azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: Auto-sync from ACG-M-L5090 at 2026-03-10 19:11:00

Browse Source 
Synced files:
- Quote wizard frontend (all components, hooks, types, config)
- API updates (config, models, routers, schemas, services)
- Client work (bg-builders, gurushow)
- Scripts (BGB Lesley termination, CIPP, Datto, migration)
- Temp files (Bardach contacts, VWP investigation, misc)
- Credentials and session logs
- Email service, PHP API, session logs

Machine: ACG-M-L5090
Timestamp: 2026-03-10 19:11:00

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-03-10 19:59:08 -07:00
parent a1a19f8c00
commit fa15b03180
169 changed files with 879909 additions and 1243 deletions
Download Patch File Download Diff File Expand all files Collapse all files

463
temp/vwp_investigation_output.txt Normal file
View File

@@ -0,0 +1,463 @@
======================================================================
VALLEY WIDE PLASTERING - BEC INVESTIGATION
Date: 2026-03-05 15:50:52 UTC
======================================================================
[*] Acquiring access token...
[OK] Token acquired successfully
======================================================================
STEP 1: ALL TENANT USERS
======================================================================
[ENABLED] Accounts Payable | acctpay@valleywideplastering.com | ID: e70d7ec5-72f3-4b80-9614-e6bd5380b773 | Created: 2023-03-17T21:33:24Z
[ENABLED] Adolfo Suarez | adolfos@valleywideplastering.com | ID: aff7fcb9-a0e6-4298-8abb-2f538aa95ac8 | Created: 2023-03-17T21:34:03Z
[ENABLED] Billing Clerk | billing@valleywideplastering.com | ID: 4f708b80-e537-4f63-92d3-5feedfa28244 | Created: 2023-03-17T21:35:41Z
[ENABLED] Toni | billing@valleywideplastering.onmicrosoft.com | ID: 9bf0abb0-b613-4e1d-ba4d-b4e51a69ca3f | Created: 2023-01-13T19:40:34Z
[ENABLED] Brian | Brian@valleywideplastering.com | ID: 5555cf28-f669-40f2-8a87-7ef73861f2f7 | Created: 2024-08-23T16:30:32Z
[ENABLED] Carlos Reyes | carlos@valleywideplastering.com | ID: 8709d6c8-48af-4b3c-acee-2f16bd60e3d8 | Created: 2023-03-17T21:36:05Z
[ENABLED] Charlie Jones | charlie@valleywideplastering.com | ID: b494cc30-5fd5-446e-aa29-d6bc1c5df015 | Created: 2025-12-24T20:13:02Z
[ENABLED] Chris Guerrero | chris@valleywideplastering.com | ID: 55464175-3426-448a-af92-a47ef64c5104 | Created: 2023-11-29T13:49:34Z
[ENABLED] Customer Service | customerservice@valleywideplastering.com | ID: 85125767-037c-410e-bc79-ae6110eee8b4 | Created: 2023-03-17T21:36:34Z
[ENABLED] Customer Service | customerservice@valleywideplastering.onmicrosoft.com | ID: 2dc7a257-f415-4f92-affa-a59fd51920fc | Created: 2023-01-30T18:32:45Z
[ENABLED] Bart Graffin | estimating@valleywideplastering.com | ID: 115a1d25-ba9b-492d-b095-1b8f0207d0a5 | Created: 2023-03-17T21:35:18Z
[ENABLED] Fax Inbox | faxinbox@valleywideplastering.com | ID: f19426ea-42df-40ab-a7b5-725a0a46e508 | Created: 2023-03-17T22:03:48Z
[ENABLED] Fermin Matta | fermin@valleywideplastering.com | ID: 38c353d3-1667-463b-89ae-a9960175dbb3 | Created: 2025-12-24T20:16:00Z
[ENABLED] Francisco Arias | franciscoa@valleywideplastering.com | ID: a90877f8-238d-478e-9c45-9090dfdba12f | Created: 2023-03-17T21:37:38Z
[ENABLED] VWP Insurance | insurance@valleywideplastering.com | ID: 6d5ff148-9cb0-40ea-86b5-b725a0fbdcc8 | Created: 2024-08-14T14:27:41Z
[ENABLED] Issac Chavez | isaacc@valleywideplastering.com | ID: af5519d2-d855-4b7b-8f57-85ee843f58ef | Created: 2023-03-17T21:38:40Z
[ENABLED] JR Guerrero | j-r@valleywideplastering.com | ID: 0af923d0-48c5-4cc1-8553-c60625802815 | Created: 2023-03-17T21:51:35Z
[ENABLED] Jaime Hernandez | jaimebh@valleywideplastering.com | ID: 16388457-2f1b-44d0-8fc6-a4343a779f80 | Created: 2023-03-17T21:39:14Z
[ENABLED] Jesse Guerrero | jesse@valleywideplastering.com | ID: ac669421-ee6d-4ea3-a293-341cb93cb6fd | Created: 2023-03-17T21:39:40Z
[ENABLED] JR Guerrero | jr@CASARICA.NET | ID: 330931be-21f2-41ca-872b-f883ebe4ec45 | Created: 2023-03-17T21:50:37Z
[ENABLED] Juan Leal | juan@valleywideplastering.com | ID: 570d3e5c-515d-4bf5-bae6-2c9b816025fb | Created: 2023-03-17T21:52:04Z
[ENABLED] Kayla Guerrero | kayla@valleywideplastering.com | ID: cf165bab-a876-4a8a-87b2-9a5a0de3cefe | Created: 2025-07-10T17:05:48Z
[ENABLED] Orders VWP | orders@valleywideplastering.com | ID: 3739c527-f156-49b7-8779-a19033564a0f | Created: 2023-03-17T21:54:40Z
[ENABLED] Payroll VWP | payroll@valleywideplastering.com | ID: 9671837f-eaf5-46aa-9677-dbed40f8517e | Created: 2023-03-17T21:55:29Z
