hxxps://assets-usa[.]mkt[.]dynamics[.]com/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/standaloneforms/56e937c9-71d3-ef11-8eea-0022480a45c7

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/01/2025, 19:59 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://assets-usa.mkt.dynamics.com/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/standaloneforms/56e937c9-71d3-ef11-8eea-0022480a45c7

Score

10^/10

microsoft discovery phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1772	msedge.exe
1772	msedge.exe
4024	msedge.exe
4024	msedge.exe
1100	identity_helper.exe
1100	identity_helper.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 4060	4024	msedge.exe	83
PID 4024 wrote to memory of 4060	4024	msedge.exe	83
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 1772	4024	msedge.exe	85
PID 4024 wrote to memory of 1772	4024	msedge.exe	85
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://assets-usa.mkt.dynamics.com/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/standaloneforms/56e937c9-71d3-ef11-8eea-0022480a45c7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd450c46f8,0x7ffd450c4708,0x7ffd450c4718
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5448 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

Network

DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

assets-usa.mkt.dynamics.com

msedge.exe

Remote address:

8.8.8.8:53

Request

assets-usa.mkt.dynamics.com

IN A

Response

assets-usa.mkt.dynamics.com

IN CNAME

assets-mkt-usa.azureedge.net

assets-mkt-usa.azureedge.net

IN CNAME

assets-mkt-usa.afd.azureedge.net

assets-mkt-usa.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
GET

https://assets-usa.mkt.dynamics.com/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/standaloneforms/56e937c9-71d3-ef11-8eea-0022480a45c7

msedge.exe

Remote address:

13.107.246.64:443

Request

GET /a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/standaloneforms/56e937c9-71d3-ef11-8eea-0022480a45c7 HTTP/2.0
host: assets-usa.mkt.dynamics.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 15 Jan 2025 19:59:51 GMT
content-type: text/html
content-length: 568
access-control-allow-origin: *
cache-control: public, max-age=900, must-revalidate
x-ms-trace-id: 5e5105461e70a6169cfeec8bb31d206d
strict-transport-security: max-age=2592000; preload
x-content-type-options: nosniff
x-azure-ref: 20250115T195951Z-r15774cf85d2gdrdhC1LONu0pw0000000180000000010du0
x-fd-int-roxy-purgeid: 82379489
x-cache: TCP_MISS
accept-ranges: bytes
GET

https://assets-usa.mkt.dynamics.com/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/forms/56e937c9-71d3-ef11-8eea-0022480a45c7

msedge.exe

Remote address:

13.107.246.64:443

Request

GET /a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/forms/56e937c9-71d3-ef11-8eea-0022480a45c7 HTTP/2.0
host: assets-usa.mkt.dynamics.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: text/plain
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://assets-usa.mkt.dynamics.com/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/standaloneforms/56e937c9-71d3-ef11-8eea-0022480a45c7
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

date: Wed, 15 Jan 2025 19:59:53 GMT
content-type: text/html
content-length: 548
strict-transport-security: max-age=2592000; preload
x-azure-ref: 20250115T195953Z-r15774cf85d2gdrdhC1LONu0pw0000000180000000010ecv
x-fd-int-roxy-purgeid: 82379489
x-cache: TCP_MISS
GET

https://assets-usa.mkt.dynamics.com/favicon.ico

msedge.exe

Remote address:

13.107.246.64:443

Request

GET /favicon.ico HTTP/2.0
host: assets-usa.mkt.dynamics.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://assets-usa.mkt.dynamics.com/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/standaloneforms/56e937c9-71d3-ef11-8eea-0022480a45c7
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 15 Jan 2025 19:59:54 GMT
content-type: text/html
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=900, must-revalidate
x-ms-trace-id: 2d813f6c9a7ee8375b3049efdf245014
strict-transport-security: max-age=2592000; preload
x-content-type-options: nosniff
x-azure-ref: 20250115T195953Z-r15774cf85d2gdrdhC1LONu0pw0000000180000000010ecu
x-fd-int-roxy-purgeid: 82379489
x-cache: TCP_MISS
content-encoding: br
DNS

cxppusa1formui01cdnsa01-endpoint.azureedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

cxppusa1formui01cdnsa01-endpoint.azureedge.net

IN A

Response

cxppusa1formui01cdnsa01-endpoint.azureedge.net

IN CNAME

cxppusa1formui01cdnsa01-endpoint.afd.azureedge.net

cxppusa1formui01cdnsa01-endpoint.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
GET

https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js

msedge.exe

Remote address:

13.107.246.64:443

Request

GET /usa/FormLoader/FormLoader.bundle.js HTTP/2.0
host: cxppusa1formui01cdnsa01-endpoint.azureedge.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://assets-usa.mkt.dynamics.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 15 Jan 2025 19:59:52 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Dec 2024 15:45:13 GMT
x-ms-request-id: 043255de-d01e-00a6-3b41-672e4a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
x-azure-ref: 20250115T195952Z-r15774cf85dfjmxjhC1LON3ytw000000017g00000001kte0
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
content-encoding: br
DNS

64.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR

Response
DNS

16.43.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.43.107.13.in-addr.arpa

IN PTR

Response
DNS

60.153.16.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

60.153.16.2.in-addr.arpa

IN PTR

Response

60.153.16.2.in-addr.arpa

IN PTR

a2-16-153-60deploystaticakamaitechnologiescom
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

Response
DNS

167.173.78.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.173.78.104.in-addr.arpa

IN PTR

Response

167.173.78.104.in-addr.arpa

IN PTR

a104-78-173-167deploystaticakamaitechnologiescom
GET

https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/public/locales/en-us/translation.json

msedge.exe

Remote address:

13.107.246.64:443

Request

GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/2.0
host: cxppusa1formui01cdnsa01-endpoint.azureedge.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://assets-usa.mkt.dynamics.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://assets-usa.mkt.dynamics.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 15 Jan 2025 19:59:53 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 18 Dec 2024 15:45:14 GMT
x-ms-request-id: ca8e5e05-001e-009f-4b7e-64f94d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
x-azure-ref: 20250115T195953Z-r15774cf85dtlfsvhC1LONsqeg00000001c000000000r2rc
x-fd-int-roxy-purgeid: 81225815
x-cache: TCP_HIT
content-encoding: br
DNS

public-usa.mkt.dynamics.com

msedge.exe

Remote address:

8.8.8.8:53

Request

public-usa.mkt.dynamics.com

IN A

Response

public-usa.mkt.dynamics.com

IN CNAME

cxppusa1im4t7x7z5iubq.trafficmanager.net

cxppusa1im4t7x7z5iubq.trafficmanager.net

IN CNAME

public-prdia888eus0aks.mkt.dynamics.com

public-prdia888eus0aks.mkt.dynamics.com

IN CNAME

prdia888eus0aks.mkt.dynamics.com

prdia888eus0aks.mkt.dynamics.com

IN A

52.146.76.30
OPTIONS

https://public-usa.mkt.dynamics.com/api/v1.0/orgs/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/landingpageforms/forms/56e937c9-71d3-ef11-8eea-0022480a45c7/visits

msedge.exe

Remote address:

52.146.76.30:443

Request

OPTIONS /api/v1.0/orgs/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/landingpageforms/forms/56e937c9-71d3-ef11-8eea-0022480a45c7/visits HTTP/1.1
Host: public-usa.mkt.dynamics.com
Connection: keep-alive
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://assets-usa.mkt.dynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Wed, 15 Jan 2025 19:59:54 GMT
Connection: keep-alive
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: https://assets-usa.mkt.dynamics.com
x-ms-trace-id: be533b77aa79445623abb441836021b2
Strict-Transport-Security: max-age=2592000; preload
x-content-type-options: nosniff
POST

https://public-usa.mkt.dynamics.com/api/v1.0/orgs/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/landingpageforms/forms/56e937c9-71d3-ef11-8eea-0022480a45c7/visits

msedge.exe

Remote address:

52.146.76.30:443

Request

POST /api/v1.0/orgs/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/landingpageforms/forms/56e937c9-71d3-ef11-8eea-0022480a45c7/visits HTTP/1.1
Host: public-usa.mkt.dynamics.com
Connection: keep-alive
Content-Length: 153
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
Accept: application/json
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: application/json
Origin: https://assets-usa.mkt.dynamics.com
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 15 Jan 2025 19:59:54 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://assets-usa.mkt.dynamics.com
x-ms-trace-id: d4197ceb2998a4f4451e2ce6383e7591
Strict-Transport-Security: max-age=2592000; preload
x-content-type-options: nosniff
OPTIONS

https://public-usa.mkt.dynamics.com/api/v1.0/orgs/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/landingpageforms/forms/56e937c9-71d3-ef11-8eea-0022480a45c7

msedge.exe

Remote address:

52.146.76.30:443

Request

OPTIONS /api/v1.0/orgs/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/landingpageforms/forms/56e937c9-71d3-ef11-8eea-0022480a45c7 HTTP/1.1
Host: public-usa.mkt.dynamics.com
Connection: keep-alive
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://assets-usa.mkt.dynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Wed, 15 Jan 2025 19:59:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: https://assets-usa.mkt.dynamics.com
x-ms-trace-id: a6f4c3b57157715c14fbf083acbc2f21
Strict-Transport-Security: max-age=2592000; preload
x-content-type-options: nosniff
POST

https://public-usa.mkt.dynamics.com/api/v1.0/orgs/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/landingpageforms/forms/56e937c9-71d3-ef11-8eea-0022480a45c7

msedge.exe

Remote address:

52.146.76.30:443

Request

POST /api/v1.0/orgs/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/landingpageforms/forms/56e937c9-71d3-ef11-8eea-0022480a45c7 HTTP/1.1
Host: public-usa.mkt.dynamics.com
Connection: keep-alive
Content-Length: 208
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
Accept: application/json
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: application/json
Origin: https://assets-usa.mkt.dynamics.com
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 15 Jan 2025 19:59:56 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://assets-usa.mkt.dynamics.com
x-ms-trace-id: 568d7a0d8326b94e40f9ff148ee29829
Strict-Transport-Security: max-age=2592000; preload
x-content-type-options: nosniff
DNS

30.76.146.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.76.146.52.in-addr.arpa

IN PTR

Response
DNS

meheff.56-ytgfjsdfghjkn.icu

msedge.exe

Remote address:

8.8.8.8:53

Request

meheff.56-ytgfjsdfghjkn.icu

IN A

Response

meheff.56-ytgfjsdfghjkn.icu

IN A

2.56.246.76
GET

https://meheff.56-ytgfjsdfghjkn.icu/iVmcjYqP

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /iVmcjYqP HTTP/1.1
Host: meheff.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Connection: close
Content-Type: text/html
Location: https://mejeff.56-ytgfjsdfghjkn.icu/owa/
Set-Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231; Path=/; Domain=56-ytgfjsdfghjkn.icu; Expires=Wed, 15 Jan 2025 20:59:57 GMT; Max-Age=3600
Transfer-Encoding: chunked
DNS

mejeff.56-ytgfjsdfghjkn.icu

msedge.exe

Remote address:

8.8.8.8:53

Request

mejeff.56-ytgfjsdfghjkn.icu

IN A

Response

mejeff.56-ytgfjsdfghjkn.icu

IN A

2.56.246.76
GET

https://mejeff.56-ytgfjsdfghjkn.icu/owa/

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /owa/ HTTP/1.1
Host: mejeff.56-ytgfjsdfghjkn.icu
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 302

Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
Connection: close
Content-Type: text/html; charset=utf-8
Date: Wed, 15 Jan 2025 19:59:56 GMT
Location: https://ocprq.56-ytgfjsdfghjkn.icu/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=48ff5173-e6e3-587b-b9c8-2dae136bfc05&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638725679976010374.387b5f4c-c947-4f69-a9c5-785e9d675fa5&state=DYtBEoAgDMSKjs-poLRd-hxEuXr0-_aQHDKTRERrsASphAhWG041uMPKUSpkj3LplMHDBSzTnLsPZTR9_Dbo7Jri3fL79fwD
Nel: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
P3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Report-To: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=FRA&RemoteIP=2a0e:97c0:3ea::&Environment=MT"}],"include_subdomains":true}
Request-Id: 48ff5173-e6e3-587b-b9c8-2dae136bfc05
Server: Microsoft-IIS/10.0
Set-Cookie: ClientId=D4D9153759314DE89D23CCD4BBBEA95F; Path=/; Expires=Thu, 15 Jan 2026 19:59:57 GMT; Secure; SameSite=None
Set-Cookie: ClientId=D4D9153759314DE89D23CCD4BBBEA95F; Path=/; Expires=Thu, 15 Jan 2026 19:59:57 GMT; Secure; SameSite=None
Set-Cookie: OIDC=1; Path=/; Expires=Tue, 15 Jul 2025 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: RoutingKeyCookie=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.token.v1=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.token.v1=; Path=/; Domain=mejeff.56-ytgfjsdfghjkn.icu; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.id_token.v1=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.code.v1=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.idp_nonce.v1=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.idp_correlation_id=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.tokenPostPath=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.id_token.v1=; Path=/; Domain=mejeff.56-ytgfjsdfghjkn.icu; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.code.v1=; Path=/; Domain=mejeff.56-ytgfjsdfghjkn.icu; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.idp_nonce.v1=; Path=/; Domain=mejeff.56-ytgfjsdfghjkn.icu; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.idp_correlation_id=; Path=/; Domain=mejeff.56-ytgfjsdfghjkn.icu; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.tokenPostPath=; Path=/; Domain=mejeff.56-ytgfjsdfghjkn.icu; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.nonce.v3.kfSDnBa80ph6mj50TMrbBnD5XjUwRf5C-MPh0SCuflg=638725679976010374.387b5f4c-c947-4f69-a9c5-785e9d675fa5; Path=/; Expires=Wed, 15 Jan 2025 20:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: HostSwitchPrg=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OptInPrg=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: SuiteServiceProxyKey=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: ClientId=D4D9153759314DE89D23CCD4BBBEA95F; Path=/; Expires=Thu, 15 Jan 2026 19:59:57 GMT; Secure; SameSite=None
Set-Cookie: OIDC=1; Path=/; Expires=Tue, 15 Jul 2025 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: RoutingKeyCookie=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.token.v1=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.token.v1=; Path=/; Domain=mejeff.56-ytgfjsdfghjkn.icu; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.id_token.v1=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.code.v1=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.idp_nonce.v1=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.idp_correlation_id=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.tokenPostPath=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.id_token.v1=; Path=/; Domain=mejeff.56-ytgfjsdfghjkn.icu; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.code.v1=; Path=/; Domain=mejeff.56-ytgfjsdfghjkn.icu; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.idp_nonce.v1=; Path=/; Domain=mejeff.56-ytgfjsdfghjkn.icu; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.idp_correlation_id=; Path=/; Domain=mejeff.56-ytgfjsdfghjkn.icu; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.tokenPostPath=; Path=/; Domain=mejeff.56-ytgfjsdfghjkn.icu; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OpenIdConnect.nonce.v3.kfSDnBa80ph6mj50TMrbBnD5XjUwRf5C-MPh0SCuflg=638725679976010374.387b5f4c-c947-4f69-a9c5-785e9d675fa5; Path=/; Expires=Wed, 15 Jan 2025 20:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: HostSwitchPrg=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: OptInPrg=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: SuiteServiceProxyKey=; Path=/; Expires=Sun, 15 Jan 1995 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: X-OWA-RedirectHistory=ArLym14B0DLmL5813Qg; Path=/; Expires=Thu, 16 Jan 2025 02:01:57 GMT; HttpOnly; Secure; SameSite=None
Transfer-Encoding: chunked
X-Backend-Begin: 2025-01-15T19:59:57.601
X-Backend-End: 2025-01-15T19:59:57.616
X-Backendhttpstatus: 302
X-Backendhttpstatus: 302
X-Beserver: BE1P281MB3318
X-Besku: WCS7
X-Calculatedbetarget: BE1P281MB3318.DEUP281.PROD.OUTLOOK.COM
X-Calculatedfetarget: BE1P281CU024.internal.outlook.com
X-Diaginfo: BE1P281MB3318
X-Feefzinfo: FRA
X-Feproxyinfo: FR4P281CA0324.DEUP281.PROD.OUTLOOK.COM
X-Feserver: BE1P281CA0313
X-Feserver: FR4P281CA0324
X-Firsthopcafeefz: FRA
X-Owa-Diagnosticsinfo: 5;0;0;
X-Proxy-Backendserverstatus: 302
X-Proxy-Routingcorrectness: 1
X-Responseorigin: OwaAppPool
X-Rum-Notupdatequerieddbcopy: 1
X-Rum-Notupdatequeriedpath: 1
X-Rum-Validated: 1
X-Ua-Compatible: IE=EmulateIE7
DNS

