Windows Analysis Report
https://estgirls-my.sharepoint.com/:b:/g/personal/s7958766_estg_moe_gov_sa/EeCN0MAR0F5NufUZkT2Q-mcBn4v13Ov8FQ0oi798Dgtayg?e=zTKNmK

Overview

General Information

Sample URL: https://estgirls-my.sharepoint.com/:b:/g/personal/s7958766_estg_moe_gov_sa/EeCN0MAR0F5NufUZkT2Q-mcBn4v13Ov8FQ0oi798Dgtayg?e=zTKNmK
Analysis ID: 1428968
Infos:

Detection

HTMLPhisher
Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Phishing site detected (based on favicon image match)
Yara detected HtmlPhish54
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
Drops files with a non-matching file extension (content does not match file extension)
Found iframes
HTML body contains low number of good links
HTML title does not match URL
Phishing site detected (based on OCR NLP Model)
Submit button contains javascript call

Classification

Phishing
barindex
Phishing site detected (based on favicon image match)
Source: https://belovedkittenrescue.com Matcher: Template: microsoft matched with high similarity
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Matcher: Template: microsoft matched with high similarity
Yara detected HtmlPhish54
Source: Yara match File source: 1.5.pages.csv, type: HTML
Source: Yara match File source: 2.6.pages.csv, type: HTML
Source: Yara match File source: 2.7.pages.csv, type: HTML
Source: Yara match File source: 2.11.pages.csv, type: HTML
Phishing site detected (based on image similarity)
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Matcher: Found strong image similarity, brand: MICROSOFT
Phishing site detected (based on logo match)
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv Matcher: Template: microsoft matched
Found iframes
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26mkt%3dEN-US%26opid%3d4796DC2E20C549C9%26opidt%3d1713563522%26uaid%3da67d96ca27dd4840a2c4a24b8295837e%26contextid%3dC6B7CECBF7EF37A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&uaid=a67d96ca27dd4840a2c4a24b8295837e&suc=4765445b-32c6-49b0-83e6-1d93765276ca&lic=1 HTTP Parser: Iframe src: https://fpt.live.com/?session_id=a67d96ca27dd4840a2c4a24b8295837e&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US
HTML body contains low number of good links
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 HTTP Parser: Number of links: 0
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true HTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26mkt%3dEN-US%26opid%3d4796DC2E20C549C9%26opidt%3d1713563522%26uaid%3da67d96ca27dd4840a2c4a24b8295837e%26contextid%3dC6B7CECBF7EF37A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&uaid=a67d96ca27dd4840a2c4a24b8295837e&suc=4765445b-32c6-49b0-83e6-1d93765276ca&lic=1 HTTP Parser: Number of links: 0
HTML title does not match URL
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 HTTP Parser: Title: Redirecting does not match URL
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true HTTP Parser: Title: Sign in to your account does not match URL
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26mkt%3dEN-US%26opid%3d4796DC2E20C549C9%26opidt%3d1713563522%26uaid%3da67d96ca27dd4840a2c4a24b8295837e%26contextid%3dC6B7CECBF7EF37A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&uaid=a67d96ca27dd4840a2c4a24b8295837e&suc=4765445b-32c6-49b0-83e6-1d93765276ca&lic=1 HTTP Parser: Title: Create account does not match URL
Phishing site detected (based on OCR NLP Model)
Source: Chrome DOM: 0.4 ML Model on OCR Text: Matched 96.6% probability on "contract.pdf Info 1/1 DOCUMENT IS PRIVATE C.I .1CK TO IJM .OC.K Note: This Document was shared via Office365 and registered as private. Recipients "
Submit button contains javascript call
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26mkt%3dEN-US%26opid%3d4796DC2E20C549C9%26opidt%3d1713563522%26uaid%3da67d96ca27dd4840a2c4a24b8295837e%26contextid%3dC6B7CECBF7EF37A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&uaid=a67d96ca27dd4840a2c4a24b8295837e&suc=4765445b-32c6-49b0-83e6-1d93765276ca&lic=1 HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26mkt%3dEN-US%26opid%3d4796DC2E20C549C9%26opidt%3d1713563522%26uaid%3da67d96ca27dd4840a2c4a24b8295837e%26contextid%3dC6B7CECBF7EF37A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&uaid=a67d96ca27dd4840a2c4a24b8295837e&suc=4765445b-32c6-49b0-83e6-1d93765276ca&lic=1 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26mkt%3dEN-US%26opid%3d4796DC2E20C549C9%26opidt%3d1713563522%26uaid%3da67d96ca27dd4840a2c4a24b8295837e%26contextid%3dC6B7CECBF7EF37A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&uaid=a67d96ca27dd4840a2c4a24b8295837e&suc=4765445b-32c6-49b0-83e6-1d93765276ca&lic=1 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26mkt%3dEN-US%26opid%3d4796DC2E20C549C9%26opidt%3d1713563522%26uaid%3da67d96ca27dd4840a2c4a24b8295837e%26contextid%3dC6B7CECBF7EF37A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&uaid=a67d96ca27dd4840a2c4a24b8295837e&suc=4765445b-32c6-49b0-83e6-1d93765276ca&lic=1 HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26mkt%3dEN-US%26opid%3d4796DC2E20C549C9%26opidt%3d1713563522%26uaid%3da67d96ca27dd4840a2c4a24b8295837e%26contextid%3dC6B7CECBF7EF37A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&uaid=a67d96ca27dd4840a2c4a24b8295837e&suc=4765445b-32c6-49b0-83e6-1d93765276ca&lic=1 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26mkt%3dEN-US%26opid%3d4796DC2E20C549C9%26opidt%3d1713563522%26uaid%3da67d96ca27dd4840a2c4a24b8295837e%26contextid%3dC6B7CECBF7EF37A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&uaid=a67d96ca27dd4840a2c4a24b8295837e&suc=4765445b-32c6-49b0-83e6-1d93765276ca&lic=1 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true HTTP Parser: <input type="password" .../> found
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 HTTP Parser: No favicon
Source: https://fpt.live.com/?session_id=a67d96ca27dd4840a2c4a24b8295837e&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US HTTP Parser: No favicon
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 HTTP Parser: No <meta name="author".. found
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26mkt%3dEN-US%26opid%3d4796DC2E20C549C9%26opidt%3d1713563522%26uaid%3da67d96ca27dd4840a2c4a24b8295837e%26contextid%3dC6B7CECBF7EF37A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&uaid=a67d96ca27dd4840a2c4a24b8295837e&suc=4765445b-32c6-49b0-83e6-1d93765276ca&lic=1 HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26mkt%3dEN-US%26opid%3d4796DC2E20C549C9%26opidt%3d1713563522%26uaid%3da67d96ca27dd4840a2c4a24b8295837e%26contextid%3dC6B7CECBF7EF37A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&uaid=a67d96ca27dd4840a2c4a24b8295837e&suc=4765445b-32c6-49b0-83e6-1d93765276ca&lic=1 HTTP Parser: No <meta name="author".. found
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 HTTP Parser: No <meta name="copyright".. found