[ENABLED] Ron Winger | ron@valleywideplastering.com | ID: 779fc914-3053-47c2-b5b4-5696d4c40a2d | Created: 2024-10-17T23:22:37Z
[ENABLED] Rose Guerrero | rose@valleywideplastering.com | ID: 8c1e798c-26d9-43aa-a129-573aad703e6f | Created: 2023-03-17T21:56:42Z
[ENABLED] Ryan Guerrero | ryan@valleywideplastering.com | ID: f83d4a9e-e431-4e4f-ac4d-50bf10112e26 | Created: 2023-03-17T21:57:05Z
[ENABLED] Sammy Montijo | sammy@valleywideplastering.com | ID: 690d7044-d0f5-44b7-9654-c39652de7973 | Created: 2023-03-17T21:57:49Z
[ENABLED] Shelly Dooley | shelly@valleywideplastering.com | ID: da8f7037-450d-4631-8a9b-dace75772003 | Created: 2023-07-12T18:12:00Z
[ENABLED] Spro VWP | spro@valleywideplastering.com | ID: 27e20a2c-3e79-45d8-8542-4f7e5f56003b | Created: 2023-03-17T21:58:52Z
[ENABLED] Computer Guru | sysadmin@valleywideplastering.com | ID: 41810f2d-b674-47ee-9b6f-f3ba69a7703d | Created: 2024-05-10T18:26:04Z
[ENABLED] Teresa Carpio | teresa@valleywideplastering.com | ID: 615d8ef9-e3cc-49a8-bd56-19921cafea4e | Created: 2023-03-17T21:59:28Z
[ENABLED] Ty Fetters | Ty@CASARICA.NET | ID: 2e6e0a06-cb8a-4cc2-8870-9a87f202e635 | Created: 2023-03-17T22:01:54Z
[INFO] Exact match for 'jrguerrero' not found, searching by name...
>>> TARGET USER FOUND: j-r@valleywideplastering.com (ID: 0af923d0-48c5-4cc1-8553-c60625802815)
======================================================================
STEP 2: SIGN-IN LOGS (Last 14 Days)
======================================================================
[WARNING] sign-ins v1.0:
[*] Trying beta endpoint...
[WARNING] sign-ins beta:
No sign-in logs found (tenant may not have Azure AD P1/P2)
======================================================================
STEP 3: RECENT SENT MAIL (Last 14 Days)
======================================================================
2026-03-05T14:38:37Z | To: orders@valleywideplastering.com | Subject: RE: starlight - sunset farm
[SUSPICIOUS] 2026-03-05T14:37:35Z | To: Pedro.Pagazani@umb.com, lauriemg943@gmail.com | Subject: RE: Account
Preview: Pedro, I apologize I have not had a chance to stop by. I will make time today.
From: Pagazani, Pedro <Pedro.Pagazani@umb.com>
Sent: Wednesday,
2026-03-04T21:06:31Z | To: orders@valleywideplastering.com | Subject: Re: starlight - sunset farm
2026-03-04T21:04:59Z | To: Dan.Surek@Pulte.com | Subject: RE: Harvest lot 2724 [HAS ATTACHMENTS]
2026-03-04T19:51:01Z | To: Dan.Surek@Pulte.com, Brian@valleywideplastering.com, customerservice@valleywideplastering.com | Subject: RE: Harvest lot 2724
2026-03-04T19:21:33Z | To: billing@valleywideplastering.com, orders@valleywideplastering.com, teresa@valleywideplastering.com | Subject: RE: Stack
2026-03-04T19:08:03Z | To: customerservice@valleywideplastering.com | Subject: RE: Harvest Lot 27-24
2026-03-04T19:07:37Z | To: Dan.Surek@Pulte.com, Brian@valleywideplastering.com, customerservice@valleywideplastering.com | Subject: Harvest lot 2724
2026-03-04T18:23:31Z | To: ccowley@senecaapi.com, fermin@valleywideplastering.com, carlos@valleywideplastering.com | Subject: RE: Drew Residence
2026-03-04T18:18:34Z | To: orders@valleywideplastering.com, teresa@valleywideplastering.com | Subject: FW: Legado West 4000
2026-03-04T18:10:28Z | To: acctpay@valleywideplastering.com | Subject: FW: Pulte h. Vistoso cayon lot 28 ( Jesus serna ( [HAS ATTACHMENTS]
2026-03-04T18:06:19Z | To: jerry@cookarch.com, loon@cookarch.com | Subject: RE: FWD: RE: re[4]: FW: VW Plastering 257220
2026-03-04T17:58:43Z | To: CamA@cameron-custom.com, fermin@valleywideplastering.com | Subject: RE: Dew Residence Mock Up (Exterior Scheme Expression)
[SUSPICIOUS] 2026-03-04T17:49:05Z | To: mark@reliableglassaz.com, jr@CASARICA.NET, chris@valleywideplastering.com | Subject: RE: Office TI Estimate - Drawings Attached
Preview: I have a 9am and it may run over an hour let<65>s do10:30AM
Here at the location or your location.
JR
From: Mark Hoeffner <mark@reliableglassaz.co
2026-03-04T16:17:37Z | To: franciscoa@valleywideplastering.com, teresa@valleywideplastering.com | Subject: HOUSES THAT WE ARE REDOING DUE TO CRACKS
2026-03-04T13:23:16Z | To: acctpay@valleywideplastering.com | Subject: FW: Your Sunbelt Rental Statement [HAS ATTACHMENTS]
[SUSPICIOUS] 2026-03-04T13:13:49Z | To: mark@reliableglassaz.com, chris@valleywideplastering.com | Subject: RE: Office TI Estimate - Drawings Attached
Preview: Hi Mark what time on Thursday?