ocprq.56-ytgfjsdfghjkn.icu

msedge.exe

Remote address:

8.8.8.8:53

Request

ocprq.56-ytgfjsdfghjkn.icu

IN A

Response

ocprq.56-ytgfjsdfghjkn.icu

IN A

2.56.246.76
GET

https://ocprq.56-ytgfjsdfghjkn.icu/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=48ff5173-e6e3-587b-b9c8-2dae136bfc05&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638725679976010374.387b5f4c-c947-4f69-a9c5-785e9d675fa5&state=DYtBEoAgDMSKjs-poLRd-hxEuXr0-_aQHDKTRERrsASphAhWG041uMPKUSpkj3LplMHDBSzTnLsPZTR9_Dbo7Jri3fL79fwD

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=48ff5173-e6e3-587b-b9c8-2dae136bfc05&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638725679976010374.387b5f4c-c947-4f69-a9c5-785e9d675fa5&state=DYtBEoAgDMSKjs-poLRd-hxEuXr0-_aQHDKTRERrsASphAhWG041uMPKUSpkj3LplMHDBSzTnLsPZTR9_Dbo7Jri3fL79fwD HTTP/1.1
Host: ocprq.56-ytgfjsdfghjkn.icu
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Cache-Control: no-store, no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Date: Wed, 15 Jan 2025 19:59:57 GMT
Expires: -1
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
Set-Cookie: buid=1.AUgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAABIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEpbsOLeO7Gfh475YrsiuGbW0Q-QjuOfGrfwPgYgyeEXJmeBOlHo8jaRoHk_09TCtChge6jyYajh-G6FnVZn5obkR0OS8o9shGu4_wzu_lEecgAA; Path=/; Expires=Fri, 14 Feb 2025 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE0jfgsDCbU1E5eJpBZABG2iS9tIxlNo3T3rl1xqPlA5vzo-ZzUZszrESDfoQ_eLpTm7YZR2WzQ81buA9uvzyXqGxbxpPHswIijLYh50Ww0He-OTuOE9irbDPMhOgVRfxYPaXJUFAaaKKvRCYDfMLAz1X9k5kj76xZj-iCXwk96xogAA; Path=/; Domain=ocprq.56-ytgfjsdfghjkn.icu; HttpOnly; Secure; SameSite=None
Set-Cookie: esctx-oiCel2EouD4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEXm_CWS6i6wCjWTq5CafQ_iv6kN7XLS8iBAbFJLMrJTgB_nUdrJBCBwgCywd-xWJX1lragpkIL3bXwAoFpyQh7BxjxcV49k95gRUT-qPTqorPxOTTY54uxZwI701ROMkN9ktMBkeuba0hAlMtiQo-PCAA; Path=/; Domain=ocprq.56-ytgfjsdfghjkn.icu; HttpOnly; Secure; SameSite=None
Set-Cookie: fpc=Ahgau1fvczxFhKkh2GhW3mqerOTJAQAAAL0KGt8OAAAA; Path=/; Expires=Fri, 14 Feb 2025 19:59:57 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=None
Set-Cookie: stsservicecookie=estsfd; Path=/; HttpOnly; Secure; SameSite=None
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Dns-Prefetch-Control: on
X-Ms-Ests-Server: 2.1.19870.3 - FRC ProdSlices
X-Ms-Request-Id: f01aafe2-ec3d-4a57-801c-f8b6e030be00
X-Ms-Srs: 1.P
DNS

aadcdn.msauth.net

msedge.exe

Remote address:

8.8.8.8:53

Request

aadcdn.msauth.net

IN A

Response

aadcdn.msauth.net

IN CNAME

aadcdnoriginwus2.azureedge.net

aadcdnoriginwus2.azureedge.net

IN CNAME

aadcdnoriginwus2.afd.azureedge.net

aadcdnoriginwus2.afd.azureedge.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

76.246.56.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.246.56.2.in-addr.arpa

IN PTR

Response

76.246.56.2.in-addr.arpa

IN PTR

�
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

aadcdn.msftauth.net

msedge.exe

Remote address:

8.8.8.8:53

Request

aadcdn.msftauth.net

IN A

Response

aadcdn.msftauth.net

IN CNAME

www.tm.aadcdn.msftauth.trafficmanager.net

www.tm.aadcdn.msftauth.trafficmanager.net

IN CNAME

aadcdn.msftauth.edgekey.net

aadcdn.msftauth.edgekey.net

IN CNAME

e329293.dscd.akamaiedge.net

e329293.dscd.akamaiedge.net

IN A

184.28.198.9

e329293.dscd.akamaiedge.net

IN A

95.101.143.240
DNS

jrhte.56-ytgfjsdfghjkn.icu

msedge.exe

Remote address:

8.8.8.8:53

Request

jrhte.56-ytgfjsdfghjkn.icu

IN A

Response

jrhte.56-ytgfjsdfghjkn.icu

IN A

2.56.246.76
DNS

htejre.56-ytgfjsdfghjkn.icu

msedge.exe

Remote address:

