Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449

Overview

General Information

Sample URL:https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449
Analysis ID:1602657
Infos:

Detection

HTMLPhisher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected HtmlPhish10
AI detected suspicious Javascript
AI detected suspicious URL
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Invalid 'sign-in options' or 'sign-up' link found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 6472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2036,i,4891518218741783531,6540536323889875317,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 6980 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4172 --field-trial-handle=2036,i,4891518218741783531,6540536323889875317,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 3792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_197JoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    1.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449Avira URL Cloud: detection malicious, Label: phishing
      Antivirus detection for URL or domain
      Source: https://office365-com.loginprotected.com/css/phished.8a2460a2c8885a0e.cssAvira URL Cloud: Label: phishing
      Source: https://office365-com.loginprotected.com/Account/image/6fbf54d3-1da3-413a-809a-ee92dce94dd3?mw=85&mh=85&local=0&c=491791Avira URL Cloud: Label: phishing
      Source: https://office365-com.loginprotected.com/css/data-entry.63c23b0c7d008ec5.cssAvira URL Cloud: Label: phishing
      Source: https://office365-com.loginprotected.com/js/dist/common.b642db49ef199113.jsAvira URL Cloud: Label: phishing
      Source: https://office365-com.loginprotected.com/css/project.1d98791b1d2659cb.cssAvira URL Cloud: Label: phishing
      Source: https://office365-com.loginprotected.com/favicon.icoAvira URL Cloud: Label: phishing
      Source: https://office365-com.loginprotected.com/s3/training_modules/Banners/F0F0F0%20-%201280x95.pngAvira URL Cloud: Label: phishing
      Source: https://office365-com.loginprotected.com/Phished/trackProgress.jsonAvira URL Cloud: Label: phishing
      Source: https://office365-com.loginprotected.com/css/base.d6d46c33440dbc6d.cssAvira URL Cloud: Label: phishing