From: Mark Hoeffner <mark@reliableglassaz.com>
Sent: Tuesday, March 3, 2026 8:53 PM
To: Chris Guerrero <chris@vall
2026-03-03T22:13:29Z | To: franciscoa@valleywideplastering.com | Subject: Re: Mattamy Homes Covena Pointe at Rocking K New Community Bid Invite - RFP - Please READ and RESPOND!
2026-03-03T18:44:01Z | To: billing@valleywideplastering.com | Subject: Fw: Mattamy Homes Covena Pointe at Rocking K New Community Bid Invite - RFP - Please READ and RESPOND!
2026-03-03T14:02:54Z | To: juan@valleywideplastering.com | Subject: Fw: 470 N. 56th st. Chandler AZ 85226
2026-03-03T12:44:07Z | To: tkkossdevco@gmail.com | Subject: Re: 470 N. 56th st. Chandler AZ 85226
2026-03-03T01:51:39Z | To: Heath.Thompson@Pulte.com, chris@valleywideplastering.com | Subject: Arrowhead rifles
2026-03-03T01:31:01Z | To: Heath.Thompson@Pulte.com, chris@valleywideplastering.com | Subject: Tripod with magentic release
2026-03-02T23:23:36Z | To: hunter@rbwilliams.com | Subject: Re: Valley-wide plastering
2026-03-02T21:35:06Z | To: jesse@valleywideplastering.com | Subject: Fw: Walters Residence [HAS ATTACHMENTS]
2026-03-02T18:24:42Z | To: ron@valleywideplastering.com, orders@valleywideplastering.com, teresa@valleywideplastering.com | Subject: Fw: Bid Invitation: Sunset Farms - Starlight Homes [HAS ATTACHMENTS]
2026-03-02T16:47:02Z | To: ccowley@senecaapi.com, fermin@valleywideplastering.com, carlos@valleywideplastering.com | Subject: RE: Drew resindence
2026-03-02T16:16:12Z | To: rose@valleywideplastering.com, lauriemg943@gmail.com | Subject: FW: 13632004 MULTI
2026-03-02T13:56:05Z | To: loon@cookarch.com | Subject: FW: PROJECT SCOPING MEETING: T3709494 - VALLEY WIDE PLASTERING, INC. - LJ115024 - ZD281324 - 20 1/16E 4 13/16S [HAS ATTACHMENTS]
2026-03-02T13:47:59Z | To: Derien.Runnels@catamountinc.com | Subject: Accepted: Flats at Ballpark - Valley Wide Plastering Site Visit
2026-03-01T18:31:04Z | To: jr@CASARICA.NET | Subject:
2026-03-01T00:28:49Z | To: Elisa.Torresdeleon@srpnet.com, loon@cookarch.com | Subject: Re: Scheduling Project Scoping Meeting - T3709494 - VALLEY WIDE PLASTERING, INC.
2026-03-01T00:23:41Z | To: jeff@rbwilliams.com, jesse@valleywideplastering.com, jarrington@yscpaving.com | Subject: Re: Request for Building Corner Offsets
2026-02-28T14:02:02Z | To: Derien.Runnels@catamountinc.com, estimating@valleywideplastering.com | Subject: Re: Flats at Ballpark
2026-02-28T13:55:43Z | To: Derien.Runnels@catamountinc.com, estimating@valleywideplastering.com | Subject: Re: Flats at Ballpark
2026-02-27T21:55:12Z | To: michael.anaya@srpnet.com | Subject: RE: SRP Project Documents for SRP WO# T3709494 - VALLEY WIDE PLASTERING, INC.
2026-02-27T21:42:17Z | To: tkkossdevco@gmail.com | Subject: 470 N. 56th st. Chandler AZ 85226 [HAS ATTACHMENTS]
2026-02-27T20:07:36Z | To: rose@valleywideplastering.com | Subject: Fw: Noble Sea Warrior Feb 23 Expense Report [HAS ATTACHMENTS]
[SUSPICIOUS] 2026-02-27T20:07:17Z | To: rose@valleywideplastering.com | Subject: Fw: Invoice #2061 From Jeanette Amacher Yacht Maintenance [HAS ATTACHMENTS]
Preview: Get Outlook for iOS
________________________________
From: John Noble <johnsnoblejr@yahoo.com>
Sent: Monday, February 23, 2026 10:01:26 PM
To: JR
2026-02-27T20:06:23Z | To: Suzena.Breen@mattamycorp.com | Subject: Re: [EXTERNAL] RE: Mattamy Homes Covena Pointe at Rocking K New Community Bid Invite - RFP - Please READ and RESPOND!
2026-02-27T17:46:01Z | To: billing@valleywideplastering.com | Subject: Fw: Jzd Modera siding [HAS ATTACHMENTS]
2026-02-27T16:42:55Z | To: sammy@valleywideplastering.com, franciscoa@valleywideplastering.com | Subject: FW: Mirador Point / Mirador Blossom / Mirador Skies Schedule 3-3-2026 [HAS ATTACHMENTS]
2026-02-27T16:39:41Z | To: Suzena.Breen@mattamycorp.com | Subject: RE: Mattamy Homes Covena Pointe at Rocking K New Community Bid Invite - RFP - Please READ and RESPOND!