8.8.8.8:53

Request

htejre.56-ytgfjsdfghjkn.icu

IN A

Response

htejre.56-ytgfjsdfghjkn.icu

IN A

2.56.246.76
GET

https://jrhte.56-ytgfjsdfghjkn.icu/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1
Host: jrhte.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: style
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
Connection: close
Content-Type: text/css
Date: Wed, 15 Jan 2025 19:59:58 GMT
Etag: 0x8DCFFB21E496F3A
Last-Modified: Fri, 08 Nov 2024 04:59:25 GMT
Transfer-Encoding: chunked
X-Azure-Ref: 20250115T195958Z-15dc79b66595zcckhC1FRA1nrc00000001u0000000000zee
X-Cache: TCP_HIT
X-Fd-Int-Roxy-Purgeid: 0
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: e26b925b-801e-0075-21d3-66a87a000000
X-Ms-Version: 2009-09-19
GET

https://jrhte.56-ytgfjsdfghjkn.icu/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_v20ia-gahguvu2fgvxamhg2.js

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_v20ia-gahguvu2fgvxamhg2.js HTTP/1.1
Host: jrhte.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
Connection: close
Content-Type: application/x-javascript
Date: Wed, 15 Jan 2025 19:59:58 GMT
Etag: 0x8DD1642AD75BC4E
Last-Modified: Fri, 06 Dec 2024 22:09:39 GMT
Transfer-Encoding: chunked
X-Azure-Ref: 20250115T195958Z-179c7d47f7c7npr7hC1FRAtqg000000007hg000000005m7n
X-Cache: TCP_HIT
X-Fd-Int-Roxy-Purgeid: 0
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: 33082355-f01e-003a-13a1-65ae91000000
X-Ms-Version: 2009-09-19
GET

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/js/ConvergedLogin_PCore_n7VKwtWYm2mBLcIKAZfQlw2.js

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /shared/1.0/content/js/ConvergedLogin_PCore_n7VKwtWYm2mBLcIKAZfQlw2.js HTTP/1.1
Host: jrhte.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
Connection: close
Content-Type: application/x-javascript
Date: Wed, 15 Jan 2025 19:59:58 GMT
Etag: 0x8DD1AF4ADA1D4EB
Last-Modified: Thu, 12 Dec 2024 21:33:54 GMT
Transfer-Encoding: chunked
X-Azure-Ref: 20250115T195958Z-15dc79b66595t7mchC1FRAkbmw00000007dg00000000cz9m
X-Cache: TCP_HIT
X-Fd-Int-Roxy-Purgeid: 4554691
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: aafc1bcd-901e-0037-76a7-652e57000000
X-Ms-Version: 2009-09-19
DNS

hrvetbr.56-ytgfjsdfghjkn.icu

msedge.exe

Remote address:

8.8.8.8:53

Request

hrvetbr.56-ytgfjsdfghjkn.icu

IN A

Response

hrvetbr.56-ytgfjsdfghjkn.icu

IN A

2.56.246.76
GET

https://hrvetbr.56-ytgfjsdfghjkn.icu/Me.htm?v=3

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /Me.htm?v=3 HTTP/1.1
Host: hrvetbr.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
Purpose: prefetch
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Cache-Control: max-age=315360000
Connection: close
Content-Type: text/html; charset=utf-8
Date: Wed, 15 Jan 2025 19:59:58 GMT
Expires: Sat, 13 Jan 2035 19:59:58 GMT
P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
Ppserver: PPV: 30 H: BL02EPF00027B69 V: 0
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: uaid=b0a84f2db93b41dcb79aa8b85bdac600; Path=/; Domain=hrvetbr.56-ytgfjsdfghjkn.icu; HttpOnly; Secure; SameSite=None
Set-Cookie: MSPRequ=id=N&lt=1736971198&co=1; Path=/; Domain=hrvetbr.56-ytgfjsdfghjkn.icu; HttpOnly; Secure; SameSite=None
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Ms-Request-Id: 8197041f-6ede-49b4-8c6f-18baeb86343d
X-Ms-Route-Info: C558_BL2
GET

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1
Host: jrhte.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
Connection: close
Content-Type: application/x-javascript
Date: Wed, 15 Jan 2025 19:59:59 GMT
Etag: 0x8DB5D44A8CEE4F4
Last-Modified: Thu, 25 May 2023 17:22:47 GMT
Transfer-Encoding: chunked
X-Azure-Ref: 20250115T195959Z-15dc79b66595zcckhC1FRA1nrc00000001u0000000000zfd
X-Cache: TCP_HIT
X-Fd-Int-Roxy-Purgeid: 0
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: 84074fe6-201e-0064-0e9a-654571000000
X-Ms-Version: 2009-09-19
GET

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_510f960da65b56e0607c.js

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_510f960da65b56e0607c.js HTTP/1.1
Host: jrhte.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
Connection: close
Content-Type: application/x-javascript
Date: Wed, 15 Jan 2025 19:59:59 GMT
Etag: 0x8DD156EE6A82756
Last-Modified: Thu, 05 Dec 2024 20:53:41 GMT
Transfer-Encoding: chunked
X-Azure-Ref: 20250115T195959Z-15dc79b66595zcckhC1FRA1nrc00000001u0000000000zhn
X-Cache: TCP_HIT
X-Fd-Int-Roxy-Purgeid: 0
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: 7c7b842d-801e-0076-54b8-6576b3000000
X-Ms-Version: 2009-09-19
GET

https://mejeff.56-ytgfjsdfghjkn.icu/owa/prefetch.aspx

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /owa/prefetch.aspx HTTP/1.1
Host: mejeff.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231; ClientId=D4D9153759314DE89D23CCD4BBBEA95F; OIDC=1; OpenIdConnect.nonce.v3.kfSDnBa80ph6mj50TMrbBnD5XjUwRf5C-MPh0SCuflg=638725679976010374.387b5f4c-c947-4f69-a9c5-785e9d675fa5; X-OWA-RedirectHistory=ArLym14B0DLmL5813Qg

Response

HTTP/1.1 200 OK

Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
Cache-Control: private, no-store
Connection: close
Content-Type: text/html; charset=utf-8
Date: Wed, 15 Jan 2025 19:59:58 GMT
Nel: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
Report-To: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=FRA&RemoteIP=2a0e:97c0:3ea::&Environment=MT"}],"include_subdomains":true}
Request-Id: 71a23b47-c86c-1263-7ead-fbfbd0efe804
Server: Microsoft-IIS/10.0
Set-Cookie: OWAPF=v:15.20.8356.14&l:mouse; Path=/; HttpOnly; Secure
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Backend-Begin: 2025-01-15T19:59:59.554
X-Backend-End: 2025-01-15T19:59:59.554
X-Backendhttpstatus: 200
X-Backendhttpstatus: 200
X-Beserver: BEZP281MB1912
X-Besku: WCS6
X-Calculatedbetarget: BEZP281MB1912.DEUP281.PROD.OUTLOOK.COM
X-Calculatedfetarget: BE1P281CU008.internal.outlook.com
X-Diaginfo: BEZP281MB1912
X-Feefzinfo: FRA
X-Feproxyinfo: FR4P281CA0324.DEUP281.PROD.OUTLOOK.COM
X-Feserver: BE1P281CA0062
X-Feserver: FR4P281CA0324
X-Firsthopcafeefz: FRA
X-Owa-Diagnosticsinfo: 5;0;0;
X-Owa-Version: 15.20.8356.10
X-Proxy-Backendserverstatus: 200
X-Proxy-Routingcorrectness: 1
X-Responseorigin: OwaAppPool
X-Rum-Notupdatequerieddbcopy: 1
X-Rum-Notupdatequeriedpath: 1
X-Rum-Validated: 1
X-Ua-Compatible: IE=EmulateIE7
DNS

r4.res.office365.com

msedge.exe

Remote address:

8.8.8.8:53

Request

r4.res.office365.com

IN A

Response

r4.res.office365.com

IN CNAME

r4.res.office365.com.edgekey.net

r4.res.office365.com.edgekey.net

IN CNAME

e40491.dscg.akamaiedge.net

e40491.dscg.akamaiedge.net

IN A

184.28.198.137

e40491.dscg.akamaiedge.net

IN A

184.28.198.96

e40491.dscg.akamaiedge.net

IN A

184.28.198.105

e40491.dscg.akamaiedge.net

IN A

184.28.198.131
GET

https://r4.res.office365.com/owa/prem/15.20.8356.14/scripts/boot.worldwide.0.mouse.js

msedge.exe

Remote address:

184.28.198.137:443

Request

GET /owa/prem/15.20.8356.14/scripts/boot.worldwide.0.mouse.js HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://mejeff.56-ytgfjsdfghjkn.icu/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: application/x-javascript
last-modified: Tue, 08 Oct 2024 23:14:20 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 179692
cache-control: public,max-age=630720000, s-maxage=630720000
date: Wed, 15 Jan 2025 19:59:59 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://r4.res.office365.com/owa/prem/15.20.8356.14/scripts/boot.worldwide.1.mouse.js

msedge.exe

Remote address:

184.28.198.137:443

Request

GET /owa/prem/15.20.8356.14/scripts/boot.worldwide.1.mouse.js HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://mejeff.56-ytgfjsdfghjkn.icu/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: application/x-javascript
last-modified: Tue, 08 Oct 2024 23:14:13 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 163064
cache-control: public,max-age=630720000, s-maxage=630720000
date: Wed, 15 Jan 2025 19:59:59 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://r4.res.office365.com/owa/prem/15.20.8356.14/scripts/boot.worldwide.2.mouse.js

msedge.exe

Remote address:

184.28.198.137:443

Request

GET /owa/prem/15.20.8356.14/scripts/boot.worldwide.2.mouse.js HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://mejeff.56-ytgfjsdfghjkn.icu/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: application/x-javascript
last-modified: Tue, 08 Oct 2024 23:14:20 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 169666
cache-control: public,max-age=630720000, s-maxage=630720000
date: Wed, 15 Jan 2025 19:59:59 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://r4.res.office365.com/owa/prem/15.20.8356.14/scripts/boot.worldwide.3.mouse.js

msedge.exe

Remote address:

184.28.198.137:443

Request

GET /owa/prem/15.20.8356.14/scripts/boot.worldwide.3.mouse.js HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://mejeff.56-ytgfjsdfghjkn.icu/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: application/x-javascript
last-modified: Tue, 08 Oct 2024 23:14:14 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 145599
cache-control: public,max-age=630720000, s-maxage=630720000
date: Wed, 15 Jan 2025 20:00:00 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://r4.res.office365.com/owa/prem/15.20.8356.14/resources/images/0/sprite1.mouse.png

msedge.exe

Remote address:

184.28.198.137:443

Request

GET /owa/prem/15.20.8356.14/resources/images/0/sprite1.mouse.png HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://mejeff.56-ytgfjsdfghjkn.icu/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-length: 132
content-type: image/png
last-modified: Tue, 08 Oct 2024 23:24:14 GMT
server: AkamaiNetStorage
cache-control: public,max-age=630720000, s-maxage=630720000
date: Wed, 15 Jan 2025 20:00:00 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://r4.res.office365.com/owa/prem/15.20.8356.14/resources/images/0/sprite1.mouse.css

msedge.exe

Remote address:

184.28.198.137:443

Request

GET /owa/prem/15.20.8356.14/resources/images/0/sprite1.mouse.css HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://mejeff.56-ytgfjsdfghjkn.icu/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: text/css
last-modified: Tue, 08 Oct 2024 23:24:12 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 288
cache-control: public,max-age=630720000, s-maxage=630720000
date: Wed, 15 Jan 2025 20:00:00 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://r4.res.office365.com/owa/prem/15.20.8356.14/resources/styles/0/boot.worldwide.mouse.css

msedge.exe

Remote address:

184.28.198.137:443

Request

GET /owa/prem/15.20.8356.14/resources/styles/0/boot.worldwide.mouse.css HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://mejeff.56-ytgfjsdfghjkn.icu/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: text/css
last-modified: Tue, 08 Oct 2024 23:24:42 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 44144
cache-control: public,max-age=630720000, s-maxage=630720000
date: Wed, 15 Jan 2025 20:00:00 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
DNS

137.198.28.184.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.198.28.184.in-addr.arpa

IN PTR

Response

137.198.28.184.in-addr.arpa

IN PTR

a184-28-198-137deploystaticakamaitechnologiescom
GET

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg HTTP/1.1
Host: jrhte.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
Connection: close
Content-Type: image/jpeg
Date: Wed, 15 Jan 2025 20:00:00 GMT
Etag: 0x8DB5C3F457E15E1
Last-Modified: Wed, 24 May 2023 10:11:42 GMT
Transfer-Encoding: chunked
X-Azure-Ref: 20250115T200000Z-15dc79b66595zcckhC1FRA1nrc00000001u0000000000zkq
X-Cache: TCP_HIT
X-Fd-Int-Roxy-Purgeid: 0
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: 0bd51124-401e-000b-78a6-650790000000
X-Ms-Version: 2009-09-19
GET

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png HTTP/1.1
Host: jrhte.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
Connection: close
Content-Type: image/png
Date: Wed, 15 Jan 2025 20:00:00 GMT
Etag: 0x8DB5C3F475BAFC0
Last-Modified: Wed, 24 May 2023 10:11:45 GMT
Transfer-Encoding: chunked
X-Azure-Ref: 20250115T200000Z-179c7d47f7c7npr7hC1FRAtqg000000007hg000000005mbk
X-Cache: TCP_REMOTE_HIT
X-Cache-Info: L2_T2
X-Fd-Int-Roxy-Purgeid: 0
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: 3a02a509-f01e-0048-3a83-67a9de000000
X-Ms-Version: 2009-09-19
GET

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg HTTP/1.1
Host: jrhte.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
Connection: close
Content-Type: image/jpeg
Date: Wed, 15 Jan 2025 20:00:00 GMT
Etag: 0x8DB5C3F4584F323
Last-Modified: Wed, 24 May 2023 10:11:42 GMT
Transfer-Encoding: chunked
X-Azure-Ref: 20250115T200000Z-15dc79b66595zcckhC1FRA1nrc00000001u0000000000zkr
X-Cache: TCP_HIT
X-Cache-Info: L1_T2
X-Fd-Int-Roxy-Purgeid: 0
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: 8a5e2a7f-c01e-0016-3ea1-653581000000
X-Ms-Version: 2009-09-19
GET