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26mkt%3dEN-US%26opid%3d4796DC2E20C549C9%26opidt%3d1713563522%26uaid%3da67d96ca27dd4840a2c4a24b8295837e%26contextid%3dC6B7CECBF7EF37A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&uaid=a67d96ca27dd4840a2c4a24b8295837e&suc=4765445b-32c6-49b0-83e6-1d93765276ca&lic=1 HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26mkt%3dEN-US%26opid%3d4796DC2E20C549C9%26opidt%3d1713563522%26uaid%3da67d96ca27dd4840a2c4a24b8295837e%26contextid%3dC6B7CECBF7EF37A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&uaid=a67d96ca27dd4840a2c4a24b8295837e&suc=4765445b-32c6-49b0-83e6-1d93765276ca&lic=1 HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /:b:/g/personal/s7958766_estg_moe_gov_sa/EeCN0MAR0F5NufUZkT2Q-mcBn4v13Ov8FQ0oi798Dgtayg?e=zTKNmK HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /personal/s7958766_estg_moe_gov_sa/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments%2Fcontract%2Epdf&parent=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments&ga=1 HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTQzNzZlYzAyNTZkNTEyZTIzNzMyMDljZjQzOTk2OWRhNGQ5NDM2MzRmZTk2Y2E1NTZmZjFhN2ExYzE1YTRiZSwxMzM1ODAzNzM1MzAwMDAwMDAsMCwxMzM1ODEyMzQ1Mzg0ODM0MDIsMC4wLjAuMCwyNTgsYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiLCwsNDJhODIwYTEtYTAxMi04MDAwLTg3OTgtZDM1NTQxMmQxNGQ5LDQyYTgyMGExLWEwMTItODAwMC04Nzk4LWQzNTU0MTJkMTRkOSwzTlVzZFR6QS9rT0M0cEJvQmJKRjFnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODgyMTQsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdnTDZlWE9nNnFOT2s0dlVxbVJnYU9aWE9LazF3c1VYdms5WXJSckJDaW0rREZaa2Z5enIxUmY1Z0dTSlcvYWxSdURjUUF4ZDFPZENBMzc3R01TMUd5N3g3amZaQllseVVHV2F4WlM4NlhWYStFZk1rb2NTU2p4a3dEK3Z0UmU4QlhaQWZ2WnJiTlVZVFJBakcvM09GZUhoWi9BbVhISjQzcGVsYWhtT3JMZDl3YllneFJRSU5vV1pXbHlaOFFZdk9vb0RlYXZ0WDlvT1RYeU1rU2NWRWNRdWk5RnhzYlUrSXRuRnhRcmFwNmEvWVhYQVhBalREdUx3TEIwUmRpcjQvd2ZONU1tK0NHMHBDTFA5UFlzclA5bmFpeDg0S3NSc0pHOFBEdWdqTVJSMk5MaURjaHVoWHJsV2JjWEFiMjlJbHJFbzZxT29VVmxhQm9LZUNnbmRNZz09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTQzNzZlYzAyNTZkNTEyZTIzNzMyMDljZjQzOTk2OWRhNGQ5NDM2MzRmZTk2Y2E1NTZmZjFhN2ExYzE1YTRiZSwxMzM1ODAzNzM1MzAwMDAwMDAsMCwxMzM1ODEyMzQ1Mzg0ODM0MDIsMC4wLjAuMCwyNTgsYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiLCwsNDJhODIwYTEtYTAxMi04MDAwLTg3OTgtZDM1NTQxMmQxNGQ5LDQyYTgyMGExLWEwMTItODAwMC04Nzk4LWQzNTU0MTJkMTRkOSwzTlVzZFR6QS9rT0M0cEJvQmJKRjFnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODgyMTQsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdnTDZlWE9nNnFOT2s0dlVxbVJnYU9aWE9LazF3c1VYdms5WXJSckJDaW0rREZaa2Z5enIxUmY1Z0dTSlcvYWxSdURjUUF4ZDFPZENBMzc3R01TMUd5N3g3amZaQllseVVHV2F4WlM4NlhWYStFZk1rb2NTU2p4a3dEK3Z0UmU4QlhaQWZ2WnJiTlVZVFJBakcvM09GZUhoWi9BbVhISjQzcGVsYWhtT3JMZDl3YllneFJRSU5vV1pXbHlaOFFZdk9vb0RlYXZ0WDlvT1RYeU1rU2NWRWNRdWk5RnhzYlUrSXRuRnhRcmFwNmEvWVhYQVhBalREdUx3TEIwUmRpcjQvd2ZONU1tK0NHMHBDTFA5UFlzclA5bmFpeDg0S3NSc0pHOFBEdWdqTVJSMk5MaURjaHVoWHJsV2JjWEFiMjlJbHJFbzZxT29VVmxhQm9LZUNnbmRNZz09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTQzNzZlYzAyNTZkNTEyZTIzNzMyMDljZjQzOTk2OWRhNGQ5NDM2MzRmZTk2Y2E1NTZmZjFhN2ExYzE1YTRiZSwxMzM1ODAzNzM1MzAwMDAwMDAsMCwxMzM1ODEyMzQ1Mzg0ODM0MDIsMC4wLjAuMCwyNTgsYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiLCwsNDJhODIwYTEtYTAxMi04MDAwLTg3OTgtZDM1NTQxMmQxNGQ5LDQyYTgyMGExLWEwMTItODAwMC04Nzk4LWQzNTU0MTJkMTRkOSwzTlVzZFR6QS9rT0M0cEJvQmJKRjFnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODgyMTQsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdnTDZlWE9nNnFOT2s0dlVxbVJnYU9aWE9LazF3c1VYdms5WXJSckJDaW0rREZaa2Z5enIxUmY1Z0dTSlcvYWxSdURjUUF4ZDFPZENBMzc3R01TMUd5N3g3amZaQllseVVHV2F4WlM4NlhWYStFZk1rb2NTU2p4a3dEK3Z0UmU4QlhaQWZ2WnJiTlVZVFJBakcvM09GZUhoWi9BbVhISjQzcGVsYWhtT3JMZDl3YllneFJRSU5vV1pXbHlaOFFZdk9vb0RlYXZ0WDlvT1RYeU1rU2NWRWNRdWk5RnhzYlUrSXRuRnhRcmFwNmEvWVhYQVhBalREdUx3TEIwUmRpcjQvd2ZONU1tK0NHMHBDTFA5UFlzclA5bmFpeDg0S3NSc0pHOFBEdWdqTVJSMk5MaURjaHVoWHJsV2JjWEFiMjlJbHJFbzZxT29VVmxhQm9LZUNnbmRNZz09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /personal/s7958766_estg_moe_gov_sa/_api/v2.1/graphql HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTQzNzZlYzAyNTZkNTEyZTIzNzMyMDljZjQzOTk2OWRhNGQ5NDM2MzRmZTk2Y2E1NTZmZjFhN2ExYzE1YTRiZSwxMzM1ODAzNzM1MzAwMDAwMDAsMCwxMzM1ODEyMzQ1Mzg0ODM0MDIsMC4wLjAuMCwyNTgsYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiLCwsNDJhODIwYTEtYTAxMi04MDAwLTg3OTgtZDM1NTQxMmQxNGQ5LDQyYTgyMGExLWEwMTItODAwMC04Nzk4LWQzNTU0MTJkMTRkOSwzTlVzZFR6QS9rT0M0cEJvQmJKRjFnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODgyMTQsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdnTDZlWE9nNnFOT2s0dlVxbVJnYU9aWE9LazF3c1VYdms5WXJSckJDaW0rREZaa2Z5enIxUmY1Z0dTSlcvYWxSdURjUUF4ZDFPZENBMzc3R01TMUd5N3g3amZaQllseVVHV2F4WlM4NlhWYStFZk1rb2NTU2p4a3dEK3Z0UmU4QlhaQWZ2WnJiTlVZVFJBakcvM09GZUhoWi9BbVhISjQzcGVsYWhtT3JMZDl3YllneFJRSU5vV1pXbHlaOFFZdk9vb0RlYXZ0WDlvT1RYeU1rU2NWRWNRdWk5RnhzYlUrSXRuRnhRcmFwNmEvWVhYQVhBalREdUx3TEIwUmRpcjQvd2ZONU1tK0NHMHBDTFA5UFlzclA5bmFpeDg0S3NSc0pHOFBEdWdqTVJSMk5MaURjaHVoWHJsV2JjWEFiMjlJbHJFbzZxT29VVmxhQm9LZUNnbmRNZz09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://estgirls-my.sharepoint.com/personal/s7958766_estg_moe_gov_sa/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments%2Fcontract%2Epdf&parent=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTQzNzZlYzAyNTZkNTEyZTIzNzMyMDljZjQzOTk2OWRhNGQ5NDM2MzRmZTk2Y2E1NTZmZjFhN2ExYzE1YTRiZSwxMzM1ODAzNzM1MzAwMDAwMDAsMCwxMzM1ODEyMzQ1Mzg0ODM0MDIsMC4wLjAuMCwyNTgsYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiLCwsNDJhODIwYTEtYTAxMi04MDAwLTg3OTgtZDM1NTQxMmQxNGQ5LDQyYTgyMGExLWEwMTItODAwMC04Nzk4LWQzNTU0MTJkMTRkOSwzTlVzZFR6QS9rT0M0cEJvQmJKRjFnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODgyMTQsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdnTDZlWE9nNnFOT2s0dlVxbVJnYU9aWE9LazF3c1VYdms5WXJSckJDaW0rREZaa2Z5enIxUmY1Z0dTSlcvYWxSdURjUUF4ZDFPZENBMzc3R01TMUd5N3g3amZaQllseVVHV2F4WlM4NlhWYStFZk1rb2NTU2p4a3dEK3Z0UmU4QlhaQWZ2WnJiTlVZVFJBakcvM09GZUhoWi9BbVhISjQzcGVsYWhtT3JMZDl3YllneFJRSU5vV1pXbHlaOFFZdk9vb0RlYXZ0WDlvT1RYeU1rU2NWRWNRdWk5RnhzYlUrSXRuRnhRcmFwNmEvWVhYQVhBalREdUx3TEIwUmRpcjQvd2ZONU1tK0NHMHBDTFA5UFlzclA5bmFpeDg0S3NSc0pHOFBEdWdqTVJSMk5MaURjaHVoWHJsV2JjWEFiMjlJbHJFbzZxT29VVmxhQm9LZUNnbmRNZz09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /personal/s7958766_estg_moe_gov_sa/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTQzNzZlYzAyNTZkNTEyZTIzNzMyMDljZjQzOTk2OWRhNGQ5NDM2MzRmZTk2Y2E1NTZmZjFhN2ExYzE1YTRiZSwxMzM1ODAzNzM1MzAwMDAwMDAsMCwxMzM1ODEyMzQ1Mzg0ODM0MDIsMC4wLjAuMCwyNTgsYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiLCwsNDJhODIwYTEtYTAxMi04MDAwLTg3OTgtZDM1NTQxMmQxNGQ5LDQyYTgyMGExLWEwMTItODAwMC04Nzk4LWQzNTU0MTJkMTRkOSwzTlVzZFR6QS9rT0M0cEJvQmJKRjFnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODgyMTQsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdnTDZlWE9nNnFOT2s0dlVxbVJnYU9aWE9LazF3c1VYdms5WXJSckJDaW0rREZaa2Z5enIxUmY1Z0dTSlcvYWxSdURjUUF4ZDFPZENBMzc3R01TMUd5N3g3amZaQllseVVHV2F4WlM4NlhWYStFZk1rb2NTU2p4a3dEK3Z0UmU4QlhaQWZ2WnJiTlVZVFJBakcvM09GZUhoWi9BbVhISjQzcGVsYWhtT3JMZDl3YllneFJRSU5vV1pXbHlaOFFZdk9vb0RlYXZ0WDlvT1RYeU1rU2NWRWNRdWk5RnhzYlUrSXRuRnhRcmFwNmEvWVhYQVhBalREdUx3TEIwUmRpcjQvd2ZONU1tK0NHMHBDTFA5UFlzclA5bmFpeDg0S3NSc0pHOFBEdWdqTVJSMk5MaURjaHVoWHJsV2JjWEFiMjlJbHJFbzZxT29VVmxhQm9LZUNnbmRNZz09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTQzNzZlYzAyNTZkNTEyZTIzNzMyMDljZjQzOTk2OWRhNGQ5NDM2MzRmZTk2Y2E1NTZmZjFhN2ExYzE1YTRiZSwxMzM1ODAzNzM1MzAwMDAwMDAsMCwxMzM1ODEyMzQ1Mzg0ODM0MDIsMC4wLjAuMCwyNTgsYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiLCwsNDJhODIwYTEtYTAxMi04MDAwLTg3OTgtZDM1NTQxMmQxNGQ5LDQyYTgyMGExLWEwMTItODAwMC04Nzk4LWQzNTU0MTJkMTRkOSwzTlVzZFR6QS9rT0M0cEJvQmJKRjFnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODgyMTQsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdnTDZlWE9nNnFOT2s0dlVxbVJnYU9aWE9LazF3c1VYdms5WXJSckJDaW0rREZaa2Z5enIxUmY1Z0dTSlcvYWxSdURjUUF4ZDFPZENBMzc3R01TMUd5N3g3amZaQllseVVHV2F4WlM4NlhWYStFZk1rb2NTU2p4a3dEK3Z0UmU4QlhaQWZ2WnJiTlVZVFJBakcvM09GZUhoWi9BbVhISjQzcGVsYWhtT3JMZDl3YllneFJRSU5vV1pXbHlaOFFZdk9vb0RlYXZ0WDlvT1RYeU1rU2NWRWNRdWk5RnhzYlUrSXRuRnhRcmFwNmEvWVhYQVhBalREdUx3TEIwUmRpcjQvd2ZONU1tK0NHMHBDTFA5UFlzclA5bmFpeDg0S3NSc0pHOFBEdWdqTVJSMk5MaURjaHVoWHJsV2JjWEFiMjlJbHJFbzZxT29VVmxhQm9LZUNnbmRNZz09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /personal/s7958766_estg_moe_gov_sa/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTQzNzZlYzAyNTZkNTEyZTIzNzMyMDljZjQzOTk2OWRhNGQ5NDM2MzRmZTk2Y2E1NTZmZjFhN2ExYzE1YTRiZSwxMzM1ODAzNzM1MzAwMDAwMDAsMCwxMzM1ODEyMzQ1Mzg0ODM0MDIsMC4wLjAuMCwyNTgsYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiLCwsNDJhODIwYTEtYTAxMi04MDAwLTg3OTgtZDM1NTQxMmQxNGQ5LDQyYTgyMGExLWEwMTItODAwMC04Nzk4LWQzNTU0MTJkMTRkOSwzTlVzZFR6QS9rT0M0cEJvQmJKRjFnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODgyMTQsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdnTDZlWE9nNnFOT2s0dlVxbVJnYU9aWE9LazF3c1VYdms5WXJSckJDaW0rREZaa2Z5enIxUmY1Z0dTSlcvYWxSdURjUUF4ZDFPZENBMzc3R01TMUd5N3g3amZaQllseVVHV2F4WlM4NlhWYStFZk1rb2NTU2p4a3dEK3Z0UmU4QlhaQWZ2WnJiTlVZVFJBakcvM09GZUhoWi9BbVhISjQzcGVsYWhtT3JMZDl3YllneFJRSU5vV1pXbHlaOFFZdk9vb0RlYXZ0WDlvT1RYeU1rU2NWRWNRdWk5RnhzYlUrSXRuRnhRcmFwNmEvWVhYQVhBalREdUx3TEIwUmRpcjQvd2ZONU1tK0NHMHBDTFA5UFlzclA5bmFpeDg0S3NSc0pHOFBEdWdqTVJSMk5MaURjaHVoWHJsV2JjWEFiMjlJbHJFbzZxT29VVmxhQm9LZUNnbmRNZz09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%5D&defaultBrotli=true&authenticateFast=true&wwData=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099649,3]&spStartApplicationWebBundle=true&enableIntegrities=true HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://estgirls-my.sharepoint.com/personal/s7958766_estg_moe_gov_sa/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments%2Fcontract%2Epdf&parent=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments&ga=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTQzNzZlYzAyNTZkNTEyZTIzNzMyMDljZjQzOTk2OWRhNGQ5NDM2MzRmZTk2Y2E1NTZmZjFhN2ExYzE1YTRiZSwxMzM1ODAzNzM1MzAwMDAwMDAsMCwxMzM1ODEyMzQ1Mzg0ODM0MDIsMC4wLjAuMCwyNTgsYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiLCwsNDJhODIwYTEtYTAxMi04MDAwLTg3OTgtZDM1NTQxMmQxNGQ5LDQyYTgyMGExLWEwMTItODAwMC04Nzk4LWQzNTU0MTJkMTRkOSwzTlVzZFR6QS9rT0M0cEJvQmJKRjFnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODgyMTQsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdnTDZlWE9nNnFOT2s0dlVxbVJnYU9aWE9LazF3c1VYdms5WXJSckJDaW0rREZaa2Z5enIxUmY1Z0dTSlcvYWxSdURjUUF4ZDFPZENBMzc3R01TMUd5N3g3amZaQllseVVHV2F4WlM4NlhWYStFZk1rb2NTU2p4a3dEK3Z0UmU4QlhaQWZ2WnJiTlVZVFJBakcvM09GZUhoWi9BbVhISjQzcGVsYWhtT3JMZDl3YllneFJRSU5vV1pXbHlaOFFZdk9vb0RlYXZ0WDlvT1RYeU1rU2NWRWNRdWk5RnhzYlUrSXRuRnhRcmFwNmEvWVhYQVhBalREdUx3TEIwUmRpcjQvd2ZONU1tK0NHMHBDTFA5UFlzclA5bmFpeDg0S3NSc0pHOFBEdWdqTVJSMk5MaURjaHVoWHJsV2JjWEFiMjlJbHJFbzZxT29VVmxhQm9LZUNnbmRNZz09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /transform/thumbnail?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Festgirls-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!3wg9-hIsbkKjisgTkXNd6LRDPUacccZPsT38WqC54ml1Bruter-IRZ4fXQ1eVBg9%2Fitems%2F01PD5Q4JXARXIMAEOQLZG3T5IZSE6ZB6TH%3Fversion%3DPublished&access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvZXN0Z2lybHMtbXkuc2hhcmVwb2ludC5jb21AYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlNDM3NmVjMDI1NmQ1MTJlMjM3MzIwOWNmNDM5OTY5ZGE0ZDk0MzYzNGZlOTZjYTU1NmZmMWE3YTFjMTVhNGJlIiwiZW5kcG9pbnR1cmwiOiJURjgwRTBXRUM0cWNENzhvRWQxb0gwRjNxVXl4RlF6RXdvSjlrT1VybHlNPSIsImVuZHBvaW50dXJsTGVuZ3RoIjoiMTE4IiwiZXhwIjoiMTcxMzU4MjAwMCIsImlwYWRkciI6IjgxLjE4MS41Ny41MiIsImlzbG9vcGJhY2siOiJUcnVlIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIiwiaXN1c2VyIjoidHJ1ZSIsIm5hbWVpZCI6IjAjLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUiLCJuYmYiOiIxNzEzNTYwNDAwIiwibmlpIjoibWljcm9zb2Z0LnNoYXJlcG9pbnQiLCJzaGFyaW5naWQiOiIzTlVzZFR6QS9rT0M0cEJvQmJKRjFnIiwic2l0ZWlkIjoiWm1FelpEQTRaR1l0TW1NeE1pMDBNalpsTFdFek9HRXRZemd4TXpreE56TTFaR1U0Iiwic25pZCI6IjYiLCJzdHAiOiJ0IiwidHQiOiIwIiwidmVyIjoiaGFzaGVkcHJvb2Z0b2tlbiJ9.ZgbJkRJ9o5Ke5sfg2XVFcy9TQ4gtZLqksRzitF_6T4Q&cTag=%22c%3A%7BC0D08DE0-D011-4D5E-B9F5-19913D90FA67%7D%2C1%22&encodeFailures=1&width=1280&height=859&srcWidth=&srcHeight= HTTP/1.1Host: northeurope1-mediap.svc.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://estgirls-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /transform/thumbnail?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Festgirls-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!3wg9-hIsbkKjisgTkXNd6LRDPUacccZPsT38WqC54ml1Bruter-IRZ4fXQ1eVBg9%2Fitems%2F01PD5Q4JXARXIMAEOQLZG3T5IZSE6ZB6TH%3Fversion%3DPublished&access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvZXN0Z2lybHMtbXkuc2hhcmVwb2ludC5jb21AYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlNDM3NmVjMDI1NmQ1MTJlMjM3MzIwOWNmNDM5OTY5ZGE0ZDk0MzYzNGZlOTZjYTU1NmZmMWE3YTFjMTVhNGJlIiwiZW5kcG9pbnR1cmwiOiJURjgwRTBXRUM0cWNENzhvRWQxb0gwRjNxVXl4RlF6RXdvSjlrT1VybHlNPSIsImVuZHBvaW50dXJsTGVuZ3RoIjoiMTE4IiwiZXhwIjoiMTcxMzU4MjAwMCIsImlwYWRkciI6IjgxLjE4MS41Ny41MiIsImlzbG9vcGJhY2siOiJUcnVlIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIiwiaXN1c2VyIjoidHJ1ZSIsIm5hbWVpZCI6IjAjLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUiLCJuYmYiOiIxNzEzNTYwNDAwIiwibmlpIjoibWljcm9zb2Z0LnNoYXJlcG9pbnQiLCJzaGFyaW5naWQiOiIzTlVzZFR6QS9rT0M0cEJvQmJKRjFnIiwic2l0ZWlkIjoiWm1FelpEQTRaR1l0TW1NeE1pMDBNalpsTFdFek9HRXRZemd4TXpreE56TTFaR1U0Iiwic25pZCI6IjYiLCJzdHAiOiJ0IiwidHQiOiIwIiwidmVyIjoiaGFzaGVkcHJvb2Z0b2tlbiJ9.ZgbJkRJ9o5Ke5sfg2XVFcy9TQ4gtZLqksRzitF_6T4Q&cTag=%22c%3A%7BC0D08DE0-D011-4D5E-B9F5-19913D90FA67%7D%2C1%22&encodeFailures=1&width=1280&height=859&srcWidth=&srcHeight= HTTP/1.1Host: northeurope1-mediap.svc.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=odbmspdfwebworker&debug=false&bypass=false HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://estgirls-my.sharepoint.com/personal/s7958766_estg_moe_gov_sa/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments%2Fcontract%2Epdf&parent=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTQzNzZlYzAyNTZkNTEyZTIzNzMyMDljZjQzOTk2OWRhNGQ5NDM2MzRmZTk2Y2E1NTZmZjFhN2ExYzE1YTRiZSwxMzM1ODAzNzM1MzAwMDAwMDAsMCwxMzM1ODEyMzQ1Mzg0ODM0MDIsMC4wLjAuMCwyNTgsYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiLCwsNDJhODIwYTEtYTAxMi04MDAwLTg3OTgtZDM1NTQxMmQxNGQ5LDQyYTgyMGExLWEwMTItODAwMC04Nzk4LWQzNTU0MTJkMTRkOSwzTlVzZFR6QS9rT0M0cEJvQmJKRjFnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODgyMTQsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdnTDZlWE9nNnFOT2s0dlVxbVJnYU9aWE9LazF3c1VYdms5WXJSckJDaW0rREZaa2Z5enIxUmY1Z0dTSlcvYWxSdURjUUF4ZDFPZENBMzc3R01TMUd5N3g3amZaQllseVVHV2F4WlM4NlhWYStFZk1rb2NTU2p4a3dEK3Z0UmU4QlhaQWZ2WnJiTlVZVFJBakcvM09GZUhoWi9BbVhISjQzcGVsYWhtT3JMZDl3YllneFJRSU5vV1pXbHlaOFFZdk9vb0RlYXZ0WDlvT1RYeU1rU2NWRWNRdWk5RnhzYlUrSXRuRnhRcmFwNmEvWVhYQVhBalREdUx3TEIwUmRpcjQvd2ZONU1tK0NHMHBDTFA5UFlzclA5bmFpeDg0S3NSc0pHOFBEdWdqTVJSMk5MaURjaHVoWHJsV2JjWEFiMjlJbHJFbzZxT29VVmxhQm9LZUNnbmRNZz09PC9TUD4=; MicrosoftApplicationsTelemetryDeviceId=ccc88f20-cdb4-4f2c-8688-a92937621503
