775A1229454
Chrome Cache Entry: 88	HTML document, ASCII text, with very long lines (688), with no line terminators	EC6A14EF5DA32466A9AEC602E2A27A54	E0910D800516025A428A9FE0ACFAFA97BD44EDD9	837FC091D645F7409C466909C68E2BC383DC52B7CE2B0F6B816B0ECA7E0AC434
Chrome Cache Entry: 89	gzip compressed data, from Unix, original size modulo 2^32 223871	42D55B71B8A689D6E544E9CAFF672A7F	51C6EAAA23047AC05F2C4A9D5D2C3DA26DA0A61E	3E84DDF80A4713AC786F55056EF6A50F0D15AE1BD2301B78630CCAA7B791B18C
Chrome Cache Entry: 90	PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced	1A5375D43A6F15FE83F723051CF37B16	2956DD49752BE1B0E2BE9E399436543A5AD8B4F6	CFFE7A6B0FF892FF7BF29D8F84760DF0A4AA82A00E4F5F5BE84CA45705316D4E
Chrome Cache Entry: 91	gzip compressed data, from Unix, original size modulo 2^32 141264	99AE5F48EAE97D4CF105B84DAD8BF3F3	9B57CF6C485688ED99992D13B578E7A01F3DA388	D0A08EBF35E95557A3FC04DA3D00C71C8B4EC5B3838D79C104A2616BC1169C87
Chrome Cache Entry: 92	ASCII text, with very long lines (944)	4913A57B21EB3DB84EA2B9881206271B	25188D4B00BCC213D2C2CD2DF710753A5E42B219	7FF3EB702B5C66748EA47174E0EFE537AFFB21F87CA963CBC38AEE67CE7703AF
Chrome Cache Entry: 93	HTML document, ASCII text, with very long lines (688), with no line terminators	EC6A14EF5DA32466A9AEC602E2A27A54	E0910D800516025A428A9FE0ACFAFA97BD44EDD9	837FC091D645F7409C466909C68E2BC383DC52B7CE2B0F6B816B0ECA7E0AC434
Chrome Cache Entry: 94	gzip compressed data, from Unix, original size modulo 2^32 443035	4FED81C5D4C04017E99D88CBDD3A28A9	A2FE57408200EE0CD2D6E0DAF3B2BF6D5FA4B2BB	A4AA0EE33FBCE8EF84F9519CC22C4052CB1941C1B11CACD176F5F05334FEDD5C
Chrome Cache Entry: 95	HTML document, ASCII text, with very long lines (688), with no line terminators	EC6A14EF5DA32466A9AEC602E2A27A54	E0910D800516025A428A9FE0ACFAFA97BD44EDD9	837FC091D645F7409C466909C68E2BC383DC52B7CE2B0F6B816B0ECA7E0AC434
Chrome Cache Entry: 96	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 97	gzip compressed data, from Unix, original size modulo 2^32 55021	1DEBA82567AC98A2F2AEC1FFFB505525	B180506C501A76746783335BABBE396DD202D155	0F6966C7C8B82D763D5A3C8A6B0E552BB3793A1E68A291EE0F7CC093A3DD607E
Chrome Cache Entry: 98	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	8F8620B390E539BD9EE91F8EF2819A6D	003EB5379E1B6903BE1A85961B874DF99F741A03	8F49694E0325365F92936499A9AA02CD770716D8D6DEFEDDCDA4F5DC4D7AD319
Chrome Cache Entry: 99	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://pepe-memes.com/d/ax/q?user=mbraedel@hilcorp.com

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://royaldesignbuild.site

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 3.8.pages.csv, type: HTML
Source: Yara match	File source: 3.9.pages.csv, type: HTML
Source: Yara match	File source: 3.10.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true

Matcher: Template: microsoft matched

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true

HTTP Parser: mbraedel@hilcorp.com

Found iframes

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: Iframe src: https://2f2fa290-e19815ab.royaldesignbuild.site/Prefetch/Prefetch.aspx
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: Iframe src: https://2f2fa290-e19815ab.royaldesignbuild.site/Prefetch/Prefetch.aspx
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: Iframe src: https://2f2fa290-e19815ab.royaldesignbuild.site/Prefetch/Prefetch.aspx
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: Iframe src: https://2f2fa290-e19815ab.royaldesignbuild.site/Prefetch/Prefetch.aspx

HTML body contains low number of good links

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true

HTTP Parser: Number of links: 0

URL contains potential PII (phishing indication)

Source: https://pepe-memes.com/d/ax/q?user=mbraedel@hilcorp.com

Sample URL: PII: mbraedel@hilcorp.com

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com	HTTP Parser: No favicon
Source: https://2f2fa290-e19815ab.royaldesignbuild.site/Prefetch/Prefetch.aspx	HTTP Parser: No favicon

