Windows Analysis Report
FW_ FHAS Inc_ - Private and Confidential.msg

Overview

General Information

Sample name: FW_ FHAS Inc_ - Private and Confidential.msg
Analysis ID: 1431111
MD5: 9df7a23ef75002280cab36951693ad81
SHA1: 7933a22276c49b35fef76fc729addbdefb258ce4
SHA256: 137454d482c2b32419da6525c85b121cd68dfe6ada35e8515c773ae3f8992e19
Infos:

Detection

HtmlDropper, HTMLPhisher
Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected Html Dropper
Yara detected HtmlPhish10
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
HTML body contains low number of good links
HTML page contains hidden URLs or javascript code
HTML title does not match URL
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Invalid 'sign-in options' or 'sign-up' link found
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Phishing
barindex
Yara detected HtmlPhish10
Source: Yara match File source: 4.12.pages.csv, type: HTML
Source: Yara match File source: 4.9.pages.csv, type: HTML
Source: Yara match File source: 4.10.pages.csv, type: HTML
Phishing site detected (based on image similarity)
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 Matcher: Found strong image similarity, brand: MICROSOFT
Phishing site detected (based on logo match)
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 Matcher: Template: microsoft matched
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 Matcher: Template: microsoft matched
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 Matcher: Template: microsoft matched
HTML body contains low number of good links
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP Parser: Number of links: 0
HTML page contains hidden URLs or javascript code
Source: https://mailvlk.com/ HTTP Parser: Base64 decoded: https://mailvlk.com/
HTML title does not match URL
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP Parser: Title: Sign in to Outlook does not match URL
Invalid 'sign-in options' or 'sign-up' link found
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP Parser: Invalid link: get a new Microsoft account
Source: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP Parser: No favicon
Source: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP Parser: No favicon
Source: https://mailvlk.com/ HTTP Parser: No favicon
Source: https://mailvlk.com/ HTTP Parser: No favicon
Source: https://mailvlk.com/ HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP Parser: No favicon
Source: https://mailvlk.com/?__cf_chl_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557 HTTP Parser: No favicon
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP Parser: No favicon
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP Parser: No favicon
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP Parser: No favicon
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP Parser: No <meta name="author".. found
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP Parser: No <meta name="author".. found
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP Parser: No <meta name="author".. found
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP Parser: No <meta name="copyright".. found
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP Parser: No <meta name="copyright".. found
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 20.190.190.195:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49777 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.190.195:443 -> 192.168.2.17:49791 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49792 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49793 version: TLS 1.2
Source: chrome.exe Memory has grown: Private usage: 26MB later: 34MB
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.47.70.28 104.47.70.28
Source: Joe Sandbox View IP Address: 13.107.246.69 13.107.246.69
Source: Joe Sandbox View IP Address: 52.146.76.30 52.146.76.30
Source: Joe Sandbox View IP Address: 87.240.137.164 87.240.137.164
Source: Joe Sandbox View IP Address: 87.240.137.164 87.240.137.164
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9+ronNE95pkpmyw&MD=sRmD9cLz HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0 HTTP/1.1Host: nam10.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: vk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /away.php?rh=8f363019-e908-47e4-a972-890e8e356326 HTTP/1.1Host: away.vk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: remixlang=3; remixstlid=9093501850070699750_Lnd7fMoCdytxw6KavtEkNYHGJAI8e0XO7DRYGMct8HD; remixsec_redir=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636; remixua=-1%7C-1%7C202%7C3664747857
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: vk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: remixlang=3; remixstlid=9093501850070699750_Lnd7fMoCdytxw6KavtEkNYHGJAI8e0XO7DRYGMct8HD; remixsec_redir=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636; remixua=-1%7C-1%7C202%7C3664747857