2026-02-27T13:01:13Z | To: isaacc@valleywideplastering.com, juan@valleywideplastering.com | Subject:
[SUSPICIOUS] 2026-02-26T23:09:26Z | To: rotm1969@gmail.com | Subject: Fw: Apartments invoice and contract [HAS ATTACHMENTS]
Preview: Get Outlook for iOS
________________________________
From: Billing Clerk <billing@valleywideplastering.com>
Sent: Thursday, February 26, 2026 4:02
[SUSPICIOUS] 2026-02-26T22:59:18Z | To: billing@valleywideplastering.com | Subject: FW: Apartments invoice and contract [HAS ATTACHMENTS]
Preview: From: Mark McKillip <rotm1969@gmail.com>
Sent: Thursday, December 11, 2025 8:07 PM
To: JR Guerrero <j-r@valleywideplastering.com>
Subject: Apartmen
2026-02-26T22:12:42Z | To: Elisa.Torresdeleon@srpnet.com | Subject: RE: Scheduling Project Scoping Meeting - T3709494 - VALLEY WIDE PLASTERING, INC.
2026-02-26T22:10:44Z | To: billing@valleywideplastering.com | Subject: FW: OH door In-Fill - Dates [Stucco - Valleywide]
2026-02-26T22:04:27Z | To: GAFlores@arizonatile.com, jr@CASARICA.NET, lamaro@arizonatile.com | Subject: RE: OA 14646360
2026-02-26T21:51:41Z | To: estimating@valleywideplastering.com | Subject: RE: VWP - revised plans has been submitted to Chandler
2026-02-26T21:49:33Z | To: sammy@valleywideplastering.com, franciscoa@valleywideplastering.com | Subject: FW: Mirador Point / Mirador Blossom / Mirador Skies Schedule 3-3-2026 [HAS ATTACHMENTS]
[SUSPICIOUS] 2026-02-26T18:24:51Z | To: franciscoa@valleywideplastering.com, sammy@valleywideplastering.com, teresa@valleywideplastering.com | Subject: WIRE SHORTAGE
Preview: Guys, we need to be checking lathers on wire . The two houses we walked with Pulte, the wire had a minimum of 12<31> overlap X 3 runs on the perimeter o
2026-02-26T18:13:08Z | To: sammy@valleywideplastering.com, franciscoa@valleywideplastering.com, teresa@valleywideplastering.com | Subject: SAND
2026-02-26T14:43:18Z | To: ccowley@senecaapi.com, fermin@valleywideplastering.com, carlos@valleywideplastering.com | Subject: Drew resindence
2026-02-26T02:08:21Z | To: chris@valleywideplastering.com | Subject: Fw: Extended Warranty Request & Follow up (Veridian Models) [HAS ATTACHMENTS]
2026-02-25T22:42:22Z | To: patriotlanceaz@yahoo.com | Subject: RE: safety vests
2026-02-25T21:42:09Z | To: robert@acsdoors.com, jesse@valleywideplastering.com | Subject: FW: VWP - revised plans has been submitted to Chandler
2026-02-25T21:38:45Z | To: robert@acsdoors.com, jesse@valleywideplastering.com | Subject: FW: VWP - revised plans has been submitted to Chandler
2026-02-25T21:37:22Z | To: robert@acsdoors.com, jesse@valleywideplastering.com | Subject: FW: VWP - revised plans has been submitted to Chandler
2026-02-25T21:35:44Z | To: robert@acsdoors.com, jesse@valleywideplastering.com | Subject: FW: VWP - revised plans has been submitted to Chandler
2026-02-25T21:24:42Z | To: estimating@valleywideplastering.com | Subject: FW: VWP - revised plans has been submitted to Chandler
2026-02-25T21:21:26Z | To: justins@camelothomes.com | Subject: RE: Extended Warranty Request & Follow up (Veridian Models) [HAS ATTACHMENTS]
2026-02-25T20:35:31Z | To: estimating@valleywideplastering.com, juan@valleywideplastering.com, jaimebh@valleywideplastering.com | Subject: Re: A2 East Elevation Metal Panel and MCRT Introduction
2026-02-25T17:13:14Z | To: patriotlanceaz@yahoo.com, jesse@valleywideplastering.com | Subject: safety vests
2026-02-25T16:35:43Z | To: jesse@valleywideplastering.com | Subject: king air
2026-02-25T15:18:01Z | To: customerservice@valleywideplastering.com | Subject: RE: MVR 155 missing stucco
2026-02-25T13:13:18Z | To: estimating@valleywideplastering.com | Subject: 10 year warranty
2026-02-24T20:57:39Z | To: estimating@valleywideplastering.com, jesse@valleywideplastering.com, ron@valleywideplastering.com | Subject: RE: Homes to see finish
2026-02-24T15:39:40Z | To: Heath.Thompson@Pulte.com, franciscoa@valleywideplastering.com, sammy@valleywideplastering.com | Subject: RE: Stucco in Tucson BROWN COAT MONITORING PLAN
2026-02-24T15:37:49Z | To: chris@valleywideplastering.com | Subject: FW: New vessel [HAS ATTACHMENTS]
2026-02-24T15:36:46Z | To: jlfloden@cnicklausstarling.com, jesse@valleywideplastering.com, chris@valleywideplastering.com | Subject: USS SEA WARRIOR