Source: global traffic HTTP traffic detected: GET /transform/passthrough?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Festgirls-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!3wg9-hIsbkKjisgTkXNd6LRDPUacccZPsT38WqC54ml1Bruter-IRZ4fXQ1eVBg9%2Fitems%2F01PD5Q4JXARXIMAEOQLZG3T5IZSE6ZB6TH%3Fversion%3DPublished&access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvZXN0Z2lybHMtbXkuc2hhcmVwb2ludC5jb21AYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlNDM3NmVjMDI1NmQ1MTJlMjM3MzIwOWNmNDM5OTY5ZGE0ZDk0MzYzNGZlOTZjYTU1NmZmMWE3YTFjMTVhNGJlIiwiZW5kcG9pbnR1cmwiOiJURjgwRTBXRUM0cWNENzhvRWQxb0gwRjNxVXl4RlF6RXdvSjlrT1VybHlNPSIsImVuZHBvaW50dXJsTGVuZ3RoIjoiMTE4IiwiZXhwIjoiMTcxMzU4MjAwMCIsImlwYWRkciI6IjgxLjE4MS41Ny41MiIsImlzbG9vcGJhY2siOiJUcnVlIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIiwiaXN1c2VyIjoidHJ1ZSIsIm5hbWVpZCI6IjAjLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUiLCJuYmYiOiIxNzEzNTYwNDAwIiwibmlpIjoibWljcm9zb2Z0LnNoYXJlcG9pbnQiLCJzaGFyaW5naWQiOiIzTlVzZFR6QS9rT0M0cEJvQmJKRjFnIiwic2l0ZWlkIjoiWm1FelpEQTRaR1l0TW1NeE1pMDBNalpsTFdFek9HRXRZemd4TXpreE56TTFaR1U0Iiwic25pZCI6IjYiLCJzdHAiOiJ0IiwidHQiOiIwIiwidmVyIjoiaGFzaGVkcHJvb2Z0b2tlbiJ9.ZgbJkRJ9o5Ke5sfg2XVFcy9TQ4gtZLqksRzitF_6T4Q&cTag=%22c%3A%7BC0D08DE0-D011-4D5E-B9F5-19913D90FA67%7D%2C1%22 HTTP/1.1Host: northeurope1-mediap.svc.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://estgirls-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://estgirls-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /transform/passthrough?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Festgirls-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!3wg9-hIsbkKjisgTkXNd6LRDPUacccZPsT38WqC54ml1Bruter-IRZ4fXQ1eVBg9%2Fitems%2F01PD5Q4JXARXIMAEOQLZG3T5IZSE6ZB6TH%3Fversion%3DPublished&access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvZXN0Z2lybHMtbXkuc2hhcmVwb2ludC5jb21AYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlNDM3NmVjMDI1NmQ1MTJlMjM3MzIwOWNmNDM5OTY5ZGE0ZDk0MzYzNGZlOTZjYTU1NmZmMWE3YTFjMTVhNGJlIiwiZW5kcG9pbnR1cmwiOiJURjgwRTBXRUM0cWNENzhvRWQxb0gwRjNxVXl4RlF6RXdvSjlrT1VybHlNPSIsImVuZHBvaW50dXJsTGVuZ3RoIjoiMTE4IiwiZXhwIjoiMTcxMzU4MjAwMCIsImlwYWRkciI6IjgxLjE4MS41Ny41MiIsImlzbG9vcGJhY2siOiJUcnVlIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIiwiaXN1c2VyIjoidHJ1ZSIsIm5hbWVpZCI6IjAjLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUiLCJuYmYiOiIxNzEzNTYwNDAwIiwibmlpIjoibWljcm9zb2Z0LnNoYXJlcG9pbnQiLCJzaGFyaW5naWQiOiIzTlVzZFR6QS9rT0M0cEJvQmJKRjFnIiwic2l0ZWlkIjoiWm1FelpEQTRaR1l0TW1NeE1pMDBNalpsTFdFek9HRXRZemd4TXpreE56TTFaR1U0Iiwic25pZCI6IjYiLCJzdHAiOiJ0IiwidHQiOiIwIiwidmVyIjoiaGFzaGVkcHJvb2Z0b2tlbiJ9.ZgbJkRJ9o5Ke5sfg2XVFcy9TQ4gtZLqksRzitF_6T4Q&cTag=%22c%3A%7BC0D08DE0-D011-4D5E-B9F5-19913D90FA67%7D%2C1%22 HTTP/1.1Host: northeurope1-mediap.svc.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /haqHYyzL HTTP/1.1Host: login.ms2.belovedkittenrescue.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_api/v2.0/drive/apps?select=*%2Cpromoted%2CbuiltIn&%24expand=actions HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonAccept-Language: en-USsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://estgirls-my.sharepoint.com/personal/s7958766_estg_moe_gov_sa/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments%2Fcontract%2Epdf&parent=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments&ga=1Accept-Encoding: gzip, deflate, brCookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTQzNzZlYzAyNTZkNTEyZTIzNzMyMDljZjQzOTk2OWRhNGQ5NDM2MzRmZTk2Y2E1NTZmZjFhN2ExYzE1YTRiZSwxMzM1ODAzNzM1MzAwMDAwMDAsMCwxMzM1ODEyMzQ1Mzg0ODM0MDIsMC4wLjAuMCwyNTgsYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiLCwsNDJhODIwYTEtYTAxMi04MDAwLTg3OTgtZDM1NTQxMmQxNGQ5LDQyYTgyMGExLWEwMTItODAwMC04Nzk4LWQzNTU0MTJkMTRkOSwzTlVzZFR6QS9rT0M0cEJvQmJKRjFnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODgyMTQsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdnTDZlWE9nNnFOT2s0dlVxbVJnYU9aWE9LazF3c1VYdms5WXJSckJDaW0rREZaa2Z5enIxUmY1Z0dTSlcvYWxSdURjUUF4ZDFPZENBMzc3R01TMUd5N3g3amZaQllseVVHV2F4WlM4NlhWYStFZk1rb2NTU2p4a3dEK3Z0UmU4QlhaQWZ2WnJiTlVZVFJBakcvM09GZUhoWi9BbVhISjQzcGVsYWhtT3JMZDl3YllneFJRSU5vV1pXbHlaOFFZdk9vb0RlYXZ0WDlvT1RYeU1rU2NWRWNRdWk5RnhzYlUrSXRuRnhRcmFwNmEvWVhYQVhBalREdUx3TEIwUmRpcjQvd2ZONU1tK0NHMHBDTFA5UFlzclA5bmFpeDg0S3NSc0pHOFBEdWdqTVJSMk5MaURjaHVoWHJsV2JjWEFiMjlJbHJFbzZxT29VVmxhQm9LZUNnbmRNZz09PC9TUD4=; MicrosoftApplicationsTelemetryDeviceId=ccc88f20-cdb4-4f2c-8688-a92937621503; ai_session=CGDR8b2QKIE2W0/5WGq2EZ|1713563486859|1713563486859; MSFPC=GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310&V=4&LU=1696413236917
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: login.belovedkittenrescue.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: a405-c7b6=a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce
Source: global traffic HTTP traffic detected: GET /login HTTP/1.1Host: www.belovedkittenrescue.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: a405-c7b6=a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce
Source: global traffic HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 HTTP/1.1Host: login.belovedkittenrescue.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: a405-c7b6=a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce; fpc=AknvRAF3GEtMl4GurL9O1vA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8comX6T_qadyWaTRBS0nrT5rc3GYkelzdI2V_L3g8NTiVwDtcvQw3o5DpUf5ax6ylIPKLsXV5yRtdd49GYJusL6jeeDQ5Vj4VTb-PQfQ7KGiNk5qu2NwQdvYMBf8ZrAqEmZ1_f_1PRcP0VQ8bqJ7cxBcfxu-XKh_bUmKxMSy2IE8gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=341A6B55382865413D177F3339C664D5
Source: global traffic HTTP traffic detected: GET /s/a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce.js HTTP/1.1Host: login.belovedkittenrescue.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: a405-c7b6=a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce; fpc=AknvRAF3GEtMl4GurL9O1vA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8comX6T_qadyWaTRBS0nrT5rc3GYkelzdI2V_L3g8NTiVwDtcvQw3o5DpUf5ax6ylIPKLsXV5yRtdd49GYJusL6jeeDQ5Vj4VTb-PQfQ7KGiNk5qu2NwQdvYMBf8ZrAqEmZ1_f_1PRcP0VQ8bqJ7cxBcfxu-XKh_bUmKxMSy2IE8gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=341A6B55382865413D177F3339C664D5; esctx-HfkrDJ8zWBY=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Tx9zS59EWovYEWieSAaG6BP5XdE1AKBSB6yQfWyNtFaOuJjk43optfLc1d-Tv0s44T6kyGfXo0guVnZD2iud_Z8hLDDvaBZadKUt6IZBmm-xh68np-rmd6vXTuYMJs2TGpfYjPZe6-hglOaQqk_bOCAA