      Phishing

      barindex
      AI detected phishing page
      Source: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and is commonly associated with domains like 'microsoft.com' and 'office.com'., The URL 'office365-com.loginprotected.com' does not match the legitimate domain 'office.com'., The use of 'office365-com' as a subdomain is suspicious and suggests an attempt to mimic the legitimate 'office.com'., The domain 'loginprotected.com' is not associated with Microsoft or Office 365, which raises suspicion., The presence of input fields for 'Email, phone, or Skype' is typical for phishing attempts targeting Microsoft accounts. DOM: 1.0.pages.csv
      Yara detected HtmlPhish10
      Source: Yara matchFile source: 1.0.pages.csv, type: HTML
      Source: Yara matchFile source: dropped/chromecache_197, type: DROPPED
      AI detected suspicious Javascript
      Source: 0.0.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://office365-com.loginprotected.com/landing/f... This script demonstrates high-risk behavior by redirecting users to a suspicious domain (https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449) when the 'submit' button is clicked. This is likely a phishing attempt to collect user data, which is a clear indicator of malicious intent.
      AI detected suspicious URL
      Source: https://office365-com.loginprotected.comJoe Sandbox AI: The URL 'https://office365-com.loginprotected.com' appears to be attempting to mimic Microsoft's Office 365 service. The use of 'office365-com' as a subdomain is a structural manipulation that closely resembles the legitimate 'office.com' domain. The addition of '365' is a common reference to Microsoft's Office 365 product, increasing the likelihood of user confusion. The main domain 'loginprotected.com' does not have a clear association with Microsoft, which suggests a potential typosquatting attempt. The use of a subdomain to include 'office365-com' is a tactic often used to deceive users into believing they are accessing a legitimate service. The similarity score is high due to the structural resemblance and the use of a well-known brand name, while the spoofed score reflects the likelihood of this being a deceptive URL designed to mislead users.
      Source: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: Number of links: 0
      Source: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: Base64 decoded: {"uniqueLink":"47677232-3f6e-4ada-9e1b-0dba51f37449","moduleId":null,"startingSlide":2,"isBrandingPreview":null,"uuid":"6fbf54d3-1da3-413a-809a-ee92dce94dd3","urlSmall":"https:\/\/infosec-iq-na-customer-public.s3.amazonaws.com\/brandings\/8d9588f5-cb6d-4e...
      Source: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: Title: Outlook - Sign in does not match URL
      Source: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: Invalid link: Sign-in options
      Source: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: No favicon
      Source: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: No favicon
      Source: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: No favicon
      Source: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: No favicon
      Source: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: No favicon
      Source: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: No favicon
      Source: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: No favicon
      Source: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: No favicon
      Source: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: No favicon
      Source: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: No favicon
      Source: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: No favicon
      Source: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: No <meta name="author".. found
      Source: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449HTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49760 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49878 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50114 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50141 version: TLS 1.2
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.34
      Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.34
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449 HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /css/data-entry.63c23b0c7d008ec5.css HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: csrf=sqJBL55%2FwUsMGIiW0AFti2E1ZGIxYWYxNzRiNmQ4ZWNjNjlmOTdkZDYzNjI4MWRjMzhiMDExMDc%3D
      Source: global trafficHTTP traffic detected: GET /infosec-iq-unlayer-na/1678439158353-logo.png HTTP/1.1Host: s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /infosec-iq-unlayer-na/1678439158353-logo.png HTTP/1.1Host: s3.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: csrf=sqJBL55%2FwUsMGIiW0AFti2E1ZGIxYWYxNzRiNmQ4ZWNjNjlmOTdkZDYzNjI4MWRjMzhiMDExMDc%3D
      Source: global trafficHTTP traffic detected: GET /phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449 HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: csrf=sqJBL55%2FwUsMGIiW0AFti2E1ZGIxYWYxNzRiNmQ4ZWNjNjlmOTdkZDYzNjI4MWRjMzhiMDExMDc%3D
      Source: global trafficHTTP traffic detected: GET /css/base.d6d46c33440dbc6d.css HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: csrf=sqJBL55%2FwUsMGIiW0AFti2E1ZGIxYWYxNzRiNmQ4ZWNjNjlmOTdkZDYzNjI4MWRjMzhiMDExMDc%3D
      Source: global trafficHTTP traffic detected: GET /css/project.1d98791b1d2659cb.css HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: csrf=sqJBL55%2FwUsMGIiW0AFti2E1ZGIxYWYxNzRiNmQ4ZWNjNjlmOTdkZDYzNjI4MWRjMzhiMDExMDc%3D
      Source: global trafficHTTP traffic detected: GET /css/phished.8a2460a2c8885a0e.css HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: csrf=sqJBL55%2FwUsMGIiW0AFti2E1ZGIxYWYxNzRiNmQ4ZWNjNjlmOTdkZDYzNjI4MWRjMzhiMDExMDc%3D
      Source: global trafficHTTP traffic detected: GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://office365-com.loginprotected.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /js/dist/common.b642db49ef199113.js HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: csrf=sqJBL55%2FwUsMGIiW0AFti2E1ZGIxYWYxNzRiNmQ4ZWNjNjlmOTdkZDYzNjI4MWRjMzhiMDExMDc%3D
      Source: global trafficHTTP traffic detected: GET /brandings/8d9588f5-cb6d-4e37-874e-e3af395dc708-w120xh60.png HTTP/1.1Host: infosec-iq-na-customer-public.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://office365-com.loginprotected.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/index.html HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://office365-com.loginprotected.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /brandings/8d9588f5-cb6d-4e37-874e-e3af395dc708-w120xh60.png HTTP/1.1Host: infosec-iq-na-customer-public.s3.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/js/CPXHRLoader.js HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /js/dist/common.b642db49ef199113.js HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: csrf=sqJBL55%2FwUsMGIiW0AFti2E1ZGIxYWYxNzRiNmQ4ZWNjNjlmOTdkZDYzNjI4MWRjMzhiMDExMDc%3D