2026-02-24T15:00:43Z | To: capnjackv@hotmail.com, jesse@valleywideplastering.com | Subject: FW: New vessel [HAS ATTACHMENTS]
2026-02-24T14:12:59Z | To: sammy@valleywideplastering.com, franciscoa@valleywideplastering.com, customerservice@valleywideplastering.com | Subject: BROWN COAT CRACK REPAIRS- ALL COMMUNITIES
2026-02-24T13:12:34Z | To: gbonanni@mcrtrust.com, estimating@valleywideplastering.com, juan@valleywideplastering.com | Subject: RE: M10 Production
2026-02-23T17:44:23Z | To: rfinn@ascentworks.com | Subject: Accepted: Valley Wide Pre-Renewal Meeting
2026-02-23T15:41:17Z | To: patriotlanceaz@yahoo.com | Subject: RE: Proofs
2026-02-23T14:58:04Z | To: Heath.Thompson@Pulte.com, franciscoa@valleywideplastering.com, sammy@valleywideplastering.com | Subject: RE: Stucco in Tucson BROWN COAT MONITORING PLAN
2026-02-23T14:39:58Z | To: rfinn@ascentworks.com, jesse@valleywideplastering.com, shelly@valleywideplastering.com | Subject: RE: Valley Wide Plastering Pre Renewal Strategy Meeting
2026-02-23T14:20:55Z | To: chris@valleywideplastering.com, lauriemg943@gmail.com, jesse@nescoap.com | Subject: FW: Proofs [HAS ATTACHMENTS]
2026-02-23T14:18:35Z | To: jeff@rbwilliams.com, jesse@valleywideplastering.com, jarrington@yscpaving.com | Subject: RE: Request for Building Corner Offsets
2026-02-21T02:44:57Z | To: rtraica@ftlegal.com, Mike.George@opus-group.com, jr@CASARICA.NET | Subject: Re: Easement Closure Notification - Opus and Valley Wide Plastering
2026-02-21T02:22:09Z | To: patriotlanceaz@yahoo.com | Subject: Re: Proof [HAS ATTACHMENTS]
2026-02-20T05:08:53Z | To: patriotlanceaz@yahoo.com | Subject: Re: Hoodie Proof
2026-02-19T23:19:39Z | To: ron@valleywideplastering.com | Subject: Fw: Bid Invite: Prasada East Shops and Whole Foods Project
2026-02-19T19:46:04Z | To: patriotlanceaz@yahoo.com | Subject: Re: Hoodie Proof
2026-02-19T19:36:46Z | To: billing@valleywideplastering.com, lauriemg943@gmail.com | Subject: Floor and Decor
2026-02-19T14:20:14Z | To: billing@valleywideplastering.com | Subject: Carrie at Richmond
2026-02-18T22:43:50Z | To: customerservice@valleywideplastering.com | Subject: Re: Jemattel homes
2026-02-18T22:37:31Z | To: customerservice@valleywideplastering.com | Subject: Jemattel homes
2026-02-18T22:25:07Z | To: carlos@valleywideplastering.com | Subject: Fw: Pulte Homes Upper Canyon Trade Pre Construction Start Meeting Front End Trade Group [HAS ATTACHMENTS]
2026-02-18T21:54:45Z | To: customerservice@valleywideplastering.com | Subject: Fw: Pulte Homes Upper Canyon Trade Pre Construction Start Meeting Front End Trade Group [HAS ATTACHMENTS]
2026-02-18T19:43:50Z | To: chris@valleywideplastering.com, jr@CASARICA.NET | Subject: RE: [Reminder] Proposal for Valley Wide Plastering TI
2026-02-18T19:41:30Z | To: joe.telles@jematellhomes.com, jdodson@ybcco.com, customerservice@valleywideplastering.com | Subject: RE: Crist Stucco/Door Punch
2026-02-17T23:50:32Z | To: estimating@valleywideplastering.com, juan@valleywideplastering.com, jaimebh@valleywideplastering.com | Subject: Re: Faux Lintels at clubhouse
2026-02-17T22:48:37Z | To: trent.jordan@aps.com, sara.foley@aps.com | Subject: RE: WA759416 370 N. NEVADA ST
2026-02-17T22:38:18Z | To: trent.jordan@aps.com, sara.foley@aps.com | Subject: WA759416 370 N. NEVADA ST
2026-02-17T21:33:09Z | To: estimating@valleywideplastering.com, juan@valleywideplastering.com, jaimebh@valleywideplastering.com | Subject: RE: Faux Lintels at clubhouse
2026-02-17T21:16:08Z | To: sammy@valleywideplastering.com, franciscoa@valleywideplastering.com | Subject: FW: Mirador Point / Mirador Blossom / Mirador Skies Schedule 2-27-2026 [HAS ATTACHMENTS]
[SUSPICIOUS] 2026-02-17T21:15:33Z | To: acctpay@valleywideplastering.com | Subject: FW: Invoice - Reminder: Your payment to SUNDANCE SWEEPING is due [HAS ATTACHMENTS]
Preview: We need to pay this please.
From: SUNDANCE SWEEPING <sundancesweeping@gmail.com>
Sent: Tuesday, February 17, 2026 1:04 PM
To: JR Guerrero <j-r@va
2026-02-17T18:36:31Z | To: Elisa.Torresdeleon@srpnet.com | Subject: RE: Scheduling Project Scoping Meeting - T3709494 - VALLEY WIDE PLASTERING, INC.
