Source: https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm |
SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering |
Source: Yara match |
File source: 4.15.pages.csv, type: HTML |
Source: Yara match |
File source: 4.24.pages.csv, type: HTML |
Source: Yara match |
File source: 4.21.pages.csv, type: HTML |
Source: Yara match |
File source: 4.18.pages.csv, type: HTML |
Source: https://4odq.cxnev1.ru/1L9z9v39/ |
Matcher: Template: captcha matched |
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=63zqkenm1gfs |
Matcher: Template: captcha matched |
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC |
Matcher: Template: captcha matched |
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=c7ns1b39xrgu |
Matcher: Template: captcha matched |
Source: https://4odq.cxnev1.ru/1L9z9v39/ |
HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="https://www.google.com/recaptcha/api.js?render=explicit"></script> <meta http-equiv="X-UA-Compatible" content="IE=edg... |
Source: Chrome DOM: 1.1 |
ML Model on OCR Text: Matched 83.2% probability on "Payment Information Help File Home Insert Draw View Editing 19 12 Styles v Tags A Secure File Has Been Shared With You Thursday, April 25, 2024 11:14 AM THE FOLLOWING PAYMENT HAS BEEN REMITTED. Payment: Electronic Payment Date Currency Apr 25 2024 USD $87, 198 oo Amount Click below for more details on payment and invoice number Files (145KB) View Files NOTICE TO RECIPIENTS The information contained in and accompanying this communication may be confidential, subject to legal privilege, or otherwise protected from disclosure, and is intended solely for the use of the intended recipient(s). If pu are not the intended recipient of this communication, please delete and destroy all copies (including any attachments) in your possession, notify the sender that you have received this communication in error, and note that any review or dissemination of, or the taking of any action in reliance on, this communication is expressly prohibited. " |
Source: Chrome DOM: 1.6 |
ML Model on OCR Text: Matched 92.9% probability on "Payment Information Guest Contributor File Home Insert Draw View Help Viewing Tell me what you want to do 19 Styles v Tags Payment Information A Secure File Has Been Shared With You P Payment Remittance A Secure File Has Been S... Thursday, April 25, 2024 11:14 AM THE FOLLOWING PAYMENT HAS BEEN REMITTED. Payment: Electronic Payment Date Currency Apr 25 2024 USD $87, 198 oo Amount Click below for more details on payment and invoice number Files (145KB) View Files NOTICE TO RECIPIENTS The information contained in and accompanying this communication may be confidential, subject to legal privilege, or otherwise protected from disclosure, and is intended solely for the use of the intended recipient(s). If pu are not the intended recipient of this communication, please delete and destroy all copies (including any attachments) in your possession, notify the sender that you have received this communication in error, and note that any review or dissemination of, or the taking of any action in reliance on, this communication is expressly prohibited. " |
