Click to jump to signature section
| Source: https://pivitai.net | Matcher: Template: microsoft matched with high similarity |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true | Matcher: Template: microsoft matched with high similarity |
| Source: Yara match | File source: 0.0.pages.csv, type: HTML |
| Source: Yara match | File source: 1.1.pages.csv, type: HTML |
| Source: Yara match | File source: 1.3.pages.csv, type: HTML |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true | Matcher: Found strong image similarity, brand: MICROSOFT |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&sc | Matcher: Template: microsoft matched |
| Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx | Matcher: Template: microsoft matched |
| Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx | Matcher: Template: microsoft matched |
| Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx | Matcher: Template: microsoft matched |
| Source: Adobe Acrobat PDF | OCR Text: DocuSign Account AP sent a new document to review and sign. REVIEW DOCUMENT Please DocuSign & PAYMENT INSTRUCTION 04-22-24 (Updated). Hi Signee, Please review and approve the enclosed revised & PAYMENT INSTRUCTION 04-22-24 (Updated) documents. Click on the button above to review and electronically sign the document. No hard copy is required when DocuSign is utilized. by Microsoft Do Not Share This Email This email contains a secure link to DocuSign. Please do not share this email, link, or access Vith others. About DocuSign Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an offce, at home, on-the-go or even across the globe DocuSign provides a professional trusted solution for Digital Transaction Management. Que<ions about the Document? If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly. Stop receiving this email Report this email or read more about Declining to sign and Managing notifications. If you are having trouble signing the document, please visit the Help nith Signing page on our Support Center. [hwnload the DocuSign App If you nould rather not receive email from this ender you may mntact the ender with your requed. |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true | HTTP Parser: Iframe src: https://bdfdbdf.pivitai.net/owa/prefetch.aspx |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true | HTTP Parser: Iframe src: https://bdfdbdf.pivitai.net/owa/prefetch.aspx |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true | HTTP Parser: Number of links: 0 |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH | HTTP Parser: Base64 decoded: function c(){if(!document.querySelector(".b") || !document.querySelector(".g")){document.head.appendChild(Object.assign(document.createElement("div"),{classList:["b"]}));document.documentElement.style.filter="hue-rotate(4deg)";document.head.appendChild(Ob... |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok | HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok | HTTP Parser: Script src: data:text/javascript;base64,ZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcigiRE9NQ29udGVudExvYWRlZCIsKGZ1bmN0aW9uKCl7ZnVuY3Rpb24gZShlKXtyZXR1cm4gbmV3IFByb21pc2UoKHQ9Pntjb25zdCBuPWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoZSk7aWYobilyZXR1cm4gdChuKTtjb25zdCBvPW5ldyBNdXRhdGlvbk |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok | HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok | HTTP Parser: Script src: data:text/javascript;base64,ZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcigiRE9NQ29udGVudExvYWRlZCIsKGZ1bmN0aW9uKCl7ZnVuY3Rpb24gZShlKXtyZXR1cm4gbmV3IFByb21pc2UoKHQ9Pntjb25zdCBuPWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoZSk7aWYobilyZXR1cm4gdChuKTtjb25zdCBvPW5ldyBNdXRhdGlvbk |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok | HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok | HTTP Parser: Script src: data:text/javascript;base64,ZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcigiRE9NQ29udGVudExvYWRlZCIsKGZ1bmN0aW9uKCl7ZnVuY3Rpb24gZShlKXtyZXR1cm4gbmV3IFByb21pc2UoKHQ9Pntjb25zdCBuPWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoZSk7aWYobilyZXR1cm4gdChuKTtjb25zdCBvPW5ldyBNdXRhdGlvbk |
| Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx | HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX |
| Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx | HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX |
| Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx | HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true | HTTP Parser: <input type="password" .../> found |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH | HTTP Parser: No favicon |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true | HTTP Parser: No favicon |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true | HTTP Parser: No favicon |
| Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx | HTTP Parser: No favicon |
| Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx | HTTP Parser: No favicon |
| Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx | HTTP Parser: No favicon |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true | HTTP Parser: No <meta name="author".. found |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true | HTTP Parser: No <meta name="author".. found |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true | HTTP Parser: No <meta name="copyright".. found |
| Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true | HTTP Parser: No <meta name="copyright".. found |
| Source: unknown | HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49703 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49703 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.17:49710 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.17:49711 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49733 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.126.7.32:443 -> 192.168.2.17:49766 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49767 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 23.219.0.175:443 -> 192.168.2.17:49771 version: TLS 1.2 |