--- Sent Mail Summary ---
Total sent messages: 100
Suspicious subjects: 8
External recipients: 53
External recipient list:
- Brian.Davis@opus-group.com
- CamA@cameron-custom.com
- Cory.Garcia@Pulte.com
- Dan.Surek@Pulte.com
- David.Benjamin@opus-group.com
- Derien.Runnels@catamountinc.com
- Don.Vonderwell@opus-group.com
- Elisa.Torresdeleon@srpnet.com
- GAFlores@arizonatile.com
- Heath.Thompson@Pulte.com
- Jennifer.Moya@opus-group.com
- Kallie.Tiller@srpnet.com
- Lara.Bauerly@opus-group.com
- Leo.Barros@Pulte.com
- Luke.Eggers@opus-group.com
- Matthew.Visnansky@opus-group.com
- Mike.George@opus-group.com
- OrderDeskTempe@arizonatile.com
- Pedro.Pagazani@umb.com
- Suzena.Breen@mattamycorp.com
- capnjackv@hotmail.com
- ccowley@senecaapi.com
- david@jematellhomes.com
- dprescott@ascentworks.com
- gbonanni@mcrtrust.com
- group-chandlerconstructiongroup@mcrtrust.com
- hunter@rbwilliams.com
- jarrington@yscpaving.com
- jdodson@ybcco.com
- jeff@rbwilliams.com
- jerry@cookarch.com
- jesse@nescoap.com
- jlfloden@cnicklausstarling.com
- jmarshall@marshallbrown.com
- joe.telles@jematellhomes.com
- jr@CASARICA.NET
- justins@camelothomes.com
- lamaro@arizonatile.com
- lauriemg943@gmail.com
- loon@cookarch.com
- mark@reliableglassaz.com
- mgittlein@ascentworks.com
- michael.anaya@srpnet.com
- patriotlanceaz@yahoo.com
- rfinn@ascentworks.com
- robert@acsdoors.com
- rotm1969@gmail.com
- rtraica@ftlegal.com
- sara.foley@aps.com
- shanrahan@ascentworks.com
- tkkossdevco@gmail.com
- trent.jordan@aps.com
- tyler@jematellhomes.com
======================================================================
STEP 4: INBOX RULES (CRITICAL CHECK)
======================================================================
[OK] No inbox rules found
======================================================================
STEP 5: MAILBOX SETTINGS (Forwarding & Auto-Reply)
======================================================================
Auto-Reply Status: disabled
[OK] Auto-replies are disabled
Language: en-US
Timezone: US Mountain Standard Time
Date format:
Checking SMTP forwarding...
Proxy addresses: ['smtp:jr@valleywideplastering.com', 'SMTP:j-r@valleywideplastering.com']
Other emails: []
======================================================================
STEP 6: AUTHENTICATION METHODS
======================================================================
[passwordAuthenticationMethod] ID: 28c10230-6103-485e-b985-444c60001490
[phoneAuthenticationMethod] ID: 3179e48a-750b-4051-897c-87b9720928f7 | Phone: +1 4807976102 (mobile)
[microsoftAuthenticatorAuthenticationMethod] ID: eb72fea3-368c-4ac8-8bfa-fdc2d292a9cd | Device: iPhone 16 Pro Max | Created: None
======================================================================
STEP 7: OAUTH PERMISSION GRANTS & THIRD-PARTY APPS
======================================================================
[OK] No OAuth permission grants found for user
Checking third-party service principals...
[WARNING] service principals: Filter operator 'NotEqualsMatch' is not supported.
No third-party service principals found or filter not supported
======================================================================
STEP 8: DIRECTORY AUDIT LOGS (Recent Changes)
======================================================================
2026-03-05T15:39:49.2102951Z | User deleted security info | Result: success | Actor: None
[CRITICAL] 2026-03-05T15:39:49.1457845Z | Update user | Result: success | Actor: Azure Credential Configuration Endpoint Service
Changed: StrongAuthenticationPhoneAppDetail: [{"DeviceName":"iPhone 12 Pro Max","DeviceToken":"apns2-bbdaed1230ccf93a47375c16 -> [{"DeviceName":"iPhone 16 Pro Max","DeviceToken":"apns2-cdb3e5cb2c5ce66a0a3fee50
Changed: Included Updated Properties: None -> "StrongAuthenticationPhoneAppDetail"
Changed: TargetId.UserType: None -> "Member"
[CRITICAL] 2026-03-05T15:08:11.0443888Z | Update user | Result: success | Actor: sysadmin@valleywideplastering.com
Changed: StsRefreshTokensValidFrom: ["2025-07-24T20:52:05Z"] -> ["2026-03-05T15:08:10Z"]
Changed: Included Updated Properties: None -> "StsRefreshTokensValidFrom"
Changed: TargetId.UserType: None -> "Member"
2026-03-05T15:08:11.0433888Z | Update StsRefreshTokenValidFrom Timestamp | Result: success | Actor: sysadmin@valleywideplastering.com
2026-03-05T15:08:04.9639776Z | Update StsRefreshTokenValidFrom Timestamp | Result: success | Actor: Microsoft password reset service
[CRITICAL] 2026-03-05T15:08:04.9629772Z | Reset user password | Result: success | Actor: Microsoft password reset service
[CRITICAL] 2026-03-05T15:08:04.9447954Z | Reset password (by admin) | Result: success | Actor: sysadmin@valleywideplastering.com
2026-03-05T15:08:04.7639714Z | Update PasswordProfile | Result: success | Actor: Microsoft password reset service