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/css/CPLibraryAll.css HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/loader.gif HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/js/CPXHRLoader.js HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/js/jquery-1.11.3.min.js HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/loader.gif HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/js/jquery-1.11.3.min.js HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/js/CPM.js HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/playbarScript.js HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/js/CPM.js HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/imgmd.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/playbarScript.js HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/imgmd.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img9.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img3.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img4.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img5.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img7.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img6.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/Play_icon.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/css/CPLibraryAll.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img9.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/ccClose.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img7.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img3.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/Pause2x.gif HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/Play2x.gif HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img5.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/expand_icon.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img4.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturemobileicon@2x.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img6.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturemobilelandscape.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/Play_icon.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturetabletimage.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/img_trans.gif HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/placeholder.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/blankBookmark.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/fullBookmark.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/ccClose.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/Pause2x.gif HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturemobileicon@2x.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/expand_icon.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/Play2x.gif HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturemobilelandscape.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/visited.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/searchBtnNormal.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/searchBtnSelect.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/expander.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturetabletimage.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/infoClose.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/placeholder.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/go.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/img_trans.gif HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/blankBookmark.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/fullBookmark.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/clear.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/visited.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/expandIcon.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/searchBtnNormal.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/collapseIcon.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/moreinfo.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/searchBtnSelect.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/expander.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/AudioOff.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/infoClose.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/go.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/AudioOn.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/clear.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/BackGround.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/collapseIcon.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Color.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/ColorSmall.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/expandIcon.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/moreinfo.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/CC.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Exit.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/AudioOff.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Glow.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/AudioOn.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/GlowSmall.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/BackGround.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Height.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Play.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Pause.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/InnerShade.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/InnerShadeSmall.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Color.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/ColorSmall.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/CC.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Exit.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Glow.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/TOC.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/GlowSmall.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Height.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/ar/3362380.mp3 HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, *;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Language: en-US,en;q=0.9Range: bytes=0-
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Play.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturemobileicon.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/css/CPLibraryAll.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Pause.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/InnerShade.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/InnerShadeSmall.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/TOC.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturemobileicon.png HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /s3/training_modules/Banners/F0F0F0%20-%201280x95.png HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://d2jy5x0e9hfodo.cloudfront.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /Account/image/6fbf54d3-1da3-413a-809a-ee92dce94dd3?mw=85&mh=85&local=0&c=491791 HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://d2jy5x0e9hfodo.cloudfront.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/wor/wo_3437250/wo30116347121171.html HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/NameTemplates/MasterProducedBy.html HTTP/1.1Host: securityiq.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://d2jy5x0e9hfodo.cloudfront.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img1.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/ar/993248.mp3 HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, *;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Language: en-US,en;q=0.9Range: bytes=0-
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/ar/993243.mp3 HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, *;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Language: en-US,en;q=0.9Range: bytes=0-
      Source: global trafficHTTP traffic detected: GET /brandings/8d9588f5-cb6d-4e37-874e-e3af395dc708-w85xh85.png HTTP/1.1Host: infosec-iq-na-customer-public.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://office365-com.loginprotected.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /Phished/trackProgress.json HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: csrf=sqJBL55%2FwUsMGIiW0AFti2E1ZGIxYWYxNzRiNmQ4ZWNjNjlmOTdkZDYzNjI4MWRjMzhiMDExMDc%3D
      Source: global trafficHTTP traffic detected: GET /Phished/trackProgress.json HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: csrf=sqJBL55%2FwUsMGIiW0AFti2E1ZGIxYWYxNzRiNmQ4ZWNjNjlmOTdkZDYzNjI4MWRjMzhiMDExMDc%3D
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: csrf=sqJBL55%2FwUsMGIiW0AFti2E1ZGIxYWYxNzRiNmQ4ZWNjNjlmOTdkZDYzNjI4MWRjMzhiMDExMDc%3D
      Source: global trafficHTTP traffic detected: GET /brandings/8d9588f5-cb6d-4e37-874e-e3af395dc708-w85xh85.png HTTP/1.1Host: infosec-iq-na-customer-public.s3.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img1.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/ar/590884.mp3 HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, *;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Language: en-US,en;q=0.9Range: bytes=0-