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: jrhte.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
Connection: close
Content-Type: image/x-icon
Date: Wed, 15 Jan 2025 20:00:00 GMT
Etag: 0x8D8731230C851A6
Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT
Transfer-Encoding: chunked
X-Azure-Ref: 20250115T200000Z-15dc79b66595zcckhC1FRA1nrc00000001u0000000000zks
X-Cache: TCP_HIT
X-Fd-Int-Roxy-Purgeid: 0
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: 043dce52-b01e-0041-329a-659bb2000000
X-Ms-Version: 2009-09-19
GET

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1
Host: jrhte.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
Connection: close
Content-Type: image/svg+xml
Date: Wed, 15 Jan 2025 20:00:00 GMT
Etag: 0x8DB5C3F4911527F
Last-Modified: Wed, 24 May 2023 10:11:48 GMT
Transfer-Encoding: chunked
X-Azure-Ref: 20250115T200000Z-15dc79b66595zcckhC1FRA1nrc00000001u0000000000zkt
X-Cache: TCP_HIT
X-Fd-Int-Roxy-Purgeid: 0
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: 14d1d01f-f01e-0031-2db8-651de8000000
X-Ms-Version: 2009-09-19
DNS

www.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
DNS

privacy.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

privacy.microsoft.com

IN A

Response

privacy.microsoft.com

IN CNAME

privacy.microsoft.com.edgekey.net

privacy.microsoft.com.edgekey.net

IN CNAME

e13678.dspb.akamaiedge.net

e13678.dspb.akamaiedge.net

IN A

95.100.245.144
GET

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_cc2c59f5ef2c09e14b08.js

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_cc2c59f5ef2c09e14b08.js HTTP/1.1
Host: jrhte.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
Connection: close
Content-Type: application/x-javascript
Date: Wed, 15 Jan 2025 20:00:00 GMT
Etag: 0x8DD05A5479BC1A5
Last-Modified: Fri, 15 Nov 2024 18:42:38 GMT
Transfer-Encoding: chunked
X-Azure-Ref: 20250115T200000Z-15dc79b6659khswphC1FRAfy1c000000020g00000000a9n6
X-Cache: TCP_HIT
X-Fd-Int-Roxy-Purgeid: 0
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: 3a2a74bb-b01e-0041-060f-679bb2000000
X-Ms-Version: 2009-09-19
GET

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg

msedge.exe

Remote address:

2.56.246.76:443

Request

GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1
Host: jrhte.56-ytgfjsdfghjkn.icu
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ocprq.56-ytgfjsdfghjkn.icu/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whmx=2c55949b837e2438a7add749862c787a6a5f9ce0c9f3dcd6e6f38085410dd231

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
Connection: close
Content-Type: image/svg+xml
Date: Wed, 15 Jan 2025 20:00:00 GMT
Etag: 0x8DB5C3F49ED96E0
Last-Modified: Wed, 24 May 2023 10:11:49 GMT
Transfer-Encoding: chunked
X-Azure-Ref: 20250115T200000Z-15dc79b6659khswphC1FRAfy1c000000020g00000000a9nw
X-Cache: TCP_HIT
X-Fd-Int-Roxy-Purgeid: 0
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: f79991c4-601e-0052-5cc3-65bfbe000000
X-Ms-Version: 2009-09-19
DNS

200.163.202.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.163.202.172.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

99.117.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.117.19.2.in-addr.arpa

IN PTR

Response

99.117.19.2.in-addr.arpa

IN PTR

a2-19-117-99deploystaticakamaitechnologiescom
DNS

eu-mobile.events.data.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

eu-mobile.events.data.microsoft.com

IN A

Response

eu-mobile.events.data.microsoft.com

IN CNAME

eu.events.data.trafficmanager.net

eu.events.data.trafficmanager.net

IN CNAME

onedscolprdweu00.westeurope.cloudapp.azure.com

onedscolprdweu00.westeurope.cloudapp.azure.com

IN A

13.69.109.130
OPTIONS

https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

msedge.exe

Remote address:

13.69.109.130:443

Request

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: eu-mobile.events.data.microsoft.com
accept: */*
access-control-request-method: POST
access-control-request-headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
origin: https://ocprq.56-ytgfjsdfghjkn.icu
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://ocprq.56-ytgfjsdfghjkn.icu/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, 3600
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://ocprq.56-ytgfjsdfghjkn.icu
date: Wed, 15 Jan 2025 20:01:01 GMT
POST

https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

msedge.exe

Remote address:

13.69.109.130:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: eu-mobile.events.data.microsoft.com
content-length: 1689
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1736971260603
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.6
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: use-collector-delta
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951
client-id: NO_AUTH
accept: */*
origin: https://ocprq.56-ytgfjsdfghjkn.icu
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://ocprq.56-ytgfjsdfghjkn.icu/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 153
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=2e84e8efc4f646f3abaf55a6a1262a60&HASH=2e84&LV=202501&V=4&LU=1736971261431; Domain=.microsoft.com; Expires=Thu, 15 Jan 2026 20:01:01 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=6db2bfb8d2374cc3bb3a07edc988e77b; Domain=.microsoft.com; Expires=Wed, 15 Jan 2025 20:31:01 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 828
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://ocprq.56-ytgfjsdfghjkn.icu
access-control-expose-headers: time-delta-millis
date: Wed, 15 Jan 2025 20:01:01 GMT
DNS

130.109.69.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

130.109.69.13.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response

13.107.246.64:443

https://assets-usa.mkt.dynamics.com/favicon.ico

tls, http2

msedge.exe

3.2kB
18.4kB
23
30

HTTP Request

GET https://assets-usa.mkt.dynamics.com/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/standaloneforms/56e937c9-71d3-ef11-8eea-0022480a45c7

HTTP Response

200

HTTP Request

GET https://assets-usa.mkt.dynamics.com/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/forms/56e937c9-71d3-ef11-8eea-0022480a45c7

HTTP Request

GET https://assets-usa.mkt.dynamics.com/favicon.ico

HTTP Response

404

HTTP Response

200
13.107.246.64:443

https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js

tls, http2

msedge.exe

146.6kB
5.6MB
2727
4030

HTTP Request

GET https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js

HTTP Response

200
13.107.246.64:443

https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/public/locales/en-us/translation.json

tls, http2

msedge.exe

3.5kB
10.1kB
18
21

HTTP Request

GET https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/public/locales/en-us/translation.json

HTTP Response

200
52.146.76.30:443

https://public-usa.mkt.dynamics.com/api/v1.0/orgs/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/landingpageforms/forms/56e937c9-71d3-ef11-8eea-0022480a45c7

tls, http

msedge.exe

4.5kB
7.7kB
17
16

HTTP Request

OPTIONS https://public-usa.mkt.dynamics.com/api/v1.0/orgs/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/landingpageforms/forms/56e937c9-71d3-ef11-8eea-0022480a45c7/visits

HTTP Response

204

HTTP Request

POST https://public-usa.mkt.dynamics.com/api/v1.0/orgs/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/landingpageforms/forms/56e937c9-71d3-ef11-8eea-0022480a45c7/visits

HTTP Response

200

HTTP Request

OPTIONS https://public-usa.mkt.dynamics.com/api/v1.0/orgs/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/landingpageforms/forms/56e937c9-71d3-ef11-8eea-0022480a45c7