Source: https://4odq.cxnev1.ru/1L9z9v39/ |
HTTP Parser: No favicon |
Source: https://4odq.cxnev1.ru/1L9z9v39/ |
HTTP Parser: No favicon |
Source: https://4odq.cxnev1.ru/1L9z9v39/ |
HTTP Parser: No favicon |
Source: https://4odq.cxnev1.ru/1L9z9v39/ |
HTTP Parser: No favicon |
Source: https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmgZjcGPq9rbEGIjCHdQ87I_8X7EpERwXOCmmjL9oKAXFr96F1WOmI1XIOeJbDFyiByqh7q9vy5JBTwvAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM |
HTTP Parser: No favicon |
Source: https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmgZjcGPq9rbEGIjCHdQ87I_8X7EpERwXOCmmjL9oKAXFr96F1WOmI1XIOeJbDFyiByqh7q9vy5JBTwvAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=p3PtVr9Rtc4zmVzsCHKovX43dv5ANmW4EHR9iS5ZRMIIERAfjGKzDw3w1miK0y9PbgnSQoncU4tpDcwY7U7I3H8AzWBIeIONPriGr-t350iz5rLlDnHnMsn8yHgPokxAlmiESfF9AloqhxAdR76omyagk91xvML4Zgl45cqaApyGFdTskMdQ5ovLMg_jWYZPNfaQGMkckH4WakBpGFZsgOrmbnGxvK-bAkHbTTEPDuj2EcntrL5pG7v9LQ6p5TbmtOdzjdBPXkSX3nRP41yJg3vY3C02z8E&cb=b3wwlq48xfop |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=63zqkenm1gfs |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=63zqkenm1gfs |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=c7ns1b39xrgu |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=c7ns1b39xrgu |
HTTP Parser: No favicon |
Source: unknown |
HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.4:49746 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.4:49751 version: TLS 1.2 |
Source: |
Binary string: d(64967);this.Le||(null!==this.nib&&(w.a.removeHandler(window.self,"scroll",this.nib),w.a.removeHandler(window.self,"resize",this.$rc),this.$rc=this.nib=null),X.la&&X.la.gB&&this.p4&&this.Bi&&X.la.gB.Kr(this.p4,this.Bi),this.hd=this.Zm=this.Bi=null,this.nXa&&this.nXa.BUd&&this.nXa.vJd(),this.nXa=null,this.Ab&&G.a.xAa(this.Ab)&&this.iz(this.vB),this.rz=this.mv=this.L$=this.v_a=this._body=this.gh=this.Gma=this.p4=this.Io=this.nJ=this.pJ=this.oJ=this.oz=this.xL=this.Ab=this.Pdb=this.vB=null,L.KE=null, source: chromecache_289.2.dr |
Source: |
Binary string: this.vB.className="WACDialogOuterContainer";this.Pdb=this.gh.createElement("div");this.Pdb.id=this.eh("WACDialogInnerContainer");this.Pdb.className="WACDialogInnerContainer";this.Ab=this.gh.createElement("div");this.Ab.id=this.eh("WACDialogPanel");this.Ab.className=X.la&&X.la.Ra.LG?"MLRVisualRefresh "+this.jFe:this.jFe;this.Pgc&&(this.Ab.className+=" FullDocumentPanel");X.i0e?this.Ab.setAttribute(P.a.Ac,P.a.Wtc):this.Ab.setAttribute(P.a.Ac,P.a.Lwd);this.Ab.setAttribute(P.a.yR,this.eh("WACDialogTitleText")); source: chromecache_289.2.dr |
Source: |
Binary string: (this.Sf.close(),this.Sf=null)}static get instance(){return Oa.xa||(Oa.xa=new Oa(()=>f.a.instance.Aa("Common.Interface.IEditNotificationManager")))}static get rRf(){return Oa.sfb||(Oa.sfb=f.a.instance.resolve("Wonca.KickoutExecutor"))}}Oa.xa=null;Oa.sfb=null;(0,T.a)(Oa,"WordAutoSaveOperation",null,[]);class Na extends S.a{constructor(Aa,Va,sb,vb,Tb,Lb,Hb,ac,Jb,hb,ec,lc,Uc,Vb,qa,tb,Mb,Yb,Ub,nc){super();this.VU=null;this.$Ee=new F.a;this.Le=this.l5=!1;this.pDb=0;this.UU=[];this.Gjc=!1;this.JNe="";this.kOe= source: chromecache_289.2.dr |
Source: |
