Windows Analysis Report
https://j4tpu.bpmsafelink.com/c/0aR4TTLkLUqplUI-2TrhdA

Overview

General Information

Sample URL: https://j4tpu.bpmsafelink.com/c/0aR4TTLkLUqplUI-2TrhdA
Analysis ID: 1431819
Infos:

Detection

HTMLPhisher
Score: 76
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected HtmlPhish54
HTML page contains suspicious base64 encoded javascript
HTML page contains suspicious iframes
Phishing site detected (based on logo match)
Detected hidden input values containing email addresses (often used in phishing pages)
Found iframes
HTML body contains low number of good links
HTML page contains hidden URLs or javascript code
HTML page contains obfuscate script src

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: https://j4tpu.bpmsafelink.com/c/0aR4TTLkLUqplUI-2TrhdA SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/owa/?login_hint=sheue%407haircare.com Avira URL Cloud: Label: phishing
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpX Avira URL Cloud: Label: phishing
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/?qrc=sheue%407haircare.com Avira URL Cloud: Label: phishing
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3YtZmJoeWxjdG42Z3Zjd29uY3RuNmd2Yy13aGliZXNpbGcyYm1ybHM5Y2Fzc2llLnRvcCIsImRvbWFpbiI6InYtZmJoeWxjdG42Z3Zjd29uY3RuNmd2Yy13aGliZXNpbGcyYm1ybHM5Y2Fzc2llLnRvcCIsImtleSI6Ikd3Wmx6djNqUGJZViIsInFyYyI6InNoZXVlQDdoYWlyY2FyZS5jb20iLCJpYXQiOjE3MTQwNzAyMTMsImV4cCI6MTcxNDA3MDMzM30.KjLJF5iiSFKdw41uUQwdDBQjolY0kxSFZb7HDP4uVI8 Avira URL Cloud: Label: phishing

Phishing
barindex
Yara detected HtmlPhish54
Source: Yara match File source: 3.7.pages.csv, type: HTML
Source: Yara match File source: 4.8.pages.csv, type: HTML
Source: Yara match File source: 4.10.pages.csv, type: HTML
HTML page contains suspicious base64 encoded javascript
Source: https://taisanji.jp/197006108922/#sheue@7haircare.com& HTTP Parser: Base64 decoded: <script>
HTML page contains suspicious iframes
Source: https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/?qrc=sheue@7haircare.com& HTTP Parser: position:fixed;top:0;left:0;bottom:0;right:0;width:100%;height:100%;border:none;margin:0;padding:0;overflow:hidden;z-index:999999
Phishing site detected (based on logo match)
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V Matcher: Template: microsoft matched
Detected hidden input values containing email addresses (often used in phishing pages)
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=true HTTP Parser: sheue@7haircare.com
Found iframes
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=true HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=true HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
HTML body contains low number of good links
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=true HTTP Parser: Number of links: 0
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2fv-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top%2fcommon%2freprocess%3fctx%3drQQIARAAjZE_TBNhAMXv65UTEKXBxU1z0YV47V3vendtgrFXroAtUKUIVE29fvcdd-1dv3J_2gJhJQ7GEDeNk2PjYJwMg3EzIQ6NxoVF40TQGOMCiYmx1cVN3_Dyhpc3_N44yUW51AX2j-JM3xnWMDgGon76S-7YcOTIf0--2-1-en2rdPGNnbc74Jzp-w0vFYvhwLcxrkWxYVgQRSF2YrilxV4A0AXgAIAHoTOeiQJ0RTI1y4Wa-7vTCUkiLwtJUZRYTuREQZb4eLRSgXHBiCcZWZBYRuA1nZENUWJggpN1VpS4pI72Q6Pz6cA3433DrrWBvoeGDOw65Qb2_EfkfTAJfWXSm1lVVeU6my_gal1Lw6XSytRM0spl0yZburpY1dFy2wgkN3Fjoc2oLU0xrxezQkudzK54uJjha3y-Zq4HedNUFDzLlKxZ11usLefazkwFmtlqGcrJHqyKXGa0uSDpB9yGoRvr-QWouu60n0MJe6HJc0qrQ_4X5eck1cPi4PoeSeEGqlt6Nww-hsFheIQlU4ODwxHiLHGeOA6DJwO9Q15--PG0dKeRe7zDHl1-u03sDcQQtKWVijOHrKKJlq41hUXesNV0uy62-XXH3KgWfDHBe40W25qIp7gdCuxQ1C41NEhGCJrMFLgDCnyjwN0TxO7Qv97tngT7I8IwBW3Ncryx8U3a0ss-rqE6ndqk245XhrCfmpodII9O3aR7-_Ttra2tV6eI49Nfft7b_tx5-HX6cPTSlFIM3DXTyyB5TpHmfWWV0wy-ac2KS2tr3DJnFnCQkWuOnVAnnkWIXw2&mkt=en-US&hosted=0&device_platform=Windows+10 HTTP Parser: Number of links: 0