Source: global traffic HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://vk.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /usa/FormLoader/FormLoader.bundle.js HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://assets-usa.mkt.dynamics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/plainsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://assets-usa.mkt.dynamics.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://assets-usa.mkt.dynamics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636/visits HTTP/1.1Host: public-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: public-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879685369a8a0fc1 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/?__cf_chl_rt_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mailvlk.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1894439682:1713964362:f3bhfDBv5QOakV6M8k-1UjyH98EctZInS5uS_6Qc31k/879685369a8a0fc1/fc4adc0f3b83a0b HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879685459c6269e3 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/888799833:1713964597:_2LbCDHkv-P-tuM5wGyxvE8cQNjPu28uIC6w7PvfxTk/879685459c6269e3/16306502cf695e3 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/879685459c6269e3/1713966190447/vp3T4ue4sM7hYw8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/879685459c6269e3/1713966190447/vp3T4ue4sM7hYw8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/879685459c6269e3/1713966190448/a6aceae44c8468ff349a880897d3c52fb1b769f9be6ebd411bda96dd08a8895e/Fd6jCqic8-nVFty HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/888799833:1713964597:_2LbCDHkv-P-tuM5wGyxvE8cQNjPu28uIC6w7PvfxTk/879685459c6269e3/16306502cf695e3 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/888799833:1713964597:_2LbCDHkv-P-tuM5wGyxvE8cQNjPu28uIC6w7PvfxTk/879685459c6269e3/16306502cf695e3 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/?__cf_chl_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1894439682:1713964362:f3bhfDBv5QOakV6M8k-1UjyH98EctZInS5uS_6Qc31k/879685369a8a0fc1/fc4adc0f3b83a0b HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP/1.1Host: mailvlk.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Referer: https://mailvlk.com/?__cf_chl_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /jq/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d0 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /boot/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d5 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /js/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d8 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9+ronNE95pkpmyw&MD=sRmD9cLz HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /1 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /1 HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /APP-58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe0/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe1 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /o/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcb00b HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /x/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe6 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /x/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe6 HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /o/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcb00b HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAdpEaVUALvzi%2B4T3BgablIS%2BW8e7GqVx7pYMbmXXWto%2BOxs7wssH1ME9/UrkOxQihAL1Udgzz7vCg8vyPFRTwjYo%2BkN6EryOFuUBMSbbCw8x9G0I1dV99l8BqZcKW%2BJ75yS7avOMGnGd4Nk2JOujGFzvTwaiVzDQ0Q6AI1oe4wc01aK0F66fq4C2rCwFLwde/TRZATyCF/dJS5dYWlC9OhIMPwOYtIYpKDbgfhZn4AtqrbChbhLAvciqZIXWuvrHC%2Bkf7LANyVgF83kwm/yTyQvy6FWAs0GEwl1Fv5gFKszbZ8ew/C1F0eP13XW2DhcZoyDCsXvmrBOoZdoCPkLbKhIDZgAACArr3roFmYkUqAHrkAE/nwM55CyGHj85juyddYNQsy5XH5t4ODbWXuZ4wyqV80TbDoJh2dAhzi31Nf4VIJ6Z3DljHfoViS/ZY5Hz%2BevCoFowQcY2qRW4WKx3nmODn05RmO7MDv1WA3TSIFThVlW7JjSb67UR6ZdHgN3wC6UPU2f3Zb/8Ey6/sMzD4%2Bi%2B6N2pYv2K02KUzjB5sVUpIuw9%2Bh3%2BvpDPX2bh1BEIAvIBzu7cqrcuw0QpV5sMP6fk6CLBp3/gdws7mnDtXz3FqRfRtsGfhr1%2BauYcFGQErEesTFPN%2B8AGBlcuiSLybOqbBmqx80mWY6b0qxOw6UHGl7naAEU3A/zjAJM6uDMqhb6F2UWYB1fukjwjYOB9IyVUekPtRfppRQDNvIz9xe1KKHoUI0LSz%2B3GSjrHAw/4F6yk4/cboVIM52AOUZXT/NvIGz1Kj4tQ3jtQ52UhbxWnbemHG27eCeiNMZGsK411PlzY16IZ94pkqBa2gmBD68ckelRrAQ6FyWe4V0QeIu0MdQeM9QbxhIcio0XQBebtxaZpukhU89acYoSl5Dv2Sc22g%2ByKDUVv2QE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1713966209User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: A399B0218CAF4CAEA3F2C1ED9368597DX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /API.php?data=mail&email=rickd@gmail.com&_=1713966201970 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-platform-version: "10.0.0"X-Requested-With: XMLHttpRequestsec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /API.php?data=mail&email=rickd@gmail.com&_=1713966201970 HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /jq/8abb7bfd970b4f43108624cbc2c64b5066290cc184dba HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /boot/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbe HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /js/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbf HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /1 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /APP-8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bc/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bd HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /o/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78df HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /1 HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /x/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78c2 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /o/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78df HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /x/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78c2 HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic HTTP traffic detected: GET /away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: vk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: remixsec_redir=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636