Binary string: da.firstChild):this.L$.insertBefore(this.vB,this.L$.firstChild)}else this.L$.insertBefore(this.vB,this.L$.firstChild);this.vB.appendChild(this.Pdb);this.Pdb.appendChild(this.Ab);this.nib||(this.nib=this.Ksj,this.$rc=(0,k.a)(this,this.Poe,"sizeFix"),w.a.addHandler(window.self,"scroll",this.nib),w.a.addHandler(window.self,"resize",this.$rc));this.Bi=new B(this.Ab);X.la&&X.la.gB.In(this.p4,this.Bi);L.POb()&&this.Khj()}QRc(X,da){const ba=this.gh.createElement("button");this.CGa[X]=ba;ba.id=this.eh(da); source: chromecache_289.2.dr |
Source: |
Binary string: (this.yu=f.a.instance.Aa("Box4.ITypingProcessManager"))}get E6(){return this.pDb}get jT(){return this.aWg}get V7(){return!this.jgb.kVb}K9b(Aa){this.jgb.kVb=!Aa}get lN(){return this.bY}get PBd(){return this.Mfc}Up(Aa,Va,sb){sb=void 0===sb?null:sb;const vb=new F.a;vb.add((new Date).toISOString());vb.add(Aa);vb.add(Va);sb&&vb.add(sb);Aa=vb.toArray().join("|");this.$Ee.add(String.format("[{0}]",Aa))}Lgg(){this.Up("logRetrvl","call",this.lN);return this.$Ee.toArray().join("")}w6b(Aa){this.VA.B5a(Aa,sa.b(Aa.RevisionList[0].BaseId), source: chromecache_289.2.dr |
Source: |
Binary string: null;this.o_a=t;this.pdb=-1;this.Agc=0;this.xgc=0<t.B1.length?t.B1[0]:w.empty}moveNext(){this.pdb++;this.pdb===this.xgc.Yob?(this.my=this.o_a.pda[this.Agc++],this.pdb=this.xgc.T4a-1,this.xgc=this.Agc<this.o_a.b8a?this.o_a.B1[this.Agc]:w.empty):this.my=this.pdb<this.o_a.RY.length?this.o_a.RY[this.pdb]:null;return!!this.current}reset(){this.pdb=-1;this.Agc=0;this.my=null;this.xgc=0<this.o_a.B1.length?this.o_a.B1[0]:w.empty}get current(){return this.my}$u(){throw Error.notImplemented();}}(0,T.a)(F,"TableRowOrCellMixedContextIterator", source: chromecache_289.2.dr |
Source: |
Binary string: if(0<(this.enabled&1)){if(!Aa)return this.jT.event(-4),!1;if(this.wn())return this.pDb=Va,Aa=this.MSd(),this.jT.event(Aa?8:-3),!Aa}if(!Aa)return this.pDb=Va,this.jT.event(-1),!1;if(0<(this.enabled&2)&&this.Qqi()){if(!this.a5a())return this.jT.event(-1),!1;Aa=this.MSd();this.jT.event(Aa?7:-3);return!Aa}this.sq.$W();this.jT.event(-2);return!1}get eYd(){return!this.wn()&&(!this.aB||""===this.aB)}WEf(){return this.sq.LBa()}hTd(){let Aa;Aa=this.pDb;if(this.hvc&&this.V7&&this.elb&&this.eH){const Va=this.eH.fve()? source: chromecache_289.2.dr |
Source: |
Binary string: null}vxc(a,c){this.pii();var n=Object.assign(new dg,{wf:a.wf});n=new HE.a(n,this.PDb,null);n.dataSource=a.dataSource;if(!n.S7e(a.NKc,null))throw Error.create("Jewel could not be built");if(a=n.Xy)a.Dr=c,a.ARc();return a}pii(){this.PDb=cd.a.createElement("div");this.PDb.id="jewelcontainer";this.PDb.className="cui-jewel-container";this.PDb.style.display="block"}}(0,S.a)(VC,"LegacyFileMenuFactory",null,[1147]);class ju{constructor(a,c,n){this.Tac=a;this.WLe=this.Tac.qCa;this.sOc=d.a.instance.Aa("Common.IOfficeTrialExperience"); source: chromecache_306.2.dr |
Source: |
Binary string: appChrome.api.dispatch(Q));return 32};u.AFrameworkApplication.sa.na(Pa.a.oca,Zb.a.frame,this.Qdj)}k0d(){appChrome.api.dispatch(appChrome.actions.updateFileMenuExpandedValue(!0))}GW(){}ARc(){}LGd(){}}(0,S.a)(zf,"ReactFileMenu",null,[1068]);class fA{vxc(){const a=new zf,c=[];c.push(appChrome.actions.updateFileMenuExpandedValue(!1));c.push(appChrome.actions.updateFileMenuDisabledValue(!1));appChrome.api.dispatch(c);return a}}(0,S.a)(fA,"ReactFileMenuFactory",null,[1147]);var HE=V(24363);class VC{constructor(){this.PDb= source: chromecache_306.2.dr |