[CRITICAL] 2026-03-05T15:08:04.757972Z | Update user | Result: success | Actor: Microsoft password reset service
Changed: StsRefreshTokensValidFrom: ["2025-07-24T20:52:05Z"] -> ["2026-03-05T15:08:04Z"]
Changed: Included Updated Properties: None -> "StsRefreshTokensValidFrom"
Changed: TargetId.UserType: None -> "Member"
2026-03-05T15:08:04.5589806Z | Update PasswordProfile | Result: success | Actor: Microsoft password reset service
[CRITICAL] 2026-03-04T18:56:23.1582355Z | Update user | Result: success | Actor: Azure MFA StrongAuthenticationService
Changed: StrongAuthenticationPhoneAppDetail: [{"DeviceName":"iPhone 12 Pro Max","DeviceToken":"apns2-bbdaed1230ccf93a47375c16 -> [{"DeviceName":"iPhone 12 Pro Max","DeviceToken":"apns2-bbdaed1230ccf93a47375c16
Changed: Included Updated Properties: None -> "StrongAuthenticationPhoneAppDetail"
Changed: TargetId.UserType: None -> "Member"
======================================================================
STEP 9: LATERAL MOVEMENT CHECK (All Users Risky Sign-ins)
======================================================================
[OK] Accounts Payable (acctpay@valleywideplastering.com): No risky sign-ins detected
[OK] Adolfo Suarez (adolfos@valleywideplastering.com): No risky sign-ins detected
[SUSPICIOUS] Billing Clerk (billing@valleywideplastering.com):
2026-03-04T11:24:04Z | IP: 69.49.112.75 | Country: CA | Risk: none | Protocol: Browser
2026-03-03T15:22:58Z | IP: 141.8.200.245 | Country: AL | Risk: none | Protocol: Browser
[OK] Toni (billing@valleywideplastering.onmicrosoft.com): No risky sign-ins detected
[WARNING] risk check Brian@valleywideplastering.com:
[OK] Brian (Brian@valleywideplastering.com): No risky sign-ins detected
[SUSPICIOUS] Carlos Reyes (carlos@valleywideplastering.com):
2026-03-05T04:41:07Z | IP: 113.132.45.106 | Country: CN | Risk: none | Protocol: Browser
2026-03-04T05:13:17Z | IP: 161.132.45.124 | Country: PE | Risk: none | Protocol: Browser
2026-03-02T12:55:09Z | IP: 103.1.185.60 | Country: AU | Risk: none | Protocol: Browser
2026-03-02T12:52:45Z | IP: 47.76.39.128 | Country: HK | Risk: none | Protocol: Browser
2026-02-24T03:23:01Z | IP: 27.147.222.16 | Country: BD | Risk: none | Protocol: Browser
2026-02-23T12:48:35Z | IP: 111.118.148.221 | Country: KH | Risk: none | Protocol: Browser
2026-02-22T18:19:00Z | IP: 200.142.104.99 | Country: BR | Risk: none | Protocol: Browser
[OK] Charlie Jones (charlie@valleywideplastering.com): No risky sign-ins detected
[SUSPICIOUS] Chris Guerrero (chris@valleywideplastering.com):
2026-03-04T08:37:18Z | IP: 46.243.3.58 | Country: NL | Risk: none | Protocol: Browser
2026-03-04T05:03:58Z | IP: 64.188.124.97 | Country: DE | Risk: none | Protocol: Browser
2026-03-04T04:48:48Z | IP: 103.178.194.93 | Country: ID | Risk: none | Protocol: Browser
2026-03-02T23:31:12Z | IP: 65.20.149.252 | Country: IQ | Risk: none | Protocol: Browser
[SUSPICIOUS] Customer Service (customerservice@valleywideplastering.com):
2026-03-04T03:43:16Z | IP: 116.212.152.131 | Country: KH | Risk: none | Protocol: Browser
2026-03-04T02:57:00Z | IP: 103.167.171.149 | Country: ID | Risk: none | Protocol: Browser
2026-03-03T16:51:51Z | IP: 159.65.19.69 | Country: GB | Risk: none | Protocol: Browser
2026-03-02T21:18:13Z | IP: 122.152.55.98 | Country: BD | Risk: none | Protocol: Browser
2026-03-02T21:18:11Z | IP: 103.111.225.62 | Country: BD | Risk: none | Protocol: Browser
2026-03-02T18:37:28Z | IP: 47.84.93.78 | Country: SG | Risk: none | Protocol: Browser
[OK] Customer Service (customerservice@valleywideplastering.onmicrosoft.com): No risky sign-ins detected
[SUSPICIOUS] Bart Graffin (estimating@valleywideplastering.com):
2026-03-04T04:09:02Z | IP: 45.131.194.59 | Country: US | Risk: hidden | Protocol: Browser
[WARNING] risk check faxinbox@valleywideplastering.com:
[OK] Fax Inbox (faxinbox@valleywideplastering.com): No risky sign-ins detected
[OK] Fermin Matta (fermin@valleywideplastering.com): No risky sign-ins detected
[OK] Francisco Arias (franciscoa@valleywideplastering.com): No risky sign-ins detected
[OK] VWP Insurance (insurance@valleywideplastering.com): No risky sign-ins detected
[OK] Issac Chavez (isaacc@valleywideplastering.com): No risky sign-ins detected
[WARNING] risk check jaimebh@valleywideplastering.com:
[OK] Jaime Hernandez (jaimebh@valleywideplastering.com): No risky sign-ins detected
[SUSPICIOUS] Jesse Guerrero (jesse@valleywideplastering.com):
2026-03-04T18:25:09Z | IP: 157.90.211.189 | Country: DE | Risk: none | Protocol: Browser
2026-03-04T11:59:08Z | IP: 212.172.50.128 | Country: DE | Risk: none | Protocol: Browser
2026-03-04T06:40:42Z | IP: 159.65.19.147 | Country: GB | Risk: none | Protocol: Browser
2026-03-04T05:31:39Z | IP: 103.56.163.133 | Country: VN | Risk: none | Protocol: Browser
2026-03-03T10:10:49Z | IP: 45.87.251.172 | Country: NL | Risk: none | Protocol: Browser