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_3b4rnVNi70Sso4_c42_ImQ2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.belovedkittenrescue.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true HTTP/1.1Host: login.belovedkittenrescue.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: a405-c7b6=a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce; fpc=AknvRAF3GEtMl4GurL9O1vA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8comX6T_qadyWaTRBS0nrT5rc3GYkelzdI2V_L3g8NTiVwDtcvQw3o5DpUf5ax6ylIPKLsXV5yRtdd49GYJusL6jeeDQ5Vj4VTb-PQfQ7KGiNk5qu2NwQdvYMBf8ZrAqEmZ1_f_1PRcP0VQ8bqJ7cxBcfxu-XKh_bUmKxMSy2IE8gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=341A6B55382865413D177F3339C664D5; esctx-HfkrDJ8zWBY=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Tx9zS59EWovYEWieSAaG6BP5XdE1AKBSB6yQfWyNtFaOuJjk43optfLc1d-Tv0s44T6kyGfXo0guVnZD2iud_Z8hLDDvaBZadKUt6IZBmm-xh68np-rmd6vXTuYMJs2TGpfYjPZe6-hglOaQqk_bOCAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic HTTP traffic detected: GET /s/a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce HTTP/1.1Host: login.belovedkittenrescue.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: a405-c7b6=a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce; fpc=AknvRAF3GEtMl4GurL9O1vA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8comX6T_qadyWaTRBS0nrT5rc3GYkelzdI2V_L3g8NTiVwDtcvQw3o5DpUf5ax6ylIPKLsXV5yRtdd49GYJusL6jeeDQ5Vj4VTb-PQfQ7KGiNk5qu2NwQdvYMBf8ZrAqEmZ1_f_1PRcP0VQ8bqJ7cxBcfxu-XKh_bUmKxMSy2IE8gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=341A6B55382865413D177F3339C664D5; esctx-HfkrDJ8zWBY=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Tx9zS59EWovYEWieSAaG6BP5XdE1AKBSB6yQfWyNtFaOuJjk43optfLc1d-Tv0s44T6kyGfXo0guVnZD2iud_Z8hLDDvaBZadKUt6IZBmm-xh68np-rmd6vXTuYMJs2TGpfYjPZe6-hglOaQqk_bOCAA
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.belovedkittenrescue.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: a405-c7b6=a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce; fpc=AknvRAF3GEtMl4GurL9O1vA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8comX6T_qadyWaTRBS0nrT5rc3GYkelzdI2V_L3g8NTiVwDtcvQw3o5DpUf5ax6ylIPKLsXV5yRtdd49GYJusL6jeeDQ5Vj4VTb-PQfQ7KGiNk5qu2NwQdvYMBf8ZrAqEmZ1_f_1PRcP0VQ8bqJ7cxBcfxu-XKh_bUmKxMSy2IE8gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=341A6B55382865413D177F3339C664D5; esctx-HfkrDJ8zWBY=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Tx9zS59EWovYEWieSAaG6BP5XdE1AKBSB6yQfWyNtFaOuJjk43optfLc1d-Tv0s44T6kyGfXo0guVnZD2iud_Z8hLDDvaBZadKUt6IZBmm-xh68np-rmd6vXTuYMJs2TGpfYjPZe6-hglOaQqk_bOCAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic HTTP traffic detected: GET /s/a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce.js HTTP/1.1Host: login.belovedkittenrescue.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: a405-c7b6=a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=341A6B55382865413D177F3339C664D5; esctx-HfkrDJ8zWBY=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Tx9zS59EWovYEWieSAaG6BP5XdE1AKBSB6yQfWyNtFaOuJjk43optfLc1d-Tv0s44T6kyGfXo0guVnZD2iud_Z8hLDDvaBZadKUt6IZBmm-xh68np-rmd6vXTuYMJs2TGpfYjPZe6-hglOaQqk_bOCAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXsAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nwD827Wi-kG_mXBousSJ1ePosbJhKfEo_4dWiEsnPWjopyT21U6deRoWVpIOINEioiZvk2DICnAmHrRZStMM8ioORIlmg2AlEpMtCzFiA2UgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Q-45z_Kyc4eKVhojkTpA7kDddtzzxcQy6c8JLjslJB64zHTCAvfCRL699o8tIart1VjIjHP5mHUs_ltyMmvjHOeeHrlfeZwd5C9CiP7s_tjmVPb_3xhViWpdaKAe8C6rGkct2Zekc28v6YX6BBUQtELP0GGvVz7wpocyn1xbD-UgAA; esctx-m1dW2TeptYM=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8XMuBF0wE-inyVJw02pGfSZMeDgGlHL_hECDf-ADpfrVJLT6wG37wnZcZUMnHcKfoIvRL5M9TmPpZzAe3gC0aO4NwbWxEWpxl7POqhOyqmM2d-m6ThCs5ZCL9cahUkkEYkdJYMCT2IRgecTQRuTcVjiAA; fpc=AknvRAF3GEtMl4GurL9O1vC8Ae7AAQAAAGvetN0OAAAA
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.belovedkittenrescue.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_xtPRDEy3EhlAdpju-Ah7qw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.belovedkittenrescue.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_pxjdzrjcwtmbr-ntjn_f8q2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.belovedkittenrescue.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: live.belovedkittenrescue.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: a405-c7b6=a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce; MUID=341A6B55382865413D177F3339C664D5
Source: global traffic HTTP traffic detected: GET /s/a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce HTTP/1.1Host: login.belovedkittenrescue.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: a405-c7b6=a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=341A6B55382865413D177F3339C664D5; esctx-HfkrDJ8zWBY=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Tx9zS59EWovYEWieSAaG6BP5XdE1AKBSB6yQfWyNtFaOuJjk43optfLc1d-Tv0s44T6kyGfXo0guVnZD2iud_Z8hLDDvaBZadKUt6IZBmm-xh68np-rmd6vXTuYMJs2TGpfYjPZe6-hglOaQqk_bOCAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXsAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nwD827Wi-kG_mXBousSJ1ePosbJhKfEo_4dWiEsnPWjopyT21U6deRoWVpIOINEioiZvk2DICnAmHrRZStMM8ioORIlmg2AlEpMtCzFiA2UgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Q-45z_Kyc4eKVhojkTpA7kDddtzzxcQy6c8JLjslJB64zHTCAvfCRL699o8tIart1VjIjHP5mHUs_ltyMmvjHOeeHrlfeZwd5C9CiP7s_tjmVPb_3xhViWpdaKAe8C6rGkct2Zekc28v6YX6BBUQtELP0GGvVz7wpocyn1xbD-UgAA; esctx-m1dW2TeptYM=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8XMuBF0wE-inyVJw02pGfSZMeDgGlHL_hECDf-ADpfrVJLT6wG37wnZcZUMnHcKfoIvRL5M9TmPpZzAe3gC0aO4NwbWxEWpxl7POqhOyqmM2d-m6ThCs5ZCL9cahUkkEYkdJYMCT2IRgecTQRuTcVjiAA; fpc=AknvRAF3GEtMl4GurL9O1vC8Ae7AAQAAAGvetN0OAAAA
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: live.belovedkittenrescue.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: a405-c7b6=a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce; MUID=341A6B55382865413D177F3339C664D5; uaid=f87fef687d3b42c1a9c94f5ed8824bd2; MSPRequ=id=N&lt=1713563502&co=1
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_3c78f555810791db83a9.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.belovedkittenrescue.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&scope=openid+profile+https%3a%2f%2fwww.belovedkittenrescue.com%2fv2%2fOfficeHome.All&redirect_uri=https%3a%2f%2fwww.belovedkittenrescue.com%2flandingv2&response_type=code+id_token&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&x-client-SKU=ID_NET6_0&x-client-Ver=7.3.1.0&uaid=a67d96ca27dd4840a2c4a24b8295837e&msproxy=1&issuer=mso&tenant=common&ui_locales=en-US&signup=1&lw=1&fl=easi2&epct=PAQABDgEAAADnfolhJpSnRYB1SVj-Hgd84h4hf9pcjo3oO1Z-_mXJ2p2B7lrhMIxU8LSIrlUAGcxDdijkf9VDPFFGEJC1gVwXCZKDJ0cSla6xR8hPI_XQAql-YvlMf20Q3gt_RROXZTOgJAVZO1CcE95A2X9mmoEkMvGEP-d9uM8P4eB2zAbd0nBSdTIf3MFEU_sKFHKsxuOw95TmYnUQrE1bd-l93mttsr-j6uZRqb5gKNc0G_4RdCAA&jshs=0 HTTP/1.1Host: live.belovedkittenrescue.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: a405-c7b6=a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce; MUID=341A6B55382865413D177F3339C664D5; uaid=506939cad2ae4af0b70a3e863040ec59; MSPRequ=id=N&lt=1713563504&co=2