Source: |
Binary string: void 0===aa?!1:aa;super(document.createElement("div"));this.Pgc=this._id=null;this.jFe="WACDialogPanel";this.Mlc=this.L$=this.v_a=this._body=this.Gma=this.p4=this.rl=this.Ab=this.Pdb=this.vB=this.Io=this.nJ=this.pJ=this.oJ=this.oz=this.xL=this.$rc=this.nib=this.nXa=this.Bi=this.hd=this.Zm=this.Vs=this.n0=this.SD=this.Xwa=null;this.xmc="OK";this.Hma="Cancel";this.iDe="Close";this.Xsd="Yes";this.Wid="No";this.$Ue="Retry";this.USe="Permanently Delete";this.qWe="Share and notify";this.Acb="Action";this.chb= source: chromecache_289.2.dr |
Source: |
Binary string: "HandleVisibilityChange IsAppHidden {0}, ReplicatedWhileHidden {1}",2===Va.newState,this.eUc),2!==Va.newState&&this.eUc&&(this.eUc=!1,this.sq.yqf(),this.qY.NW()))}$og(){return B.AFrameworkApplication.$.getBooleanFeatureGate("Microsoft.Office.OneNoteOnline.ONOReplicateEarlyWhenVisibleAgain",!1)}get Icc(){return this.wsd}set Icc(Aa){this.wsd=Aa}b5a(){this.pDb=K.AReplicationScheduler.WNc;if(this.pc&&2===this.pc.status)return this.jT.event(-3),!0;if(this.Le||this.l5)return this.jT.event(1),!1;if(this.NBe&& source: chromecache_289.2.dr |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.46.162.224 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.213.224.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm HTTP/1.1Host: usigroups-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /personal/js_usigroups_com/_layouts/15/Doc.aspx?sourcedoc=%7B4275c7cd-9559-49b5-9e00-8913e67b2426%7D&action=default&slrid=72b922a1-606a-5000-1e3f-a1efd5f66a0e&originalPath=aHR0cHM6Ly91c2lncm91cHMtbXkuc2hhcmVwb2ludC5jb20vOm86L3AvanMvRXMzSGRVSlpsYlZKbmdDSkUtWjdKQ1lCVVRadmQxWkNNUXdaaGhsUW95X2hEdz9ydGltZT1femwzd01abDNFZw&cid=1ce6514f-d17e-4450-a36c-695e66f4f888&_SRM=0:G:105 HTTP/1.1Host: usigroups-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2UzZTQyMjNiNWUyYzNhMzg2N2RhNWE3NjVjYjI0ZDQ1Yjk5ZjlmMTllZWViNTNlYTA4ZTgzNGQ3ODZiZTBiM2QsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTNlNDIyM2I1ZTJjM2EzODY3ZGE1YTc2NWNiMjRkNDViOTlmOWYxOWVlZWI1M2VhMDhlODM0ZDc4NmJlMGIzZCwxMzM1ODU5MjI0ODAwMDAwMDAsMCwxMzM1ODY3ODM0ODY1ODA3NzcsMC4wLjAuMCwyNTgsOWY1YWU1ZTAtZjQ2OC00NGMyLThiYWEtZTZlN2JjMzZjNzEwLCwsNzJiOTIyYTEtNjA2YS01MDAwLTFlM2YtYTFlZmQ1ZjY2YTBlLDcyYjkyMmExLTYwNmEtNTAwMC0xZTNmLWExZWZkNWY2NmEwZSw4dmZuak5wRUQwYWxOc2RkRlZ5Tzd3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTMzMDYsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LE83Z1N1Wi9VQ2FKVEs5a2oyZjdVbzQ1S3E2K0dYb3RYazA2QTc4cXIzbmU4VUN1R1Z1S3JxaWVhT2p5RGhRNE1kMU9MVEQzem8vMjRPMis2UU0vTlpLK281WmJRQXVGOVdKK2xaRGVUd1FLOEFrSEk3SGRLcnplNmNtTVd4YytXbnArdkd0bmFoSUdsQlpSU1ZQYzlUcWR4Q3BlSUMxeDVTOURkUjM1QzB3QlhTRXEwT3FrOVMyWGJ5YnRXdmJMeURib0JjWjRQbm0wd21IV21kVjBOWmV4MDlVOXc0RXZCaEdHdGxvdG83TVNXRjYycExKQ09nZllZOHFLaGVZR1RTNk9oTmRrYWxnUXFzVzlQa0oyYkdXYWVneUtsY21HRUJoRHlLckpTUkU1QVRZR2p2cjJMR3E0WkRDSlRzYjU5c29PVUpPbjFUbmIzOG8wYUdEa1Fldz09PC9TUD4= |