HTML page contains hidden URLs or javascript code
Source: https://taisanji.jp/197006108922/#sheue@7haircare.com& HTTP Parser: Base64 decoded: <script> // disable right click document.addEventListener('contextmenu', event => event.preventDefault()); document.onkeydown = function (e) { // disable F12 key if(e.keyCode == 123) { return false; } ...
HTML page contains obfuscate script src
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJT HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJT HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJT HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=true HTTP Parser: <input type="password" .../> found
Source: https://taisanji.jp/197006108922/#sheue@7haircare.com& HTTP Parser: No favicon
Source: https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/?qrc=sheue@7haircare.com& HTTP Parser: No favicon
Source: https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/?qrc=sheue@7haircare.com& HTTP Parser: No favicon
Source: https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/?qrc=sheue@7haircare.com& HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fyhsf/0x4AAAAAAAYN4FOeSmqG7_zc/auto/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fyhsf/0x4AAAAAAAYN4FOeSmqG7_zc/auto/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fyhsf/0x4AAAAAAAYN4FOeSmqG7_zc/auto/normal HTTP Parser: No favicon
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw== HTTP Parser: No favicon
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=true HTTP Parser: No favicon
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=true HTTP Parser: No favicon
Source: https://outlook.office365.com/owa/prefetch.aspx HTTP Parser: No favicon
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2fv-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top%2fcommon%2freprocess%3fctx%3drQQIARAAjZE_TBNhAMXv65UTEKXBxU1z0YV47V3vendtgrFXroAtUKUIVE29fvcdd-1dv3J_2gJhJQ7GEDeNk2PjYJwMg3EzIQ6NxoVF40TQGOMCiYmx1cVN3_Dyhpc3_N44yUW51AX2j-JM3xnWMDgGon76S-7YcOTIf0--2-1-en2rdPGNnbc74Jzp-w0vFYvhwLcxrkWxYVgQRSF2YrilxV4A0AXgAIAHoTOeiQJ0RTI1y4Wa-7vTCUkiLwtJUZRYTuREQZb4eLRSgXHBiCcZWZBYRuA1nZENUWJggpN1VpS4pI72Q6Pz6cA3433DrrWBvoeGDOw65Qb2_EfkfTAJfWXSm1lVVeU6my_gal1Lw6XSytRM0spl0yZburpY1dFy2wgkN3Fjoc2oLU0xrxezQkudzK54uJjha3y-Zq4HedNUFDzLlKxZ11usLefazkwFmtlqGcrJHqyKXGa0uSDpB9yGoRvr-QWouu60n0MJe6HJc0qrQ_4X5eck1cPi4PoeSeEGqlt6Nww-hsFheIQlU4ODwxHiLHGeOA6DJwO9Q15--PG0dKeRe7zDHl1-u03sDcQQtKWVijOHrKKJlq41hUXesNV0uy62-XXH3KgWfDHBe40W25qIp7gdCuxQ1C41NEhGCJrMFLgDCnyjwN0TxO7Qv97tngT7I8IwBW3Ncryx8U3a0ss-rqE6ndqk245XhrCfmpodII9O3aR7-_Ttra2tV6eI49Nfft7b_tx5-HX6cPTSlFIM3DXTyyB5TpHmfWWV0wy-ac2KS2tr3DJnFnCQkWuOnVAnnkWIXw2&mkt=en-US&hosted=0&device_platform=Windows+10 HTTP Parser: No <meta name="author".. found