Source: global traffic HTTP traffic detected: GET /personal/s7958766_estg_moe_gov_sa/_layouts/15/AccessDenied.aspx?correlation=53a820a1%2D008b%2D8000%2D9d5d%2D3d413cd47b8a HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTQzNzZlYzAyNTZkNTEyZTIzNzMyMDljZjQzOTk2OWRhNGQ5NDM2MzRmZTk2Y2E1NTZmZjFhN2ExYzE1YTRiZSwxMzM1ODAzNzM1MzAwMDAwMDAsMCwxMzM1ODEyMzQ1Mzg0ODM0MDIsMC4wLjAuMCwyNTgsYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiLCwsNDJhODIwYTEtYTAxMi04MDAwLTg3OTgtZDM1NTQxMmQxNGQ5LDQyYTgyMGExLWEwMTItODAwMC04Nzk4LWQzNTU0MTJkMTRkOSwzTlVzZFR6QS9rT0M0cEJvQmJKRjFnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODgyMTQsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdnTDZlWE9nNnFOT2s0dlVxbVJnYU9aWE9LazF3c1VYdms5WXJSckJDaW0rREZaa2Z5enIxUmY1Z0dTSlcvYWxSdURjUUF4ZDFPZENBMzc3R01TMUd5N3g3amZaQllseVVHV2F4WlM4NlhWYStFZk1rb2NTU2p4a3dEK3Z0UmU4QlhaQWZ2WnJiTlVZVFJBakcvM09GZUhoWi9BbVhISjQzcGVsYWhtT3JMZDl3YllneFJRSU5vV1pXbHlaOFFZdk9vb0RlYXZ0WDlvT1RYeU1rU2NWRWNRdWk5RnhzYlUrSXRuRnhRcmFwNmEvWVhYQVhBalREdUx3TEIwUmRpcjQvd2ZONU1tK0NHMHBDTFA5UFlzclA5bmFpeDg0S3NSc0pHOFBEdWdqTVJSMk5MaURjaHVoWHJsV2JjWEFiMjlJbHJFbzZxT29VVmxhQm9LZUNnbmRNZz09PC9TUD4=; MicrosoftApplicationsTelemetryDeviceId=ccc88f20-cdb4-4f2c-8688-a92937621503; ai_session=CGDR8b2QKIE2W0/5WGq2EZ|1713563486859|1713563486859; MSFPC=GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310&V=4&LU=1696413236917
Source: global traffic HTTP traffic detected: GET /converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /lightweightsignuppackage_MwksSuxFBgQ4Y619ES0DZQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /s/a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce HTTP/1.1Host: login.belovedkittenrescue.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.belovedkittenrescue.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638491602979817971.ZGM3ODI3MmYtMmZhYi00ZmFmLThkZWEtM2Q3N2Q5NjQyZjM5YWY3NDM0ZTEtZmI0Yy00Yjk4LTkxODUtYjEzOTY5ODVlZDIx&ui_locales=en-US&mkt=en-US&client-request-id=a67d96ca-27dd-4840-a2c4-a24b8295837e&state=Syu44JejXp8LqEQ8ywvgVxEnArYu1QcYhl-Pjbt8Eb1gV1TwVt4Bbi_S0ujC6W1Y35lH-Juduiv30Rgn2iNnyWaxJOj1wIYIXOHdFcuxUXV6YgKOr4Uu8HaqYFLj7UfQFh7tYALG3-zJu7_aQQbErMOwU-u7imKtReh_ivYEweWc_bobgs8C9H1b7ooj0ONkkl81AeG_dRo4RaYMlNCBJrRtujJ2ob0xiwEdQhb1SW_AxV5tFXAWFZIVz_Zt_Jj-W8CyxgXd3loRZsHHgX4Ccg&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: a405-c7b6=a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MUID=341A6B55382865413D177F3339C664D5; esctx-HfkrDJ8zWBY=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Tx9zS59EWovYEWieSAaG6BP5XdE1AKBSB6yQfWyNtFaOuJjk43optfLc1d-Tv0s44T6kyGfXo0guVnZD2iud_Z8hLDDvaBZadKUt6IZBmm-xh68np-rmd6vXTuYMJs2TGpfYjPZe6-hglOaQqk_bOCAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXsAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nwD827Wi-kG_mXBousSJ1ePosbJhKfEo_4dWiEsnPWjopyT21U6deRoWVpIOINEioiZvk2DICnAmHrRZStMM8ioORIlmg2AlEpMtCzFiA2UgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Q-45z_Kyc4eKVhojkTpA7kDddtzzxcQy6c8JLjslJB64zHTCAvfCRL699o8tIart1VjIjHP5mHUs_ltyMmvjHOeeHrlfeZwd5C9CiP7s_tjmVPb_3xhViWpdaKAe8C6rGkct2Zekc28v6YX6BBUQtELP0GGvVz7wpocyn1xbD-UgAA; esctx-m1dW2TeptYM=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8XMuBF0wE-inyVJw02pGfSZMeDgGlHL_hECDf-ADpfrVJLT6wG37wnZcZUMnHcKfoIvRL5M9TmPpZzAe3gC0aO4NwbWxEWpxl7POqhOyqmM2d-m6ThCs5ZCL9cahUkkEYkdJYMCT2IRgecTQRuTcVjiAA; fpc=AknvRAF3GEtMl4GurL9O1vC8Ae7AAQAAAGvetN0OAAAA; brcap=0
Source: unknown DNS traffic detected: queries for: estgirls-my.sharepoint.com
Source: unknown HTTP traffic detected: POST /personal/s7958766_estg_moe_gov_sa/_api/v2.1/graphql HTTP/1.1Host: estgirls-my.sharepoint.comConnection: keep-aliveContent-Length: 507sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/json;odata=verboseContent-Type: application/json;odata=verboseX-ServiceWorker-Strategy: CacheFirstsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://estgirls-my.sharepoint.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://estgirls-my.sharepoint.com/personal/s7958766_estg_moe_gov_sa/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments%2Fcontract%2Epdf&parent=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U0Mzc2ZWMwMjU2ZDUxMmUyMzczMjA5Y2Y0Mzk5NjlkYTRkOTQzNjM0ZmU5NmNhNTU2ZmYxYTdhMWMxNWE0YmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTQzNzZlYzAyNTZkNTEyZTIzNzMyMDljZjQzOTk2OWRhNGQ5NDM2MzRmZTk2Y2E1NTZmZjFhN2ExYzE1YTRiZSwxMzM1ODAzNzM1MzAwMDAwMDAsMCwxMzM1ODEyMzQ1Mzg0ODM0MDIsMC4wLjAuMCwyNTgsYjY4NzViYmItZjM3MS00ODBkLWFiYTEtMjk3MmNlMDQyYzJiLCwsNDJhODIwYTEtYTAxMi04MDAwLTg3OTgtZDM1NTQxMmQxNGQ5LDQyYTgyMGExLWEwMTItODAwMC04Nzk4LWQzNTU0MTJkMTRkOSwzTlVzZFR6QS9rT0M0cEJvQmJKRjFnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODgyMTQsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdnTDZlWE9nNnFOT2s0dlVxbVJnYU9aWE9LazF3c1VYdms5WXJSckJDaW0rREZaa2Z5enIxUmY1Z0dTSlcvYWxSdURjUUF4ZDFPZENBMzc3R01TMUd5N3g3amZaQllseVVHV2F4WlM4NlhWYStFZk1rb2NTU2p4a3dEK3Z0UmU4QlhaQWZ2WnJiTlVZVFJBakcvM09GZUhoWi9BbVhISjQzcGVsYWhtT3JMZDl3YllneFJRSU5vV1pXbHlaOFFZdk9vb0RlYXZ0WDlvT1RYeU1rU2NWRWNRdWk5RnhzYlUrSXRuRnhRcmFwNmEvWVhYQVhBalREdUx3TEIwUmRpcjQvd2ZONU1tK0NHMHBDTFA5UFlzclA5bmFpeDg0S3NSc0pHOFBEdWdqTVJSMk5MaURjaHVoWHJsV2JjWEFiMjlJbHJFbzZxT29VVmxhQm9LZUNnbmRNZz09PC9TUD4=
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Found
Source: chromecache_583.2.dr String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_573.2.dr, chromecache_719.2.dr String found in binary or memory: http://scripts.sil.org/OFLThis
Source: chromecache_383.2.dr, chromecache_592.2.dr, chromecache_413.2.dr, chromecache_384.2.dr, chromecache_646.2.dr, chromecache_508.2.dr, chromecache_723.2.dr String found in binary or memory: http://www.contoso.com
Source: chromecache_692.2.dr, chromecache_782.2.dr String found in binary or memory: https://200.hc.com/the-harpercollins-200/moby-dick/
Source: chromecache_786.2.dr String found in binary or memory: https://facebook.github.io/react/docs/more-about-refs.html#the-ref-callback-attribute
Source: chromecache_605.2.dr String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_534.2.dr String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: chromecache_474.2.dr String found in binary or memory: https://lists.live.com/
Source: chromecache_502.2.dr, chromecache_664.2.dr String found in binary or memory: https://login.ms2.belovedkittenrescue.com/haqHYyzL)
Source: chromecache_322.2.dr String found in binary or memory: https://make.powerautomate.com
Source: chromecache_322.2.dr String found in binary or memory: https://make.preprod.powerautomate.com
Source: chromecache_322.2.dr String found in binary or memory: https://make.test.powerautomate.com
Source: chromecache_768.2.dr String found in binary or memory: https://media.cloudapp.net
Source: chromecache_768.2.dr String found in binary or memory: https://northcentralus1-medias.svc.ms
Source: chromecache_507.2.dr String found in binary or memory: https://odspwebdevdeploy.blob.core.windows.net
Source: chromecache_637.2.dr, chromecache_507.2.dr String found in binary or memory: https://onedrive.live.com/?gologin=1
Source: chromecache_510.2.dr, chromecache_337.2.dr, chromecache_632.2.dr, chromecache_497.2.dr String found in binary or memory: https://outlook.office.com/search
Source: chromecache_510.2.dr, chromecache_337.2.dr, chromecache_436.2.dr String found in binary or memory: https://portal.office.com/
Source: chromecache_583.2.dr String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_637.2.dr String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_637.2.dr, chromecache_777.2.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-05.011/
Source: chromecache_777.2.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-05.011/stsserviceworkerprefetch/stsservicew