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img2.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/ar/1426213.mp3 HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, *;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlAccept-Language: en-US,en;q=0.9Range: bytes=0-
      Source: global trafficHTTP traffic detected: GET /Phished/trackProgress.json HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: csrf=sqJBL55%2FwUsMGIiW0AFti2E1ZGIxYWYxNzRiNmQ4ZWNjNjlmOTdkZDYzNjI4MWRjMzhiMDExMDc%3D
      Source: global trafficHTTP traffic detected: GET /training_modules/PhishingInBrief-NA-EN/dr/img2.json HTTP/1.1Host: d2jy5x0e9hfodo.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: office365-com.loginprotected.com
      Source: global trafficDNS traffic detected: DNS query: s3.amazonaws.com
      Source: global trafficDNS traffic detected: DNS query: logincdn.msftauth.net
      Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
      Source: global trafficDNS traffic detected: DNS query: infosec-iq-na-customer-public.s3.amazonaws.com
      Source: global trafficDNS traffic detected: DNS query: d2jy5x0e9hfodo.cloudfront.net
      Source: global trafficDNS traffic detected: DNS query: securityiq.s3.amazonaws.com
      Source: unknownHTTP traffic detected: POST /Phished/trackProgress.json HTTP/1.1Host: office365-com.loginprotected.comConnection: keep-aliveContent-Length: 73sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*Content-Type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://d2jy5x0e9hfodo.cloudfront.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://d2jy5x0e9hfodo.cloudfront.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 321Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: 2122a867-c01e-00e5-7caf-72d025000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: *Date: Thu, 30 Jan 2025 00:42:04 GMTConnection: closeAkamai-GRN: 0.62d53e17.1738197724.220a2ebf
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 321Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: 19f506d4-d01e-0003-67af-72b5aa000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: *Date: Thu, 30 Jan 2025 00:42:04 GMTConnection: closeAkamai-GRN: 0.62d53e17.1738197724.220a2ec0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Jan 2025 00:42:05 GMTContent-Type: text/htmlContent-Length: 548Connection: closeServer: nginxX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffStrict-Transport-Security: max-age=63072000; includeSubDomains
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Jan 2025 00:42:42 GMTContent-Type: text/htmlContent-Length: 548Connection: closeServer: nginxX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffStrict-Transport-Security: max-age=63072000; includeSubDomains
      Source: chromecache_96.3.drString found in binary or memory: http://fontawesome.io
      Source: chromecache_96.3.drString found in binary or memory: http://fontawesome.io/license
      Source: chromecache_192.3.dr, chromecache_121.3.drString found in binary or memory: http://infosecinstitute.com
      Source: chromecache_126.3.dr, chromecache_79.3.drString found in binary or memory: https://fontawesome.com
      Source: chromecache_126.3.dr, chromecache_79.3.drString found in binary or memory: https://fontawesome.com/license
      Source: chromecache_134.3.drString found in binary or memory: https://fonts.googleapis.com/css?family=Open
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqW106F15M.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWt06F15M.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtE6F15M.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtU6F15M.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtk6F15M.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWu06F15M.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuk6F15M.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWvU6F15M.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWxU6F15M.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4OmY2RjRdE.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4OmYGRjRdE.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4OmYWRjRdE.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4OmYmRjRdE.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4Oma2RjRdE.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4Omb2Rj.woff2)
      Source: chromecache_118.3.drString found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4OmbGRjRdE.woff2)
      Source: chromecache_186.3.dr, chromecache_152.3.drString found in binary or memory: https://github.com/rgrove/lazyload/
      Source: chromecache_128.3.dr, chromecache_134.3.drString found in binary or memory: https://infosec-iq-na-customer-public.s3.amazonaws.com/brandings/8d9588f5-cb6d-4e37-874e-e3af395dc70
      Source: chromecache_197.3.drString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/images/documentation_bcb4d1dc4eae64f0b2b2538209d843
      Source: chromecache_197.3.drString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576b
      Source: chromecache_134.3.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
      Source: chromecache_197.3.drString found in binary or memory: https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449
      Source: chromecache_197.3.drString found in binary or memory: https://s3.amazonaws.com/infosec-iq-unlayer-na/1678439158353-logo.png
      Source: chromecache_192.3.dr, chromecache_121.3.drString found in binary or memory: https://time.akamai.com/?iso
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
      Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
      Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
      Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
      Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
      Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
      Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
      Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
      Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50137
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50136
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50140
      Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
      Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
      Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
      Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
      Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
      Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
      Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
      Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
      Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
      Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
      Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
      Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
      Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
      Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
      Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
      Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
      Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49760 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49878 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50114 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50141 version: TLS 1.2
      Source: classification engineClassification label: mal80.phis.win@20/215@26/14
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2036,i,4891518218741783531,6540536323889875317,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4172 --field-trial-handle=2036,i,4891518218741783531,6540536323889875317,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2036,i,4891518218741783531,6540536323889875317,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4172 --field-trial-handle=2036,i,4891518218741783531,6540536323889875317,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
      Browser Extensions      		1
      Process Injection      		1
      Process Injection      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449100%Avira URL Cloudphishing