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2fv-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top%2fcommon%2freprocess%3fctx%3drQQIARAAjZE_TBNhAMXv65UTEKXBxU1z0YV47V3vendtgrFXroAtUKUIVE29fvcdd-1dv3J_2gJhJQ7GEDeNk2PjYJwMg3EzIQ6NxoVF40TQGOMCiYmx1cVN3_Dyhpc3_N44yUW51AX2j-JM3xnWMDgGon76S-7YcOTIf0--2-1-en2rdPGNnbc74Jzp-w0vFYvhwLcxrkWxYVgQRSF2YrilxV4A0AXgAIAHoTOeiQJ0RTI1y4Wa-7vTCUkiLwtJUZRYTuREQZb4eLRSgXHBiCcZWZBYRuA1nZENUWJggpN1VpS4pI72Q6Pz6cA3433DrrWBvoeGDOw65Qb2_EfkfTAJfWXSm1lVVeU6my_gal1Lw6XSytRM0spl0yZburpY1dFy2wgkN3Fjoc2oLU0xrxezQkudzK54uJjha3y-Zq4HedNUFDzLlKxZ11usLefazkwFmtlqGcrJHqyKXGa0uSDpB9yGoRvr-QWouu60n0MJe6HJc0qrQ_4X5eck1cPi4PoeSeEGqlt6Nww-hsFheIQlU4ODwxHiLHGeOA6DJwO9Q15--PG0dKeRe7zDHl1-u03sDcQQtKWVijOHrKKJlq41hUXesNV0uy62-XXH3KgWfDHBe40W25qIp7gdCuxQ1C41NEhGCJrMFLgDCnyjwN0TxO7Qv97tngT7I8IwBW3Ncryx8U3a0ss-rqE6ndqk245XhrCfmpodII9O3aR7-_Ttra2tV6eI49Nfft7b_tx5-HX6cPTSlFIM3DXTyyB5TpHmfWWV0wy-ac2KS2tr3DJnFnCQkWuOnVAnnkWIXw2&mkt=en-US&hosted=0&device_platform=Windows+10 HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.7:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /c/0aR4TTLkLUqplUI-2TrhdA HTTP/1.1Host: j4tpu.bpmsafelink.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFuyulMlKi-2BOPnlw70aNZVis28POFpvPHosRY2v-2BT8MzRgxGp_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZPm0ZXtgUZ2XWgAYCIaMBrUgdnTROyf0Afl06YWn6RrR-2BWcL1g7IuW-2FS3i9t-2BF-2B2Y6e8GyMI51dnqu8NufWlrtR9XZO0CKNozdtKi-2BuAQygqD3A68yX5YKYWCNYUOYcNDiU1VCdsE16ZstUbHkSXph84w1YZ4Ob766Kv0C6exL1Q8FobkJkY5CqLYAXETODR-2BNrDAN8XOid2c66vIk9hFtXrd7fh2OKDpf7bj39mWAxlUiJaLw-2FYkVjI5oKXuRFHQA-3D HTTP/1.1Host: clickme.thryv.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /197006108922/ HTTP/1.1Host: taisanji.jpConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://taisanji.jpsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://taisanji.jp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /197006108922/ HTTP/1.1Host: taisanji.jpConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://taisanji.jp/197006108922/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=beceeed944e116c0f1ce457b161cfb28
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: taisanji.jpConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://taisanji.jp/197006108922/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=beceeed944e116c0f1ce457b161cfb28
Source: global traffic HTTP traffic detected: GET /?qrc=sheue@7haircare.com& HTTP/1.1Host: e76abede.df1076c6f7230d3c23de9bcb.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://taisanji.jp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /197006108922/ HTTP/1.1Host: taisanji.jpConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=beceeed944e116c0f1ce457b161cfb28
Source: global traffic HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fyhsf/0x4AAAAAAAYN4FOeSmqG7_zc/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fyhsf/0x4AAAAAAAYN4FOeSmqG7_zc/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a07069393b53b7 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fyhsf/0x4AAAAAAAYN4FOeSmqG7_zc/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: e76abede.df1076c6f7230d3c23de9bcb.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/?qrc=sheue@7haircare.com&Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: e76abede.df1076c6f7230d3c23de9bcb.