2026-03-02T19:07:45Z | IP: 179.189.233.174 | Country: BR | Risk: none | Protocol: Browser
2026-03-02T15:33:42Z | IP: 125.213.199.22 | Country: AF | Risk: none | Protocol: Browser
2026-03-01T03:26:43Z | IP: 202.62.39.221 | Country: KH | Risk: none | Protocol: Browser
2026-03-01T02:08:20Z | IP: 119.94.113.81 | Country: PH | Risk: none | Protocol: Browser
[OK] JR Guerrero (jr@CASARICA.NET): No risky sign-ins detected
[SUSPICIOUS] Juan Leal (juan@valleywideplastering.com):
2026-03-04T03:00:57Z | IP: 65.109.138.57 | Country: FI | Risk: none | Protocol: Browser
2026-03-03T22:03:48Z | IP: 185.82.239.12 | Country: CZ | Risk: none | Protocol: Browser
2026-03-03T14:13:20Z | IP: 177.234.208.59 | Country: EC | Risk: none | Protocol: Browser
2026-03-03T10:53:28Z | IP: 95.107.173.106 | Country: AL | Risk: none | Protocol: Browser
2026-03-02T20:03:11Z | IP: 118.179.175.158 | Country: BD | Risk: none | Protocol: Browser
2026-03-02T19:07:39Z | IP: 220.87.3.141 | Country: KR | Risk: none | Protocol: Browser
2026-03-02T16:06:16Z | IP: 157.254.20.246 | Country: HK | Risk: none | Protocol: Browser
2026-03-02T15:33:28Z | IP: 3.38.214.6 | Country: KR | Risk: none | Protocol: Browser
2026-02-24T05:29:55Z | IP: 161.117.183.222 | Country: SG | Risk: none | Protocol: Browser
[OK] Kayla Guerrero (kayla@valleywideplastering.com): No risky sign-ins detected
[SUSPICIOUS] Orders VWP (orders@valleywideplastering.com):
2026-03-04T18:59:51Z | IP: 183.81.91.2 | Country: VN | Risk: none | Protocol: Browser
2026-03-04T04:13:24Z | IP: 220.87.3.141 | Country: KR | Risk: none | Protocol: Browser
[WARNING] risk check payroll@valleywideplastering.com:
[OK] Payroll VWP (payroll@valleywideplastering.com): No risky sign-ins detected
[SUSPICIOUS] Ron Winger (ron@valleywideplastering.com):
2026-03-04T13:38:09Z | IP: 170.246.176.222 | Country: AR | Risk: none | Protocol: Browser
2026-03-04T04:39:21Z | IP: 138.252.89.1 | Country: AU | Risk: none | Protocol: Browser
2026-03-04T02:12:09Z | IP: 117.121.202.245 | Country: ID | Risk: none | Protocol: Browser
2026-03-03T12:58:26Z | IP: 54.179.157.31 | Country: SG | Risk: none | Protocol: Browser
2026-03-03T12:58:05Z | IP: 190.122.145.20 | Country: AR | Risk: none | Protocol: Browser
2026-03-02T12:58:20Z | IP: 103.244.107.140 | Country: ID | Risk: none | Protocol: Browser
2026-03-01T17:21:23Z | IP: 189.32.23.70 | Country: BR | Risk: none | Protocol: Browser
2026-02-28T21:18:40Z | IP: 211.226.137.4 | Country: KR | Risk: none | Protocol: Browser
[SUSPICIOUS] Rose Guerrero (rose@valleywideplastering.com):
2026-03-05T11:20:40Z | IP: 98.159.37.184 | Country: US | Risk: hidden | Protocol: Mobile Apps and Desktop clients
2026-03-04T20:16:46Z | IP: 173.244.55.101 | Country: PE | Risk: hidden | Protocol: Mobile Apps and Desktop clients
2026-03-04T17:16:14Z | IP: 2605:6400:c077:2126:aa5b:1086:fe18:8538 | Country: LU | Risk: none | Protocol: Mobile Apps and Desktop clients
2026-03-04T14:53:32Z | IP: 2605:6400:c077:306e:9c9:c95e:c18a:6e43 | Country: LU | Risk: none | Protocol: Mobile Apps and Desktop clients
2026-03-04T08:16:02Z | IP: 45.86.202.93 | Country: DE | Risk: hidden | Protocol: Mobile Apps and Desktop clients
2026-03-04T07:46:16Z | IP: 152.70.56.243 | Country: NL | Risk: none | Protocol: Browser
[SUSPICIOUS] Ryan Guerrero (ryan@valleywideplastering.com):
2026-03-03T17:47:26Z | IP: 110.78.211.34 | Country: TH | Risk: none | Protocol: Browser
2026-03-03T13:13:31Z | IP: 103.39.49.102 | Country: ID | Risk: none | Protocol: Browser
2026-03-03T01:57:54Z | IP: 110.173.181.85 | Country: IN | Risk: none | Protocol: Browser
2026-03-03T00:02:55Z | IP: 66.116.207.52 | Country: AE | Risk: none | Protocol: Browser
2026-03-02T18:58:32Z | IP: 8.218.129.104 | Country: SG | Risk: none | Protocol: Browser
[WARNING] risk check sammy@valleywideplastering.com: This request is throttled. Please try again after the value specified in the Retry-After header. CorrelationId: b25c6b25-5553-4ae7-aa4d-040acb94eb26
[OK] Sammy Montijo (sammy@valleywideplastering.com): No risky sign-ins detected
[OK] Shelly Dooley (shelly@valleywideplastering.com): No risky sign-ins detected
[OK] Spro VWP (spro@valleywideplastering.com): No risky sign-ins detected
[OK] Computer Guru (sysadmin@valleywideplastering.com): No risky sign-ins detected
[OK] Teresa Carpio (teresa@valleywideplastering.com): No risky sign-ins detected
[OK] Ty Fetters (Ty@CASARICA.NET): No risky sign-ins detected
======================================================================
SAVING RESULTS
======================================================================
Results saved to: D:/ClaudeTools/temp/vwp_bec_results.json
======================================================================
INCIDENT REPORT SUMMARY
======================================================================
Target: j-r@valleywideplastering.com (ID: 0af923d0-48c5-4cc1-8553-c60625802815)