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://office365-com.loginprotected.com/css/phished.8a2460a2c8885a0e.css100%Avira URL Cloudphishing
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/js/jquery-1.11.3.min.js0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/AudioOff.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/BackGround.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/fullBookmark.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/clear.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/Play2x.gif0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Play.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Color.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/CC.png0%Avira URL Cloudsafe
      https://office365-com.loginprotected.com/Account/image/6fbf54d3-1da3-413a-809a-ee92dce94dd3?mw=85&mh=85&local=0&c=491791100%Avira URL Cloudphishing
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/imgmd.json0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturemobileicon.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/css/CPLibraryAll.css0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/ar/993248.mp30%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/InnerShadeSmall.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/searchBtnNormal.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img6.json0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img7.json0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/Play_icon.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.html0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img1.json0%Avira URL Cloudsafe
      https://office365-com.loginprotected.com/css/data-entry.63c23b0c7d008ec5.css100%Avira URL Cloudphishing
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img4.json0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturemobileicon@2x.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/TOC.png0%Avira URL Cloudsafe
      https://office365-com.loginprotected.com/js/dist/common.b642db49ef199113.js100%Avira URL Cloudphishing
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/collapseIcon.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/infoClose.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Glow.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/wor/wo_3437250/wo30116347121171.html0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/placeholder.png0%Avira URL Cloudsafe
      https://office365-com.loginprotected.com/css/project.1d98791b1d2659cb.css100%Avira URL Cloudphishing
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/GlowSmall.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/ar/590884.mp30%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/ccClose.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img2.json0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Pause.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/ar/3362380.mp30%Avira URL Cloudsafe
      https://s3.amazonaws.com/infosec-iq-unlayer-na/1678439158353-logo.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/visited.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/ar/993243.mp30%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturetabletimage.png0%Avira URL Cloudsafe
      https://securityiq.s3.amazonaws.com/training_modules/NameTemplates/MasterProducedBy.html0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img9.json0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/InnerShade.png0%Avira URL Cloudsafe
      https://office365-com.loginprotected.com/favicon.ico100%Avira URL Cloudphishing
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/loader.gif0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img3.json0%Avira URL Cloudsafe
      https://office365-com.loginprotected.com/s3/training_modules/Banners/F0F0F0%20-%201280x95.png100%Avira URL Cloudphishing
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/searchBtnSelect.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/playbarScript.js0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/js/CPXHRLoader.js0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/js/CPM.js0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/go.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/blankBookmark.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/img_trans.gif0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/ColorSmall.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Height.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturemobilelandscape.png0%Avira URL Cloudsafe
      https://office365-com.loginprotected.com/Phished/trackProgress.json100%Avira URL Cloudphishing
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/AudioOn.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img5.json0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/ar/1426213.mp30%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Exit.png0%Avira URL Cloudsafe
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/Pause2x.gif0%Avira URL Cloudsafe
      https://office365-com.loginprotected.com/css/base.d6d46c33440dbc6d.css100%Avira URL Cloudphishing
      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/moreinfo.png0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      d2jy5x0e9hfodo.cloudfront.net
      		99.86.1.180
      		truefalse
        		unknown
        s3-w.us-east-1.amazonaws.com
        		16.15.176.52
        		truefalse
          		high
          e329293.dscd.akamaiedge.net
          		2.23.209.34
          		truefalse
            		high
            s3.amazonaws.com
            		3.5.14.149
            		truefalse
              		high
              office365-com.loginprotected.com
              		3.218.11.107
              		truetrue
                		unknown
                maxcdn.bootstrapcdn.com
                		104.18.11.207
                		truefalse
                  		high
                  www.google.com
                  		142.250.185.228
                  		truefalse
                    		high
                    infosec-iq-na-customer-public.s3.amazonaws.com
                    		unknown
                    		unknownfalse
                      		high
                      securityiq.s3.amazonaws.com
                      		unknown
                      		unknownfalse
                        		unknown
                        logincdn.msftauth.net
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/js/jquery-1.11.3.min.jsfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.cssfalse
                            		high
                            https://office365-com.loginprotected.com/css/phished.8a2460a2c8885a0e.csstrue
                            • Avira URL Cloud: phishing
                            		unknown
                            https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/fullBookmark.pngfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/AudioOff.pngfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/CC.pngfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/BackGround.pngfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Color.pngfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://infosec-iq-na-customer-public.s3.amazonaws.com/brandings/8d9588f5-cb6d-4e37-874e-e3af395dc708-w120xh60.pngfalse
                              		high
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/Play2x.giffalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/clear.pngfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Play.pngfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturemobileicon.pngfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/imgmd.jsonfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://office365-com.loginprotected.com/Account/image/6fbf54d3-1da3-413a-809a-ee92dce94dd3?mw=85&mh=85&local=0&c=491791true
                              • Avira URL Cloud: phishing
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/css/CPLibraryAll.cssfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/ar/993248.mp3false
                              • Avira URL Cloud: safe
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/Play_icon.pngfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img6.jsonfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/searchBtnNormal.pngfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/InnerShadeSmall.pngfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img7.jsonfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/index.htmlfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://office365-com.loginprotected.com/css/data-entry.63c23b0c7d008ec5.csstrue
                              • Avira URL Cloud: phishing
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img1.jsonfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img4.jsonfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/collapseIcon.pngfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://infosec-iq-na-customer-public.s3.amazonaws.com/brandings/8d9588f5-cb6d-4e37-874e-e3af395dc708-w85xh85.pngfalse
                                		high
                                https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/infoClose.pngfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturemobileicon@2x.pngfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://office365-com.loginprotected.com/js/dist/common.b642db49ef199113.jstrue
                                • Avira URL Cloud: phishing
                                		unknown
                                https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/TOC.pngfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://office365-com.loginprotected.com/phished/dataEntered/47677232-3f6e-4ada-9e1b-0dba51f37449true
                                  		unknown
                                  https://logincdn.msftauth.net/shared/1.0/content/images/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svgfalse
                                    		high
                                    https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Glow.pngfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/wor/wo_3437250/wo30116347121171.htmlfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/placeholder.pngfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://office365-com.loginprotected.com/css/project.1d98791b1d2659cb.csstrue
                                    • Avira URL Cloud: phishing
                                    		unknown
                                    https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Pause.pngfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://s3.amazonaws.com/infosec-iq-unlayer-na/1678439158353-logo.pngfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/ar/590884.mp3false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/ar/3362380.mp3false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449true
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/GlowSmall.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/visited.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img2.jsonfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/ccClose.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/ar/993243.mp3false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturetabletimage.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img9.jsonfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/InnerShade.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://securityiq.s3.amazonaws.com/training_modules/NameTemplates/MasterProducedBy.htmlfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://office365-com.loginprotected.com/s3/training_modules/Banners/F0F0F0%20-%201280x95.pngtrue
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img3.jsonfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/searchBtnSelect.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/js/CPXHRLoader.jsfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/playbarScript.jsfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://office365-com.loginprotected.com/favicon.icotrue
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/loader.giffalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/js/CPM.jsfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/go.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Height.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/img_trans.giffalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/blankBookmark.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://office365-com.loginprotected.com/Phished/trackProgress.jsontrue
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/ColorSmall.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/gesturemobilelandscape.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/AudioOn.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/dr/img5.jsonfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://logincdn.msftauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svgfalse
                                        		high
                                        https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/ar/1426213.mp3false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/playbar/PlaybarIcons/Exit.pngfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://office365-com.loginprotected.com/css/base.d6d46c33440dbc6d.csstrue
                                        • Avira URL Cloud: phishing
                                        		unknown
                                        https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/htmlimages/Pause2x.giffalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d2jy5x0e9hfodo.cloudfront.net/training_modules/PhishingInBrief-NA-EN/assets/toc/tocIcons/moreinfo.pngfalse
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://fontawesome.iochromecache_96.3.drfalse
                                          		high
                                          https://logincdn.msftauth.net/shared/1.0/content/images/documentation_bcb4d1dc4eae64f0b2b2538209d843chromecache_197.3.drfalse
                                            		high
                                            https://fontawesome.comchromecache_126.3.dr, chromecache_79.3.drfalse
                                              		high
                                              http://infosecinstitute.comchromecache_192.3.dr, chromecache_121.3.drfalse
                                                		high
                                                https://fontawesome.com/licensechromecache_126.3.dr, chromecache_79.3.drfalse
                                                  		high
                                                  https://infosec-iq-na-customer-public.s3.amazonaws.com/brandings/8d9588f5-cb6d-4e37-874e-e3af395dc70chromecache_128.3.dr, chromecache_134.3.drfalse
                                                    		high
                                                    http://fontawesome.io/licensechromecache_96.3.drfalse
                                                      		high
                                                      https://time.akamai.com/?isochromecache_192.3.dr, chromecache_121.3.drfalse
                                                        		high
                                                        https://github.com/rgrove/lazyload/chromecache_186.3.dr, chromecache_152.3.drfalse
                                                          		high
                                                          https://logincdn.msftauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bchromecache_197.3.drfalse
                                                            		high