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/87a07069393b53b7/1714070194209/7c141658e4705f8339da67ff0d4610a1f1ff832447d37cb2823e7e09655347e8/XiKiZkimIR7Xvi1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fyhsf/0x4AAAAAAAYN4FOeSmqG7_zc/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1935405516:1714065931:t7UA0pVTL6V2Jf48bQbvuNIHTwJO0HvkWjeoYHQTOqc/87a07069393b53b7/b3f22530d2b9a73 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/87a07069393b53b7/1714070194214/ypZU3uoYL2TKkUO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fyhsf/0x4AAAAAAAYN4FOeSmqG7_zc/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/87a07069393b53b7/1714070194214/ypZU3uoYL2TKkUO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1935405516:1714065931:t7UA0pVTL6V2Jf48bQbvuNIHTwJO0HvkWjeoYHQTOqc/87a07069393b53b7/b3f22530d2b9a73 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1935405516:1714065931:t7UA0pVTL6V2Jf48bQbvuNIHTwJO0HvkWjeoYHQTOqc/87a07069393b53b7/b3f22530d2b9a73 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3YtZmJoeWxjdG42Z3Zjd29uY3RuNmd2Yy13aGliZXNpbGcyYm1ybHM5Y2Fzc2llLnRvcCIsImRvbWFpbiI6InYtZmJoeWxjdG42Z3Zjd29uY3RuNmd2Yy13aGliZXNpbGcyYm1ybHM5Y2Fzc2llLnRvcCIsImtleSI6Ikd3Wmx6djNqUGJZViIsInFyYyI6InNoZXVlQDdoYWlyY2FyZS5jb20iLCJpYXQiOjE3MTQwNzAyMTMsImV4cCI6MTcxNDA3MDMzM30.KjLJF5iiSFKdw41uUQwdDBQjolY0kxSFZb7HDP4uVI8 HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /?qrc=sheue%407haircare.com HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0
Source: global traffic HTTP traffic detected: GET /owa/?login_hint=sheue%407haircare.com HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0
Source: global traffic HTTP traffic detected: GET /captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw== HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; fpc=AlQZcavYEAhAkPirn2lEBLc; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd82lSCu0BXePn0A_Kv9z2Yg2Rfz-1hzKb96rPs4sgy0b6kyDzZH9E5-sfPbrs-oVHt58TRsHb9gnVEPUXsEkmw0cXVuLVyqL_Wp-rC8l8e3H4a6OCYn5m8rWbOPiRBsrHvLgVpOWOQkaxsQz9O2wQGYBt4t_8pAVNSC2I3Ak_uTGQgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: e76abede.df1076c6f7230d3c23de9bcb.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/?qrc=sheue@7haircare.com&Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=true HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: e76abede.df1076c6f7230d3c23de9bcb.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA
Source: global traffic HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_f7b06b70c72b4590b779.js HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zaGV1ZSU0MDdoYWlyY2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDNkNTc0ZjctYmFkMy1lMmQwLWM3NWMtNWEyNWNjNmM0YzZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NjY3MDE2MTY0ODczMi5iYmMyNGYyOS04NDcwLTQzYWQtOGY2Ny1jNTE4ZDA2NzE5ZGUmc3RhdGU9RGN0QkRzSWdFRUJSMExQb2puYUFjV1pZR0k5aUtGQWgwWkpVamRlWHhmdTdyNVZTeC1Fd2FCaFJURjR3RURGWXNvVEMzazNMa2h5dUxoaEJCb00tWmlNcnNVa1hLeG1JYmNoRmpfYzg5MS1jYjhfLWFOdTl0dTF6ZmRmeUxTY0Vyckh0S2U1bFN2MzFCdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA; brcap=0