Source: chromecache_777.2.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-12.003/
Source: chromecache_777.2.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-12.003/spserviceworker.js
Source: chromecache_637.2.dr String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-04-05.011/
Source: chromecache_507.2.dr String found in binary or memory: https://res.cdn.office.net/teams-js/2.0.0/js/MicrosoftTeams.min.js
Source: chromecache_507.2.dr String found in binary or memory: https://securebroker.sharepointonline.com
Source: chromecache_768.2.dr String found in binary or memory: https://sharepoint.uservoice.com/forums/329214-sites-and-collaboration
Source: chromecache_637.2.dr String found in binary or memory: https://shell.cdn.office.net
Source: chromecache_637.2.dr, chromecache_777.2.dr String found in binary or memory: https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell
Source: chromecache_768.2.dr String found in binary or memory: https://shellppe.msocdn.com
Source: chromecache_768.2.dr String found in binary or memory: https://shellprod.msocdn.com
Source: chromecache_637.2.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js
Source: chromecache_597.2.dr String found in binary or memory: https://substrate.office.com
Source: chromecache_393.2.dr String found in binary or memory: https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48
Source: chromecache_692.2.dr, chromecache_782.2.dr String found in binary or memory: https://www.littlebrown.com/titles/j-d-salinger/the-catcher-in-the-rye/9780316769488/
Source: chromecache_507.2.dr String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2F$
Source: chromecache_637.2.dr String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive
Source: chromecache_507.2.dr String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2F$
Source: chromecache_637.2.dr String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2Fonedrive
Source: chromecache_692.2.dr, chromecache_782.2.dr String found in binary or memory: https://www.peachpit.com/store/dont-make-me-think-revisited-a-common-sense-approach-9780321965516
Source: chromecache_692.2.dr, chromecache_782.2.dr String found in binary or memory: https://www.penguinrandomhouse.com/books/196330/great-tales-and-poems-of-edgar-allan-poe-by-edgar-al
Source: chromecache_692.2.dr String found in binary or memory: https://www.simonandschuster.com/books/The-Great-Gatsby/F-Scott-Fitzgerald/9781982146702#:~007E;007E
Source: chromecache_782.2.dr String found in binary or memory: https://www.simonandschuster.com/books/The-Great-Gatsby/F-Scott-Fitzgerald/9781982146702#:~:text=The
Source: chromecache_692.2.dr String found in binary or memory: https://www.simonandschuster.com/books/The-Sun-Also-Rises/Ernest-Hemingway/9781982199524#:~007E;007E
Source: chromecache_782.2.dr String found in binary or memory: https://www.simonandschuster.com/books/The-Sun-Also-Rises/Ernest-Hemingway/9781982199524#:~:text=The
Source: unknown Network traffic detected: HTTP traffic on port 50254 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown Network traffic detected: HTTP traffic on port 50260 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50210
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50183
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 50251 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50226
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50188
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50187
Source: unknown Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown Network traffic detected: HTTP traffic on port 50289 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50191
Source: unknown Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50192
Source: unknown Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50237 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50237
Source: unknown Network traffic detected: HTTP traffic on port 50252 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50246 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 50192 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50243
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50242
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50245
Source: unknown Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50244
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50247
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50246
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50210 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50252
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50251
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50254
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50253
Source: unknown Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50244 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50255
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 50253 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50209 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50264
Source: unknown Network traffic detected: HTTP traffic on port 50226 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50264 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50191 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50242 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50209
Source: unknown Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50188 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50289
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: classification engine Classification label: mal64.phis.win@20/932@42/12
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1964,i,6069389677495694469,7174581422029952172,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://estgirls-my.sharepoint.com/:b:/g/personal/s7958766_estg_moe_gov_sa/EeCN0MAR0F5NufUZkT2Q-mcBn4v13Ov8FQ0oi798Dgtayg?e=zTKNmK"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1964,i,6069389677495694469,7174581422029952172,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 664 Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 502
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 502 Jump to dropped file
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1428968 URL: https://estgirls-my.sharepo... Startdate: 19/04/2024 Architecture: WINDOWS Score: 64 26 Phishing site detected (based on favicon image match) 2->26 28 Yara detected HtmlPhish54 2->28 30 Phishing site detected (based on image similarity) 2->30 32 Phishing site detected (based on logo match) 2->32 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.16 unknown unknown 6->14 16 192.168.2.4, 138, 443, 49723 unknown unknown 6->16 18 2 other IPs or domains 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 dual-spo-0005.spo-msedge.net 13.107.136.10, 443, 49735, 49736 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->20 22 13.107.138.10, 443, 49918, 49933 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->22 24 24 other IPs or domains 11->24
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
13.107.138.10
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.246.41