HTTP Response

204

HTTP Request

POST https://public-usa.mkt.dynamics.com/api/v1.0/orgs/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/landingpageforms/forms/56e937c9-71d3-ef11-8eea-0022480a45c7

HTTP Response

200
2.56.246.76:443

https://meheff.56-ytgfjsdfghjkn.icu/iVmcjYqP

tls, http

msedge.exe

1.9kB
5.4kB
14
19

HTTP Request

GET https://meheff.56-ytgfjsdfghjkn.icu/iVmcjYqP

HTTP Response

302
2.56.246.76:443

meheff.56-ytgfjsdfghjkn.icu

tls

msedge.exe

989 B
4.2kB
9
11
2.56.246.76:443

https://mejeff.56-ytgfjsdfghjkn.icu/owa/

tls, http

msedge.exe

2.2kB
19.8kB
19
29

HTTP Request

GET https://mejeff.56-ytgfjsdfghjkn.icu/owa/

HTTP Response

302
2.56.246.76:443

https://ocprq.56-ytgfjsdfghjkn.icu/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=48ff5173-e6e3-587b-b9c8-2dae136bfc05&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638725679976010374.387b5f4c-c947-4f69-a9c5-785e9d675fa5&state=DYtBEoAgDMSKjs-poLRd-hxEuXr0-_aQHDKTRERrsASphAhWG041uMPKUSpkj3LplMHDBSzTnLsPZTR9_Dbo7Jri3fL79fwD

tls, http

msedge.exe

3.3kB
51.8kB
31
52

HTTP Request

GET https://ocprq.56-ytgfjsdfghjkn.icu/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=48ff5173-e6e3-587b-b9c8-2dae136bfc05&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638725679976010374.387b5f4c-c947-4f69-a9c5-785e9d675fa5&state=DYtBEoAgDMSKjs-poLRd-hxEuXr0-_aQHDKTRERrsASphAhWG041uMPKUSpkj3LplMHDBSzTnLsPZTR9_Dbo7Jri3fL79fwD

HTTP Response

200
13.107.246.64:443

aadcdn.msauth.net

tls, http2

msedge.exe

1.8kB
6.5kB
15
16
2.56.246.76:443

https://jrhte.56-ytgfjsdfghjkn.icu/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css

tls, http

msedge.exe

3.9kB
124.1kB
57
104

HTTP Request

GET https://jrhte.56-ytgfjsdfghjkn.icu/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css

HTTP Response

200
2.56.246.76:443

https://jrhte.56-ytgfjsdfghjkn.icu/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_v20ia-gahguvu2fgvxamhg2.js

tls, http

msedge.exe

2.9kB
66.5kB
36
63

HTTP Request

GET https://jrhte.56-ytgfjsdfghjkn.icu/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_v20ia-gahguvu2fgvxamhg2.js

HTTP Response

200
2.56.246.76:443

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/js/ConvergedLogin_PCore_n7VKwtWYm2mBLcIKAZfQlw2.js

tls, http

msedge.exe

13.6kB
477.1kB
244
369

HTTP Request

GET https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/js/ConvergedLogin_PCore_n7VKwtWYm2mBLcIKAZfQlw2.js

HTTP Response

200
2.56.246.76:443

https://hrvetbr.56-ytgfjsdfghjkn.icu/Me.htm?v=3

tls, http

msedge.exe

2.0kB
10.2kB
16
22

HTTP Request

GET https://hrvetbr.56-ytgfjsdfghjkn.icu/Me.htm?v=3

HTTP Response

200
2.56.246.76:443

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js

tls, http

msedge.exe

5.2kB
203.3kB
85
160

HTTP Request

GET https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js

HTTP Response

200
2.56.246.76:443

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_510f960da65b56e0607c.js

tls, http

msedge.exe

8.9kB
427.3kB
166
323

HTTP Request

GET https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_510f960da65b56e0607c.js

HTTP Response

200
2.56.246.76:443

https://mejeff.56-ytgfjsdfghjkn.icu/owa/prefetch.aspx

tls, http

msedge.exe

2.4kB
12.2kB
17
24

HTTP Request

GET https://mejeff.56-ytgfjsdfghjkn.icu/owa/prefetch.aspx

HTTP Response

200
184.28.198.137:443

https://r4.res.office365.com/owa/prem/15.20.8356.14/resources/styles/0/boot.worldwide.mouse.css

tls, http2

msedge.exe

15.3kB
735.1kB
297
557

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.8356.14/scripts/boot.worldwide.0.mouse.js

HTTP Response

200

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.8356.14/scripts/boot.worldwide.1.mouse.js

HTTP Response

200

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.8356.14/scripts/boot.worldwide.2.mouse.js

HTTP Response

200

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.8356.14/scripts/boot.worldwide.3.mouse.js

HTTP Response

200

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.8356.14/resources/images/0/sprite1.mouse.png

HTTP Response

200

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.8356.14/resources/images/0/sprite1.mouse.css

HTTP Response

200

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.8356.14/resources/styles/0/boot.worldwide.mouse.css

HTTP Response

200
2.56.246.76:443

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg

tls, http

msedge.exe

2.0kB
8.0kB
15
21

HTTP Request

GET https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg

HTTP Response

200
2.56.246.76:443

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png

tls, http

msedge.exe

2.1kB
12.4kB
17
24

HTTP Request

GET https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png

HTTP Response

200
2.56.246.76:443

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg

tls, http

msedge.exe

2.3kB
25.1kB
21
33

HTTP Request

GET https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg

HTTP Response

200
2.56.246.76:443

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

tls, http

msedge.exe

2.3kB
24.7kB
21
33

HTTP Request

GET https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

HTTP Response

200
2.56.246.76:443

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg

tls, http

msedge.exe

2.1kB
10.8kB
16
23

HTTP Request

GET https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg

HTTP Response

200
2.56.246.76:443

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_cc2c59f5ef2c09e14b08.js

tls, http

msedge.exe

3.9kB
124.4kB
57
104

HTTP Request

GET https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_cc2c59f5ef2c09e14b08.js

HTTP Response

200
2.56.246.76:443

https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg

tls, http

msedge.exe

2.0kB
8.6kB
15
21

HTTP Request

GET https://jrhte.56-ytgfjsdfghjkn.icu/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg

HTTP Response

200
13.69.109.130:443

https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

tls, http2

msedge.exe

5.1kB
8.4kB
18
16

HTTP Request

OPTIONS https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

POST https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

assets-usa.mkt.dynamics.com

dns

msedge.exe

73 B
280 B
1
1

DNS Request

assets-usa.mkt.dynamics.com

DNS Response

13.107.246.64
8.8.8.8:53

cxppusa1formui01cdnsa01-endpoint.azureedge.net

dns

msedge.exe

92 B
275 B
1
1

DNS Request

cxppusa1formui01cdnsa01-endpoint.azureedge.net

DNS Response

13.107.246.64
8.8.8.8:53

64.246.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.246.107.13.in-addr.arpa
8.8.8.8:53