Source: global traffic HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=GwZlzv3jPbYV; qPdM.sig=zsvTAb_o15fYh2XyKf_0BUsXAQ0; ClientId=A08CE21250094104AB34A7B305FA54B2; OIDC=1; OpenIdConnect.nonce.v3.skPAxK1bGLdqiCd6j8Q-5CD7CMUr7-ebhttAu2FuWpE=638496670161648732.bbc24f29-8470-43ad-8f67-c518d06719de; X-OWA-RedirectHistory=ArLym14BXDxBr1Zl3Ag; esctx-KrrL33shBI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Fqu296N6Uo0Y6SK_I3D0gl2izW076QZuuYH_b0ZXHSuH_2nmEkGsYngHyYiU5VIrmMZ1PwnMAe7E6wxZ2PqNjOpbKChPO0MbyJtFNP4ifzlMt6NJvsRuKxHr71g_VC5wHHvew-TnpVD1VU4jwMAWNyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8JGGf9ZvZjjvjvSiRHtJq0RTOcKq8JILxc12tSPl8eEY0f30ZngdYmn0exBvZmRzT8IMFS0M7RB9glpzi2Gj72CrTFvNtjpPFFBsivvA9MjIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hB3TfVSisb9U1aTUNEFR0Nby2X7SXxO4jk0gMoV-R4NFq4vMDV3WSPsNeliUOO0h7WAv_UzgIIqE8pCW05u5DgzsWQENd2kwHTbGPPvvlz_nrH6sTCedJDrJlG4_W98RpKNHZVIwmyzCtMNad0TKlcd7xU1aQlBiFsH1Ulpp-TogAA; esctx-GvCT4tVQc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8VqWonEFnvI6R6OTYyQ2XE_GvO6g0zMgePSfAR3_MnDWVieI1LWOfZqb2fV2dA2zh94qoUtd6vj5342rY4u0og-7WoZNm2MUWLs1UAe7sRPShuYZuA-O1fludV14hjL2-kSe5Em2w4qmEXtN2F7ds8SAA; fpc=AlQZcavYEAhAkPirn2lEBLeerOTJAQAAAMqZvN0OAAAA; brcap=0
Source: global traffic DNS traffic detected: DNS query: j4tpu.bpmsafelink.com
Source: global traffic DNS traffic detected: DNS query: clickme.thryv.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: taisanji.jp
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: e76abede.df1076c6f7230d3c23de9bcb.workers.dev
Source: global traffic DNS traffic detected: DNS query: time.windows.com
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top
Source: global traffic DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic DNS traffic detected: DNS query: passwordreset.microsoftonline.com
Source: global traffic DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: unknown HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1935405516:1714065931:t7UA0pVTL6V2Jf48bQbvuNIHTwJO0HvkWjeoYHQTOqc/87a07069393b53b7/b3f22530d2b9a73 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2808sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: b3f22530d2b9a73sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fyhsf/0x4AAAAAAAYN4FOeSmqG7_zc/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Apr 2024 18:36:28 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Mon, 02 Jul 2018 00:29:39 GMTETag: "afe-56ff94b0199fc"
Source: chromecache_118.1.dr String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_90.1.dr String found in binary or memory: http://knockoutjs.com/
Source: chromecache_90.1.dr String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_90.1.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_91.1.dr String found in binary or memory: https://account.live.com/resetpassword.aspx
Source: chromecache_100.1.dr, chromecache_77.1.dr String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: chromecache_90.1.dr String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: chromecache_140.1.dr String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_140.1.dr String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_125.1.dr String found in binary or memory: https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpX
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.7:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: classification engine Classification label: mal76.phis.win@23/111@39/11