Source: global traffic |
HTTP traffic detected: GET /wise/owl/owl.slim.904b646243df598ab119.js HTTP/1.1Host: wise.public.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://usigroups-my.sharepoint.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /wise/owl/onenote-boot.9b8b959024767cc8e6ba.js HTTP/1.1Host: wise.public.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.17601.41008&waccluster=PUS6&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
Source: global traffic |
HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.17601.41008&waccluster=PUS6&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
Source: global traffic |
HTTP traffic detected: GET /o/OneNote.ashx HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
Source: global traffic |
HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.17601.41008&waccluster=PUS6&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
Source: global traffic |
HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.17601.41008&waccluster=PUS6&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
Source: global traffic |
HTTP traffic detected: GET /o/OneNoteS2SHandler.ashx?action=eduproperties¬ebookid=1-4275C7CD-9559-49B5-9E00-8913E67B2426&isteacher=false&isstudent=false&WOPIsrc=https%3A%2F%2Fusigroups%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjs%5Fusigroups%5Fcom%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkRhREFmalFRbXB5T1h4MlJyS19XNWx2b0xaNCJ9%2EeyJhdWQiOiJ3b3BpL3VzaWdyb3Vwcy1teS5zaGFyZXBvaW50LmNvbUA5ZjVhZTVlMC1mNDY4LTQ0YzItOGJhYS1lNmU3YmMzNmM3MTAiLCJpc3MiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAOTAxNDAxMjItODUxNi0xMWUxLThlZmYtNDkzMDQ5MjQwMTliIiwibmJmIjoiMTcxNDExODM0OSIsImV4cCI6IjE3MTQxNTQzNDkiLCJuYW1laWQiOiIwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwibmlpIjoibWljcm9zb2Z0LnNoYXJlcG9pbnQiLCJpc3VzZXIiOiJ0cnVlIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwic2hhcmluZ2lkIjoiOHZmbmpOcEVEMGFsTnNkZEZWeU83dyIsImlzbG9vcGJhY2siOiJUcnVlIiwiYXBwY3R4IjoiNDI3NWM3Y2Q5NTU5NDliNTllMDA4OTEzZTY3YjI0MjY7c1ZtbkxOWURWd2dubCtuUXVkQXBEeVdvMkdjPTtEZWZhdWx0OzVjZWViOGY3NDc1OTQ5ZjJhOGM3YThlODQ3YmRmYWMyOztUcnVlOzs7NTEyOzcyYjkyMmExLTUwOGQtNTAwMC0xZTNmLWFiOWZjMmJhOTc1ZSIsImZpZCI6IjE5MzMwNiJ9%2EePS3sOzS493VKhzLhTVvLpZO116QM2mYnfdRC%2DlGpxzBDH9%5FYJe9eXoQ3MIJgGNGZp5%5F8TcOZEr15P4Pk9mgKPCwE7CMq1RYtBsbRwUv9rHGMrcs5qQl1eR7DrAnof1hHaHtbZ0b55Cyjb6Nnfh0xymyWvjTqJ1exVPobvfSPUnuxEjLaaLLkv9muiYzVNqWhQRx%5FuD2RA7fUkT1ewDaUGa43dC2zN3y1tEpFDPrJjR83Ot3WdRqh1IGKH8uc9FE4VdI8k%5FY8zjLO%2DAXbtnFCEqMMfIBFQV1dK6GIUAwWeti0adP%5FkPPsz3XCUmB9yDFmG6Jt31iyv47vycxWbiBBg&access_token_ttl=1714154349045 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-WacFrontEnd: SN3PEPF000091BAX-OfficeVersion: 16.0.17601.41008X-Key: n6IDxhd6wnn64lDiT/v29/IwfRsPGkZ9Q2pSUeWOyWY=;mFis2L6vMsBNOxnijIg4A5JcpQZjdzxFJ7ALVqUl65I=,638497151517007624X-WacUserAgent: MSWACONSyncX-Requested-With: XMLHttpRequestX-xhr: 1sec-ch-ua-platform: "Windows"haep: 3X-UserSessionId: d19e0541-59c5-9a5e-8e10-18de22c9153fOrgIdSiteUrl: https%3A%2F%2Fusigroups%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjs%5Fusigroups%5Fcomsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-UserType: WOPI |