 part-0013.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.136.10
 dual-spo-0005.spo-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.246.40
 part-0012.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
82.180.132.218
 www.belovedkittenrescue.com Denmark
29100 BROADCOMDK false
13.107.213.41
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
74.125.138.103
 www.google.com United States
15169 GOOGLEUS false
152.199.4.44
 cs1100.wpc.omegacdn.net United States
15133 EDGECASTUS false
239.255.255.250
 unknown Reserved
unknown unknown false

Private

IP
192.168.2.16
192.168.2.4
192.168.2.6

Contacted Domains

Name IP Active
www.belovedkittenrescue.com 82.180.132.218 true
dual-spo-0005.spo-msedge.net 13.107.136.10 true
login.belovedkittenrescue.com 82.180.132.218 true
part-0013.t-0009.t-msedge.net 13.107.246.41 true
cs1100.wpc.omegacdn.net 152.199.4.44 true
www.google.com 74.125.138.103 true
part-0012.t-0009.t-msedge.net 13.107.246.40 true
login.ms2.belovedkittenrescue.com 82.180.132.218 true
live.belovedkittenrescue.com 82.180.132.218 true
fp2e7a.wpc.phicdn.net 192.229.211.108 true
signup.live.com unknown unknown
aadcdn.msftauth.net unknown unknown
estgirls-my.sharepoint.com unknown unknown
m365cdn.nel.measure.office.net unknown unknown
spo.nel.measure.office.net unknown unknown
identity.nel.measure.office.net unknown unknown
northeurope1-mediap.svc.ms unknown unknown
fpt.live.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://estgirls-my.sharepoint.com/personal/s7958766_estg_moe_gov_sa/_layouts/15/CSPReporting.aspx false
    		unknown
    https://aadcdn.msftauth.net/shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg false
    • URL Reputation: safe
    		 unknown
    https://www.belovedkittenrescue.com/login false
      		unknown
      https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js false
        		unknown
        https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg false
        • URL Reputation: safe
        		 unknown
        https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_3c78f555810791db83a9.js false
          		unknown
          https://estgirls-my.sharepoint.com/_layouts/15/spwebworkerproxy.ashx false
            		unknown
            https://estgirls-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=odbmspdfwebworker&debug=false&bypass=false false
              		unknown
              https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_xtPRDEy3EhlAdpju-Ah7qw2.js false
                		unknown
                https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_pxjdzrjcwtmbr-ntjn_f8q2.js false
                  		unknown
                  https://login.belovedkittenrescue.com/favicon.ico false
                    		unknown
                    https://estgirls-my.sharepoint.com/:b:/g/personal/s7958766_estg_moe_gov_sa/EeCN0MAR0F5NufUZkT2Q-mcBn4v13Ov8FQ0oi798Dgtayg?e=zTKNmK false
                      		unknown
                      https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico false
                      • URL Reputation: safe
                      		 unknown
                      https://estgirls-my.sharepoint.com/_layouts/15/images/odbfavicon.ico?rev=47 false
                        		unknown
                        https://estgirls-my.sharepoint.com/personal/s7958766_estg_moe_gov_sa/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments%2Fcontract%2Epdf&parent=%2Fpersonal%2Fs7958766%5Festg%5Fmoe%5Fgov%5Fsa%2FDocuments&ga=1 false
                          		unknown
                          https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js false
                            		unknown
                            https://login.belovedkittenrescue.com/ false
                              		unknown
                              https://estgirls-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%5D&defaultBrotli=true&authenticateFast=true&wwData=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099649,3]&spStartApplicationWebBundle=true&enableIntegrities=true false
                                		unknown
                                https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js false
                                  		unknown
                                  https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css false
                                  • URL Reputation: safe
                                  		 unknown
                                  https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg false
                                  • URL Reputation: safe
                                  		 unknown
                                  https://estgirls-my.sharepoint.com/personal/s7958766_estg_moe_gov_sa/_api/SP.OAuth.Token/Acquire() false
                                    		unknown
                                    https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif false
                                    • URL Reputation: safe
                                    		 unknown
                                    https://estgirls-my.sharepoint.com/personal/s7958766_estg_moe_gov_sa/_layouts/15/AccessDenied.aspx?correlation=53a820a1%2D008b%2D8000%2D9d5d%2D3d413cd47b8a false
                                      		unknown
                                      https://login.belovedkittenrescue.com/s/a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce false
                                        		unknown
                                        https://login.belovedkittenrescue.com/s/a2a2d927ec60dd38ec52c4226f2df574602a86d8408b49fd9cd2e3ecc489b6ce.js false
                                          		unknown
                                          https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif false
                                          • URL Reputation: safe
                                          		 unknown
                                          https://fpt.live.com/?session_id=a67d96ca27dd4840a2c4a24b8295837e&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US false
                                            		high
                                            https://live.belovedkittenrescue.com/Me.htm?v=3 false
                                              		unknown
                                              https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg false
                                              • URL Reputation: safe
                                              		 unknown
                                              https://estgirls-my.sharepoint.com/personal/s7958766_estg_moe_gov_sa/_api/v2.1/graphql false
                                                		unknown
                                                https://aadcdn.msftauth.net/shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg false
                                                • URL Reputation: safe
                                                		 unknown
                                                https://login.ms2.belovedkittenrescue.com/haqHYyzL false
                                                  		unknown