| Source: global traffic | HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br |
| Source: Joe Sandbox View | IP Address: 152.199.4.44 152.199.4.44 |
| Source: Joe Sandbox View | IP Address: 104.94.108.142 104.94.108.142 |
| Source: Joe Sandbox View | IP Address: 239.255.255.250 239.255.255.250 |
| Source: Joe Sandbox View | IP Address: 104.21.93.58 104.21.93.58 |
| Source: Joe Sandbox View | JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4 |
| Source: Joe Sandbox View | JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3 |
| Source: Joe Sandbox View | JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.30.122.249 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.206.222.123 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.30.122.249 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.206.222.123 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 104.94.108.142 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 104.94.108.142 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 104.94.108.142 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 104.94.108.142 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 104.94.108.142 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 104.94.108.142 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 104.94.108.142 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 104.94.108.142 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 104.94.108.142 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 104.94.108.142 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.204.76.112 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.204.76.112 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.204.76.112 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.204.76.112 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.204.76.112 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.204.76.112 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.204.76.112 |
| Source: global traffic | HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT |
| Source: global traffic | HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SkP4Hx1tLvaAHe8&MD=VM8OULnM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
| Source: global traffic | HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
| Source: global traffic | HTTP traffic detected: GET /ls/click?upn=u001.KEFiNUywklssADlx7ClhNgjdvMuvho1aW1VM0ypUexGejfcF5XZwY-2B6xtEf4K-2F0OUqW9J0ZCgtiHnuKPgwO57BN4nbMytPQKOXIsVPbDdaBFDQtTyzoa5R25WwanU8fj5yZvqu-2B0aEG-2FQ4kSONuVxLFMM-2FqYS1MSJTaXLSNFuW4lt9FGNOi682M0ACrKV4PH6f0bRGoXVwDSky-2BmaGT29AW5EV3RuTchu-2Boru3Y4Wm16cjugy6y-2F2BOZGZgPXLOR-2FFuMVOmBKDWyrgq2GUQxylBbCGXaTxKLNXuzOh1ksEsgdWOGQpbxMyYTcDgeZTrmeDmO727fKFS9y56TUe-2B-2BoBxWffpolwRAl10klJE3e621FXqSu7J-2BoO4HtcqciqN2yEmVQDTZeOiI4bgA5aknYFJoRzj5hZU63gJGvvMRh8Tqehj6cDyF9iHzG2g-2ByPvGjv9-2BY2hfcC7pMyfhaUZcB007mefDydRUmf5iRpMEgHR9Sg2XT7F31nGyAVtnPUHLCd-2F0y5N0zs-2B-2B-2FZf3TppEDBz4F3-2F6x2TfixqzzHPJHmGaDqIEsVqDag0p1CiLubdh-2BQ9ZwrdhYiMWvARGXRC5xDGIds3LiaJ35XcsroyLybhVsqMnQF-2FGK3qBYg4qiYPmbojMT2hi6OKOruTks5dTxn7bWIIh9iyVhgVqKl911azwSXtdb0Tm9w-2Bm4xTESGeIWacX5XwsvgSZkTgnF2q1XheonEnppza3CcFNYhOKVzSKP-2BlzMVWdhorzfsmpCaugAN1ynPRWwMr3nCm27Kqi2LjVKPmnvGtSA-2BdPJFkoDN2x0HWjiJX4bj-2B5Qie7gT7SHJ30pvX8eXFRnjOdpRN2wQ-3D-3DLEZO_-2B9RHaNlJTuT8Wl45M2xpmvRCZtWd0m9fTP74dNraSGfMgLd3R9QIuzEYL9XI7ldyhHZWVscd7CKMBwn5KQO96mWzbN7-2F2q4GodMF-2Bp-2F1fPX3Lf0iglsshTS0TOMR7hthNJ2CQy9yjw1G5cYyoERctW7e1GyPFYDp6vYSDyV5A4-2BJeBVPfbAvVUxlDOpG6mXhHdLD4qO-2FeBdvvviJNlAFYkkSI7OxVaZQWre8K8FmsEFfFn3tBRDg2y1QkCQbkio5uQVBqj7YZNB-2BirBQxaWLq7mOy73heMnBdF8oJlaD0rwTWaaKAWVo4aiElmNs-2F03diU6TJ2RAZcvQxWsKaj6LQDKVxlH8MellZqpFF9oT00ELhes2kznJXgLyrqkuGkALM5d3zJow1npVj8EdzY-2B-2BnchbUD2q62tvI8AE-2B7kpMhX-2Br64oZOfhYphysBoCXInqXvm9-2F0Vvha-2FctJroCDCPBx2zfhffD0NbMi-2BZ1k3FbKz2fLKoH4Nx7qkPYmAD08JG HTTP/1.1Host: email.wantyourfeedback.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3D HTTP/1.1Host: email.wantyourfeedback.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /wlFGCNZO HTTP/1.1Host: dyjt.pivitai.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3D HTTP/1.1Host: email.wantyourfeedback.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /wlFGCNZO HTTP/1.1Host: dyjt.pivitai.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /owa/ HTTP/1.1Host: bdfdbdf.pivitai.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d |
| Source: global traffic | HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH HTTP/1.1Host: dfgrt.pivitai.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d |
| Source: global traffic | HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: wreg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d |
| Source: global traffic | HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true HTTP/1.1Host: dfgrt.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UHAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d; esctx-3UthQiNWeYA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IBaozxtGlk9P_MZmIstVk93o4LiNrXf0bizuXBgbTY70owvrgpnWlSUx1zGJjIhc3Iunu-oKF4oU8rlO43wX8g0ruZ4KdBe8tJ0I7b7XGMikWIa8HWOF1zjbbBIYxjgiZWvk-fUQ1b7PgUm_UebpoyAA; fpc=Aklos_I7PTVNnQgzHKlcwXQ; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8NOyYEDa-V5afKvKYt4dy5p5NwnVj7EKdnpgsar5OU14_SrjYe1SvjEDghyftj1pHfqv-2Okr3H7w3gHZ2d_GzR_cqQTJpNCgvkCZJ8ndyBpEZqN6LODtSyHiSCwLAkP-zUp9VxBA7dSmn1WLsp4gh_FMnYbnTj6z4M0brj-a-b0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED= |
Edit tour
Acrobat.exe (PID: 6972 cmdline: 
AcroCEF.exe (PID: 6192 cmdline: 
chrome.exe (PID: 7844 cmdline: 