16.43.107.13.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

16.43.107.13.in-addr.arpa
8.8.8.8:53

60.153.16.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

60.153.16.2.in-addr.arpa
8.8.8.8:53

68.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

68.159.190.20.in-addr.arpa
8.8.8.8:53

167.173.78.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

167.173.78.104.in-addr.arpa
8.8.8.8:53

public-usa.mkt.dynamics.com

dns

msedge.exe

73 B
210 B
1
1

DNS Request

public-usa.mkt.dynamics.com

DNS Response

52.146.76.30
224.0.0.251:5353

522 B
8
8.8.8.8:53

30.76.146.52.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

30.76.146.52.in-addr.arpa
8.8.8.8:53

meheff.56-ytgfjsdfghjkn.icu

dns

msedge.exe

73 B
89 B
1
1

DNS Request

meheff.56-ytgfjsdfghjkn.icu

DNS Response

2.56.246.76
8.8.8.8:53

mejeff.56-ytgfjsdfghjkn.icu

dns

msedge.exe

73 B
89 B
1
1

DNS Request

mejeff.56-ytgfjsdfghjkn.icu

DNS Response

2.56.246.76
8.8.8.8:53

ocprq.56-ytgfjsdfghjkn.icu

dns

msedge.exe

72 B
88 B
1
1

DNS Request

ocprq.56-ytgfjsdfghjkn.icu

DNS Response

2.56.246.76
8.8.8.8:53

aadcdn.msauth.net

dns

msedge.exe

63 B
278 B
1
1

DNS Request

aadcdn.msauth.net

DNS Response

13.107.246.64
8.8.8.8:53

76.246.56.2.in-addr.arpa

dns

70 B
84 B
1
1

DNS Request

76.246.56.2.in-addr.arpa
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

aadcdn.msftauth.net

dns

msedge.exe

65 B
225 B
1
1

DNS Request

aadcdn.msftauth.net

DNS Response

184.28.198.9

95.101.143.240
8.8.8.8:53

jrhte.56-ytgfjsdfghjkn.icu

dns

msedge.exe

72 B
88 B
1
1

DNS Request

jrhte.56-ytgfjsdfghjkn.icu

DNS Response

2.56.246.76
8.8.8.8:53

htejre.56-ytgfjsdfghjkn.icu

dns

msedge.exe

73 B
89 B
1
1

DNS Request

htejre.56-ytgfjsdfghjkn.icu

DNS Response

2.56.246.76
8.8.8.8:53

hrvetbr.56-ytgfjsdfghjkn.icu

dns

msedge.exe

74 B
90 B
1
1

DNS Request

hrvetbr.56-ytgfjsdfghjkn.icu

DNS Response

2.56.246.76
2.56.246.76:443

hrvetbr.56-ytgfjsdfghjkn.icu

https

msedge.exe

6.9kB
5
8.8.8.8:53

r4.res.office365.com

dns

msedge.exe

66 B
213 B
1
1

DNS Request

r4.res.office365.com

DNS Response

184.28.198.137

184.28.198.96

184.28.198.105

184.28.198.131
8.8.8.8:53

137.198.28.184.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

137.198.28.184.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

msedge.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

privacy.microsoft.com

dns

msedge.exe

67 B
167 B
1
1

DNS Request

privacy.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

200.163.202.172.in-addr.arpa

dns

74 B
160 B
1
1

DNS Request

200.163.202.172.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

99.117.19.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

99.117.19.2.in-addr.arpa
8.8.8.8:53

eu-mobile.events.data.microsoft.com

dns

msedge.exe

81 B
201 B
1
1

DNS Request

eu-mobile.events.data.microsoft.com

DNS Response

13.69.109.130
8.8.8.8:53

130.109.69.13.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

130.109.69.13.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4ee2471f-913a-48b0-8486-f14124057e6e.tmp

Filesize
6KB

MD5
07cd7b3b8ec065532f8b974306dc638e

SHA1
1f688d0956b9cb928a55e5959eb76fbaa1a182c4

SHA256
c87bc5b38717d493b70ddb2507ebbafe70ca79f7463e77122720e5e919a777e9

SHA512
14e7d1ec1cdab5b5d59faa0b4ff5a35c23864fa4686b7090dda24ef78ff3a8b44aea0c1e102c185c983e774999d2ba9215f7ab3bd877f811076565d8bb5623a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5a92972cdc6fb0a2c6b4d2d5bf728bb3

SHA1
acfd6e8d91eb75aa8d8d14d59764befcc13f4cf3

SHA256
518fd1c2ee25164a467b5ed322fdfdfe0dc3093670a55c36b60ad734ed6e9b5d

SHA512
c638087334545116acf5e9454a1cb8d8ae89f10efdf1e7e870bb648d2feb55ae3d07ee382ae54bd6fd56ca7b32b4b074eb9912867c3dfa8742d7e21d0975687a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
819B

MD5
057dc1f04916716d7a92ce5d3608fcc5

SHA1
066d88a5cd3a50a61b253ce7d7300659307723ab

SHA256
43416d956406c5cb485bc0317dbc3e99d3f95611dae6e41598dd8df6e3b34590

SHA512
a93cc1ada1264097619ad464ba7e2253072918e4bf67986bc73b7aff1af16f1a35b1ae02c9b6787f09b1dc0627846af2ad369ec579d51f70eb7c3164372d7a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
726B

MD5
8ab7810567e054f21428e71033c97db8

SHA1
7f74c80b0e8f0724b0a7f9aa87cdcd5f5ea3b722

SHA256
d18a7cc482df2a75a92f091d8aa92878221ea807a197105fb9bd2d6a9da0ec7c

SHA512
6bd2f15f48b8449b465ec7646aa543d1ff2055ce991af0cc06f6270f55e875a5eecb6633ebd60095b68583f12de520dfa11971bfaccea21f591fb45fa9bff20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce1dc909dceda759ef75c906b26992ed

SHA1
f11dd12e9cbaaad800c6dd0c6f72bc5055998b69

SHA256
a4cd596b450b275cc2867f440c3beefda70b88cecbccf002cd6153de796aca25

SHA512
401e094ec0913f4b46cad814c987adeed4499fb8ce277620ff54eba5d7b112c15bfd9de2e6b302b8de4de228e987610deb25a2622b8e6a95f8fa9fd0023b9f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
8b9c5b45f6ea79678080ead22703ad0f

SHA1
916ce629bdf4138bed356ea9a1e41627b8d1ca11

SHA256
d74651e8c877dfe9618ff09b0d26fedc8a14855f0117e1343cb4ea9373bb1e7f

SHA512
c82a5488352f22dcd3e13ab08a4f8bd72686ca0a5769bddc55dbeda306e052973753660f8d6887b1c91dd266be9528d4a600482fa82bf4f0d4e987f916c81057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cf9f.TMP

Filesize
539B

MD5
105c2eb770e2ec01859766d28c59e34e

SHA1
40ef9baf921d3f89352c25b25dc3b5a7012a9da5

SHA256
97e5f8660064a1c4eca0f81ec827af0401053f14353e95499ec86cefbf5add7b

SHA512
ffd25f6870e4f122bbd84f1abae58020f831b10cecbc7df2563a66feab8d8b938072b6bd1487f2616c58347eda303d591038e2caece754f0c6b647e73346eaab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8fff2b1b7f4124eb27efc8d83e310d54

SHA1
cc001968d88be7d0da8d544d33f0a848d1f91dcd

SHA256
b5b8fe3140ee137b7efcb48e499d15bb87a7aae4d3496c8f560a183ae64cbfae

SHA512
115be7f941ca301d580c94c470655618539f9034b83abb332d241bd9edcd5069dc23238a79881ae30feb0c9418799dc3d35d918b5f44d7d27d09524af3cf5795

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response