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49753 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /d/ax/q?user=mbraedel@hilcorp.com HTTP/1.1Host: pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /index.html%7D?i=mbraedel@hilcorp.com HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/ HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/css/main.1b019d38.css HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/js/bundle.js HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/js/main.bdf2bc27.js HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im/shar2.jpg HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im/spina.gif HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/public/favicon.ico HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/public/manifest.json HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/?u=bW9ucm9lbGFyZWFsdG9yLmNvbS9hYWEvc2hzampzanMvbWJyYWVkZWxAaGlsY29ycC5jb20=&x=////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im/shar2.jpg HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im/spina.gif HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/19/sharepoint-aspx/////////////e/r//r/e//d/d//w/s//fd//f/w///s/s/df//f//w/s//s/s/s/sfs/fd///s////////////sd/sw////////g/////////////vvs/////////////////////ss//////////////se///////////////////h////////////h/////////////h//////////////////vvvvd//bdds/hgffddds//////////////dss/ssssssssss/ssssssssssssssssssssss///////////////////////////////////////////////////////////////////////////////////////////////////////////w///////////////////w//////v//n/////////////////a//////////////////m///////////////////////k//////////////////r///////////////q///////////eyydsyywttwtwiww///w//w/w/d////a///q///c/v////f//g///j//j//k/k/y//n//////r///e//e//r/r/public/favicon.ico HTTP/1.1Host: hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /aaa/shsjjsjs/mbraedel@hilcorp.com HTTP/1.1Host: monroelarealtor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://hilcorpcom-netorgft4082839-sharepoint-com-f3.pepe-memes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: monroelarealtor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://monroelarealtor.com/aaa/shsjjsjs/mbraedel@hilcorp.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?username=mbraedel@hilcorp.com HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://monroelarealtor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?username=mbraedel@hilcorp.com HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_HC7t4HZ_o96i0-T341lIwg2.js HTTP/1.1Host: 053a3106-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nline.royaldesignbuild.sitesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="Sec-WebSocket-Key: 9m5wHEqTASUHyXAp+7AUuA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?username=mbraedel@hilcorp.com&sso_reload=true HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/?username=mbraedel@hilcorp.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nline.royaldesignbuild.sitesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_QMJbZSc_Phofl-lfd63BLw2.js HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nline.royaldesignbuild.sitesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_pevuvrbnnz-5coi_b4jtbw2.js HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://0nline.royaldesignbuild.sitesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: 3RtFLeeE/LuiVKE71XBaaA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 2f2fa290-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: KQHsj3T8/0mPjGmePh3guw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /hilcorp.com/winauth/ssoprobe?client-request-id=ceb7a41a-b756-43bf-b7d3-066e9fffa22a&_=1711654473870 HTTP/1.1Host: 898f3bcd-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: df0ahfCF54XPgMKjVf513A==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_beba75e58c98af016c6f.js HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /common/instrumentation/dssostatus HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/illustration?ts=637898708869671586 HTTP/1.1Host: 795496cd-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/bannerlogo?ts=638254708363776654 HTTP/1.1Host: 795496cd-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/favicon?ts=638254683966698186 HTTP/1.1Host: 795496cd-e19815ab.royaldesignbuild.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0nline.royaldesignbuild.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: 4178995e-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/illustration?ts=637898708869671586 HTTP/1.1Host: 795496cd-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/favicon?ts=638254683966698186 HTTP/1.1Host: 795496cd-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-dnukdvcuyrxzajeghhlkgrsw0mn8cw2uhbxodkn-5f8/logintenantbranding/0/bannerlogo?ts=638254708363776654 HTTP/1.1Host: 795496cd-e19815ab.royaldesignbuild.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: Y/25clMboyGggEprGHYS6g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: h15Y/5gIrRQA0eK5ZMpvZA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: N1zpA2R/uqMX50/0SLFJaQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /websocket/hook/?6B8zYC=ZTE5ODE1YWIzZDNhNDYzMjgwYzJhZWU2Mzk3ZTAxNzA= HTTP/1.1Host: 0nline.royaldesignbuild.siteConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://0nline.royaldesignbuild.siteSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 6B8zYC="ZTE5ODE1YWItM2QzYS00NjMyLTgwYzItYWVlNjM5N2UwMTcwOjM0OGQwM2VkLWY1ZTctNDEzZi05Y2VmLWRlNDM4ZjUwMjFhNA=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: V6F80T5V7ZymM8jF/R3SQA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: unknown

DNS traffic detected: queries for: pepe-memes.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 19:34:07 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 72662ebe-6f1d-4588-a44f-13194d4db802x-ms-ests-server: 2.1.17573.7 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 6c6a21aa-e025-4bdb-a395-0d08a4569102x-ms-ests-server: 2.1.17573.7 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 7B1C056712DB486E856C036183F5F369 Ref B: DFW311000103047 Ref C: 2024-03-28T19:34:29Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: b3ac6b2f-c2b5-47ab-91cf-0bb338160900x-ms-ests-server: 2.1.17615.13 - NCUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 822f8a58-c75d-430d-bcbf-2f414bff1800x-ms-ests-server: 2.1.17615.13 - WUS3 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: b5ae912e-12fd-4fa5-b22a-e1b8b5f50b00x-ms-ests-server: 2.1.17615.13 - WUS3 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:34:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: c87ab9c0-e51c-4e86-8b06-a39488a30b00x-ms-ests-server: 2.1.17615.13 - SCUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:35:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 466e25b8-6e37-476e-bfcf-ab58573e0500x-ms-ests-server: 2.1.17615.13 - EUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:35:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 89d8e578-79f2-465d-9b04-9a0f953b0900x-ms-ests-server: 2.1.17615.13 - NCUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ee4b70c9-e19815ab.royaldesignbuild.site/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: chromecache_71.2.dr, chromecache_81.2.dr

String found in binary or memory: http://ns.attribution.com/ads/1.0/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49753 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@18/66@32/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2128,i,16002129619905839655,12144192990535214210,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pepe-memes.com/d/ax/q?user=mbraedel@hilcorp.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2128,i,16002129619905839655,12144192990535214210,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1417271
Product:	CloudBasic
Start time:	20:32:55
Start date:	28.03.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://pepe-memes.com/d/ax/q?user=mbraedel@hilcorp.com

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://pepe-memes.com/d/ax/q?user=mbraedel@hilcorp.com

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://pepe-memes.com/d/ax/q?user=mbraedel@hilcorp.com