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            99.86.1.180
                                                            		d2jy5x0e9hfodo.cloudfront.netUnited States
                                                            		16509AMAZON-02USfalse
                                                            142.250.185.228
                                                            		www.google.comUnited States
                                                            		15169GOOGLEUSfalse
                                                            2.23.209.34
                                                            		e329293.dscd.akamaiedge.netEuropean Union
                                                            		1273CWVodafoneGroupPLCEUfalse
                                                            3.5.21.34
                                                            		unknownUnited States
                                                            		14618AMAZON-AESUSfalse
                                                            3.5.14.149
                                                            		s3.amazonaws.comUnited States
                                                            		14618AMAZON-AESUSfalse
                                                            3.218.11.107
                                                            		office365-com.loginprotected.comUnited States
                                                            		14618AMAZON-AESUStrue
                                                            52.216.57.112
                                                            		unknownUnited States
                                                            		16509AMAZON-02USfalse
                                                            104.18.11.207
                                                            		maxcdn.bootstrapcdn.comUnited States
                                                            		13335CLOUDFLARENETUSfalse
                                                            239.255.255.250
                                                            		unknownReserved
                                                            		unknownunknownfalse
                                                            16.15.176.52
                                                            		s3-w.us-east-1.amazonaws.comUnited States
                                                            		unknownunknownfalse
                                                            16.15.178.33
                                                            		unknownUnited States
                                                            		unknownunknownfalse
                                                            99.86.1.167
                                                            		unknownUnited States
                                                            		16509AMAZON-02USfalse