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 --field-trial-handle=2344,i,12616628645249651757,12217795645111903713,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://j4tpu.bpmsafelink.com/c/0aR4TTLkLUqplUI-2TrhdA"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 --field-trial-handle=2344,i,12616628645249651757,12217795645111903713,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431819 URL: https://j4tpu.bpmsafelink.c... Startdate: 25/04/2024 Architecture: WINDOWS Score: 76 15 time.windows.com 2->15 17 fp2e7a.wpc.phicdn.net 2->17 19 2 other IPs or domains 2->19 31 Antivirus detection for URL or domain 2->31 33 Antivirus / Scanner detection for submitted sample 2->33 35 Yara detected HtmlPhish54 2->35 37 3 other signatures 2->37 7 chrome.exe 1 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 21 192.168.2.7, 138, 443, 49604 unknown unknown 7->21 23 239.255.255.250 unknown Reserved 7->23 12 chrome.exe 7->12         started        process6 dnsIp7 25 taisanji.jp 120.136.10.95, 443, 49713, 49717 SAKURA-CSAKURAInternetIncJP Japan 12->25 27 v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top 138.124.184.68, 443, 49749, 49750 NOKIA-ASFI Norway 12->27 29 19 other IPs or domains 12->29
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
13.107.246.41
 part-0013.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
138.124.184.68
 v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top Norway
8983 NOKIA-ASFI false
52.96.122.82
 LYH-efz.ms-acdc.office.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
172.67.154.14
 e76abede.df1076c6f7230d3c23de9bcb.workers.dev United States
13335 CLOUDFLARENETUS false
104.17.3.184
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false
18.164.78.99
 d1rsqi0l6b7evg.cloudfront.net United States
3 MIT-GATEWAYSUS false
239.255.255.250
 unknown Reserved
unknown unknown false
120.136.10.95
 taisanji.jp Japan 9371 SAKURA-CSAKURAInternetIncJP false
108.177.122.103
 www.google.com United States
15169 GOOGLEUS false
104.17.25.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.7

Contacted Domains

Name IP Active
v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top 138.124.184.68 true
bg.microsoft.map.fastly.net 199.232.214.172 true
part-0013.t-0009.t-msedge.net 13.107.246.41 true
cs1100.wpc.omegacdn.net 152.199.4.44 true
taisanji.jp 120.136.10.95 true
cdnjs.cloudflare.com 104.17.25.14 true
challenges.cloudflare.com 104.17.3.184 true
d1rsqi0l6b7evg.cloudfront.net 18.164.78.99 true
www.google.com 108.177.122.103 true
e76abede.df1076c6f7230d3c23de9bcb.workers.dev 172.67.154.14 true
fp2e7a.wpc.phicdn.net 192.229.211.108 true
LYH-efz.ms-acdc.office.com 52.96.122.82 true
j4tpu.bpmsafelink.com unknown unknown
clickme.thryv.com unknown unknown
r4.res.office365.com unknown unknown
aadcdn.msftauth.net unknown unknown
time.windows.com unknown unknown
ajax.aspnetcdn.com unknown unknown
outlook.office365.com unknown unknown
passwordreset.microsoftonline.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://j4tpu.bpmsafelink.com/c/0aR4TTLkLUqplUI-2TrhdA true
    		unknown
    https://taisanji.jp/197006108922/ false
    • 1%, Virustotal, Browse
    • Avira URL Cloud: safe
    		 unknown
    https://outlook.office365.com/owa/prefetch.aspx false
      		high
      https://challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback false
        		high
        https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js false
          		high
          https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/?qrc=sheue@7haircare.com& true
            		unknown
            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1935405516:1714065931:t7UA0pVTL6V2Jf48bQbvuNIHTwJO0HvkWjeoYHQTOqc/87a07069393b53b7/b3f22530d2b9a73 false