Source: global traffic DNS traffic detected: DNS query: nam10.safelinks.protection.outlook.com
Source: global traffic DNS traffic detected: DNS query: vk.com
Source: global traffic DNS traffic detected: DNS query: away.vk.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: assets-usa.mkt.dynamics.com
Source: global traffic DNS traffic detected: DNS query: public-usa.mkt.dynamics.com
Source: global traffic DNS traffic detected: DNS query: mailvlk.com
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4722Host: login.live.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 13:42:56 GMTContent-Type: text/htmlContent-Length: 548Connection: closeStrict-Transport-Security: max-age=2592000; preloadx-azure-ref: 20240424T134256Z-168bb8d798bbqgrcawqpfu2sb800000005t000000000fahtx-fd-int-roxy-purgeid: 69112800X-Cache: TCP_MISS
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 24 Apr 2024 13:42:59 GMTContent-Length: 0Connection: closex-ms-trace-id: e8e9550c23fbd946b636379dc5cdd8b5Strict-Transport-Security: max-age=2592000; preload
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 24 Apr 2024 13:43:06 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16512Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: B4FhJ7gQDkyc6LnMgA6zBeWL6qUmkh7u9/DQdr10vSrNUGakFHX0Ixa8eUkxBeWSRZEqqiUSFrcSIrcOvniP5MBnPCZCoTqkkrW3YqXlCfXQMZL2NcuXMotqPGPb3OCZWJ2W+IhDnzCYWeIMb+RG9w==$mcGEYlxit0PSw7clGuHchw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 24 Apr 2024 13:43:07 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16710Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: TLRIbIeO3H8sdZ0BB/PwH/aZb8tBqBmzNWpjLoNaM5K+XwHYW118kCeJT7xLlyNd14a49oXQKLvCSHlZbxX1Rodtg5qrmuc6cwGaY3vAom6xsy7SwM5ky8YcHUN92bw85mSQbtceRYglHOarBqcp/w==$DSKBgHV6XAcH1QQsoxteWw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 24 Apr 2024 13:43:10 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16710Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: 4inhO4jK2Tw6e9vH+K2JfvJsNVIr43xVtIyvA2sQwN6WwjBsGKB9zrl/msMeSKD6bob69VdfGmIJ6cQkRLceZKnTjJeJ7kqeP19Ml/Nxg70EJKAeKe0BUPHZQXli4J5zdR5/fsKusOBgYtQ7K59r1w==$2/j6EI2G5QBb6r7+83KMTw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 24 Apr 2024 13:43:20 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16774Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: 4+67oQNUoYmx32lnufGaWmHayWFqBe/5loOAcQDjm9zOcIcf/rQC12OYsPmOzXuC4CfGNu8Wit3zv2x1mCPJYWRR/OT8MksBYWAksiAGXiFkofMAtekKG1cdb+hsvRFnwr0IoLU7oFg9poZPJMejvA==$L5RIUDG8VcQBRgRttVW6Ww==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 13:43:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lmpoupm%2F8tfpTwq%2BIK1WQuAhZv%2FS4dUpCIIb8jJZKgMMYJECRZO9xoxbNHe5czNKmoToVc6kUnngDb%2FtAg6Kzs0zd1pa9t7fpI86LlGAK%2FNXH0AmJJIuTEGNdiXWIA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 879685a489922ac5-LAXalt-svc: h3=":443"; ma=86400
Source: FW_ FHAS Inc_ - Private and Confidential.msg String found in binary or memory: http://schema.org
Source: ~WRS{9C988B96-81C5-4545-9CFC-FA09A30582A7}.tmp.0.dr String found in binary or memory: http://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/d
Source: FW_ FHAS Inc_ - Private and Confidential.msg, ~WRS{9C988B96-81C5-4545-9CFC-FA09A30582A7}.tmp.0.dr String found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
Source: chromecache_134.7.dr String found in binary or memory: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e1
Source: chromecache_108.7.dr, chromecache_121.7.dr, chromecache_127.7.dr String found in binary or memory: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3d
Source: chromecache_108.7.dr, chromecache_121.7.dr, chromecache_127.7.dr String found in binary or memory: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3d
Source: chromecache_108.7.dr, chromecache_121.7.dr, chromecache_127.7.dr String found in binary or memory: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3d
Source: chromecache_134.7.dr String found in binary or memory: https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js
Source: chromecache_94.7.dr, chromecache_125.7.dr String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_94.7.dr, chromecache_125.7.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_94.7.dr, chromecache_125.7.dr String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_108.7.dr, chromecache_121.7.dr, chromecache_127.7.dr String found in binary or memory: https://mailvlk.com
Source: FW_ FHAS Inc_ - Private and Confidential.msg, ~WRS{9C988B96-81C5-4545-9CFC-FA09A30582A7}.tmp.0.dr String found in binary or memory: https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2
Source: chromecache_134.7.dr String found in binary or memory: https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpagefo
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 20.190.190.195:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49777 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.190.195:443 -> 192.168.2.17:49791 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49792 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49793 version: TLS 1.2
Source: classification engine Classification label: mal64.phis.troj.winMSG@24/90@32/11
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240424T1542330214-3932.etl Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ FHAS Inc_ - Private and Confidential.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AB733506-5643-415B-A822-6CA743C451B8" "60335182-0ED6-44FC-AF34-5EA391EA0DB6" "3932" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2032,i,8312414958916213357,7330150477542557016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AB733506-5643-415B-A822-6CA743C451B8" "60335182-0ED6-44FC-AF34-5EA391EA0DB6" "3932" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2032,i,8312414958916213357,7330150477542557016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: c2r64.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32 Jump to behavior
Source: Google Drive.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Window found: window name: SysTabControl32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior

Data Obfuscation
barindex
Yara detected Html Dropper
Source: Yara match File source: 4.12.pages.csv, type: HTML
Source: Yara match File source: 4.9.pages.csv, type: HTML
Source: Yara match File source: 4.10.pages.csv, type: HTML
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File Volume queried: C:\Windows\SysWOW64 FullSizeInformation Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information queried: ProcessInformation Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1431111 Sample: FW_ FHAS Inc_ - Private and... Startdate: 24/04/2024 Architecture: WINDOWS Score: 64 27 Yara detected Html Dropper 2->27 29 Yara detected HtmlPhish10 2->29 31 Phishing site detected (based on image similarity) 2->31 33 Phishing site detected (based on logo match) 2->33 7 OUTLOOK.EXE 53 122 2->7         started        process3 process4 9 chrome.exe 9 7->9         started        12 ai.exe 7->12         started        dnsIp5 17 192.168.2.17, 138, 443, 49338 unknown unknown 9->17 19 239.255.255.250 unknown Reserved 9->19 14 chrome.exe 9->14         started        process6 dnsIp7 21 vk.com 87.240.132.72, 443, 49717, 49723 VKONTAKTE-SPB-AShttpvkcomRU Russian Federation 14->21 23 away.vk.com 87.240.137.164, 443, 49719 VKONTAKTE-SPB-AShttpvkcomRU Russian Federation 14->23 25 11 other IPs or domains 14->25
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.47.70.28
 nam10.safelinks.protection.outlook.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.246.69
 part-0041.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
52.146.76.30
 prdia888eus0aks.mkt.dynamics.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
87.240.137.164
 away.vk.com Russian Federation
47541 VKONTAKTE-SPB-AShttpvkcomRU false
87.240.132.72
 vk.com Russian Federation
47541 VKONTAKTE-SPB-AShttpvkcomRU false
104.21.50.148
 mailvlk.com United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
142.250.141.104
 www.google.com United States
15169 GOOGLEUS false
104.17.2.184
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.17

Contacted Domains

Name IP Active
nam10.safelinks.protection.outlook.com 104.47.70.28 true
a.nel.cloudflare.com 35.190.80.1 true
away.vk.com 87.240.137.164 true
part-0041.t-0009.t-msedge.net 13.107.246.69 true
challenges.cloudflare.com 104.17.2.184 true
mailvlk.com 104.21.50.148 true
www.google.com 142.250.141.104 true
prdia888eus0aks.mkt.dynamics.com 52.146.76.30 true
vk.com 87.240.132.72 true
public-usa.mkt.dynamics.com unknown unknown
assets-usa.mkt.dynamics.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 true
    		unknown
    https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636/visits false
      		high
      https://mailvlk.com/x/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78c2 false
      • Avira URL Cloud: safe
      		 unknown
      https://mailvlk.com/boot/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbe false
      • Avira URL Cloud: safe
      		 unknown
      https://mailvlk.com/1 false
      • Avira URL Cloud: safe
      		 unknown
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/888799833:1713964597:_2LbCDHkv-P-tuM5wGyxvE8cQNjPu28uIC6w7PvfxTk/879685459c6269e3/16306502cf695e3 false
        		high
        https://assets-usa.mkt.dynamics.com/favicon.ico false
          		high
          https://mailvlk.com/jq/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d0 false
          • Avira URL Cloud: safe
          		 unknown
          https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 false
            		high
            https://mailvlk.com/js/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d8 false
            • Avira URL Cloud: safe
            		 unknown
            https://mailvlk.com/js/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbf false
            • Avira URL Cloud: safe
            		 unknown
            https://mailvlk.com/API.php?data=mail&email=rickd@gmail.com&_=1713966201970 false
            • Avira URL Cloud: safe
            		 unknown
            https://a.nel.cloudflare.com/report/v4?s=4Lncfb%2Bf0ZgvAUhn0ZSU26EkkRYS%2Fy3%2F9%2BRSTmUcjYS%2BZr0GpLA7Q1dyMm6Nj3r6WSqlTzqR%2Bmu5ZoPJbyGe6yZelcsnTuZEL0gAXNQa%2FeIZCP6orypMo6DJJ%2F8yMw%3D%3D false