                                                            Private

                                                            IP
                                                            192.168.2.4
                                                            192.168.2.6

                                                            General Information

                                                            Joe Sandbox version:42.0.0 Malachite
                                                            Analysis ID:1602657
                                                            Start date and time:2025-01-30 01:41:01 +01:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 3m 59s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:browseurl.jbs
                                                            Sample URL:https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449
                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                            Number of analysed new started processes analysed:9
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Detection:MAL
                                                            Classification:mal80.phis.win@20/215@26/14
                                                            EGA Information:Failed
                                                            HCA Information:
                                                            • Successful, ratio: 100%
                                                            • Number of executed functions: 0
                                                            • Number of non-executed functions: 0

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): audiodg.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                            • Excluded IPs from analysis (whitelisted): 74.125.133.84, 216.58.212.142, 172.217.18.3, 142.250.184.238, 216.58.206.78, 216.58.206.46, 142.250.184.234, 142.250.185.106, 142.250.185.170, 142.250.185.234, 142.250.184.202, 142.250.185.138, 172.217.16.202, 216.58.206.42, 142.250.186.170, 172.217.18.106, 172.217.18.10, 216.58.206.74, 142.250.185.74, 172.217.23.106, 142.250.181.234, 142.250.185.202, 142.250.185.163, 2.23.77.188, 199.232.214.172, 142.250.186.78, 142.250.184.206, 142.250.181.238, 142.250.185.174, 142.250.184.227, 34.104.35.123, 142.250.186.110, 13.107.246.44, 2.19.106.160, 20.109.210.53
                                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report size exceeded maximum capacity and may have missing network information.
                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                            • VT rate limit hit for: https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449

                                                            Simulations

                                                            Behavior and APIs

                                                            No simulations