              		high
              https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback false
                		high
                https://e76abede.df1076c6f7230d3c23de9bcb.workers.dev/favicon.ico false
                • Avira URL Cloud: safe
                		 unknown
                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fyhsf/0x4AAAAAAAYN4FOeSmqG7_zc/auto/normal false
                  		high
                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a07069393b53b7 false
                    		high
                    https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/owa/?login_hint=sheue%407haircare.com false
                    • Avira URL Cloud: phishing
                    		 unknown
                    https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/?qrc=sheue%407haircare.com false
                    • Avira URL Cloud: phishing
                    		 unknown
                    https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2fv-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top%2fcommon%2freprocess%3fctx%3drQQIARAAjZE_TBNhAMXv65UTEKXBxU1z0YV47V3vendtgrFXroAtUKUIVE29fvcdd-1dv3J_2gJhJQ7GEDeNk2PjYJwMg3EzIQ6NxoVF40TQGOMCiYmx1cVN3_Dyhpc3_N44yUW51AX2j-JM3xnWMDgGon76S-7YcOTIf0--2-1-en2rdPGNnbc74Jzp-w0vFYvhwLcxrkWxYVgQRSF2YrilxV4A0AXgAIAHoTOeiQJ0RTI1y4Wa-7vTCUkiLwtJUZRYTuREQZb4eLRSgXHBiCcZWZBYRuA1nZENUWJggpN1VpS4pI72Q6Pz6cA3433DrrWBvoeGDOw65Qb2_EfkfTAJfWXSm1lVVeU6my_gal1Lw6XSytRM0spl0yZburpY1dFy2wgkN3Fjoc2oLU0xrxezQkudzK54uJjha3y-Zq4HedNUFDzLlKxZ11usLefazkwFmtlqGcrJHqyKXGa0uSDpB9yGoRvr-QWouu60n0MJe6HJc0qrQ_4X5eck1cPi4PoeSeEGqlt6Nww-hsFheIQlU4ODwxHiLHGeOA6DJwO9Q15--PG0dKeRe7zDHl1-u03sDcQQtKWVijOHrKKJlq41hUXesNV0uy62-XXH3KgWfDHBe40W25qIp7gdCuxQ1C41NEhGCJrMFLgDCnyjwN0TxO7Qv97tngT7I8IwBW3Ncryx8U3a0ss-rqE6ndqk245XhrCfmpodII9O3aR7-_Ttra2tV6eI49Nfft7b_tx5-HX6cPTSlFIM3DXTyyB5TpHmfWWV0wy-ac2KS2tr3DJnFnCQkWuOnVAnnkWIXw2&mkt=en-US&hosted=0&device_platform=Windows+10 false
                      		high
                      https://taisanji.jp/favicon.ico false
                      • Avira URL Cloud: safe
                      		 unknown
                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D false
                        		high
                        https://taisanji.jp/197006108922/#sheue@7haircare.com& true
                          		unknown
                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/87a07069393b53b7/1714070194209/7c141658e4705f8339da67ff0d4610a1f1ff832447d37cb2823e7e09655347e8/XiKiZkimIR7Xvi1 false
                            		high
                            https://v-fbhylctn6gvcwonctn6gvc-whibesilg2bmrls9cassie.top/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3YtZmJoeWxjdG42Z3Zjd29uY3RuNmd2Yy13aGliZXNpbGcyYm1ybHM5Y2Fzc2llLnRvcCIsImRvbWFpbiI6InYtZmJoeWxjdG42Z3Zjd29uY3RuNmd2Yy13aGliZXNpbGcyYm1ybHM5Y2Fzc2llLnRvcCIsImtleSI6Ikd3Wmx6djNqUGJZViIsInFyYyI6InNoZXVlQDdoYWlyY2FyZS5jb20iLCJpYXQiOjE3MTQwNzAyMTMsImV4cCI6MTcxNDA3MDMzM30.KjLJF5iiSFKdw41uUQwdDBQjolY0kxSFZb7HDP4uVI8 false
                            • Avira URL Cloud: phishing
                            		 unknown
                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87a07069393b53b7/1714070194214/ypZU3uoYL2TKkUO false
                              		high