              		high
              https://mailvlk.com/boot/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d5 false
              • Avira URL Cloud: safe
              		 unknown
              https://mailvlk.com/?__cf_chl_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557 false
                		unknown
                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879685459c6269e3/1713966190447/vp3T4ue4sM7hYw8 false
                  		high
                  https://mailvlk.com/o/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78df false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636 false
                    		high
                    https://mailvlk.com/jq/8abb7bfd970b4f43108624cbc2c64b5066290cc184dba false
                    • Avira URL Cloud: safe
                    		 unknown
                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D false
                      		high
                      https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0 false
                        		high
                        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/879685459c6269e3/1713966190448/a6aceae44c8468ff349a880897d3c52fb1b769f9be6ebd411bda96dd08a8895e/Fd6jCqic8-nVFty false
                          		high
                          https://mailvlk.com/ASSETS/img/sig-op.svg false
                          • Avira URL Cloud: safe
                          		 unknown
                          http://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 false
                            		high
                            https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 false
                              		high
                              https://mailvlk.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1894439682:1713964362:f3bhfDBv5QOakV6M8k-1UjyH98EctZInS5uS_6Qc31k/879685369a8a0fc1/fc4adc0f3b83a0b false
                              • Avira URL Cloud: safe
                              		 unknown
                              https://mailvlk.com/ASSETS/img/m_.svg false
                              • Avira URL Cloud: safe
                              		 unknown
                              https://mailvlk.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879685369a8a0fc1 false
                              • Avira URL Cloud: safe
                              		 unknown
                              https://mailvlk.com/ false
                                		unknown
                                https://mailvlk.com/APP-58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe0/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe1 false
                                • Avira URL Cloud: safe
                                		 unknown
                                https://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 false
                                  		high
                                  https://a.nel.cloudflare.com/report/v4?s=djiRKcdhlVlk2aqZBvP%2Bjmnp1abPn%2BnZFZbJbioW2B1Bkgsecp2vstPS%2B2TRR2dXtz77%2B1QYen%2FvmlZVP30BHgPi8cW%2Fn%2FPb3Xemb2QQHFIHg9%2BUf6IPA9cWexvWhQ%3D%3D false
                                    		high
                                    https://mailvlk.com/o/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcb00b false
                                    • Avira URL Cloud: safe
                                    		 unknown
                                    https://mailvlk.com/favicon.ico false
                                    • Avira URL Cloud: safe
                                    		 unknown
                                    https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636 false
                                      		high
                                      https://a.nel.cloudflare.com/report/v4?s=iDUvZaCtDpJy3qF6qkuzg7zhpHmebhCTLUFDDABNeySo%2FlMYbME3a7DyNdxlydWBzoHFDmHBneIxt0DzcWkr9XChmzd%2FcJaJe%2B8kNGExQJUuG3M3vFjrwWRSJwQh3g%3D%3D false
                                        		high
                                        https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 false
                                          		high
                                          https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 false
                                            		high
                                            https://mailvlk.com/x/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe6 false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879685459c6269e3 false
                                              		high
                                              https://away.vk.com/away.php?rh=8f363019-e908-47e4-a972-890e8e356326 false
                                                		high
                                                https://mailvlk.com/APP-8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bc/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bd false
                                                • Avira URL Cloud: safe
                                                		 unknown
                                                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normal false
                                                  		high