thuwin7.z13.web.core.windows.net/
52.239.221.65200 OK 33 kB URL User Request GET HTTP/1.1 thuwin7.z13.web.core.windows.net/
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (1266)
Hash 80dce3c547797fb6f692273e62dfc0f3
7f6f873b87f5d21beadba58b96bb600c134062e7
acbf3adc36bea7918bb69bc5a94d5aeaddfa432d4446e2a2f38e3b942da49338
Analyzer Verdict Alert OpenPhish phishing Office365
GET / HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 33090
Content-Type: text/html
Content-MD5: gNzjxUd5f7b2kic+Yt/A8w==
Last-Modified: Thu, 25 Apr 2024 19:23:20 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2AE7965C"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4bc31179-801e-0026-4d94-9763c7000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:11 GMT
thuwin7.z13.web.core.windows.net/styles.css
52.239.221.65200 OK 9.0 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/styles.css
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type assembler source, ASCII text, with very long lines (1266)
Hash 6ef2560453a7b6bff8ea7ec4265a9816
1ed7044a0579bb751b10ba7353a36e9d208c659e
a072681ff11d60e33eb625e1d75e828542f80c9362d905c3eb9626063e27b4cc
Analyzer Verdict Alert OpenPhish phishing Office365
GET /styles.css HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 8998
Content-Type: text/css
Content-MD5: bvJWBFOntr/46n7EJlqYFg==
Last-Modified: Thu, 25 Apr 2024 19:23:22 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2BD116DF"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4bc313cd-801e-0026-7b94-9763c7000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:11 GMT
support.microsoft.com/en-us/windows
2.18.172.114200 OK 25 kB URL GET HTTP/2 support.microsoft.com/en-us/windows
IP 2.18.172.114:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type HTML document, ASCII text, with very long lines (1478), with CRLF, LF line terminators
Hash acf0a29f9c0c7d2c49c2d22251f036ed
416d57048466fe4cd03af4910684152ece20c89c
b5f6585eca38e42ede0b02e4618ef3d2a98f6687667575d0fd5045b7d87f3350
GET /en-us/windows HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: Kestrel
request-context: appId=
x-correlationid: 0HN34JPL9PN47:0000007B
x-operationid: 2d70d25daa67c16fa63fe97c216207ec
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-encoding: gzip
expires: Fri, 26 Apr 2024 04:46:12 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 26 Apr 2024 04:46:12 GMT
content-length: 25068
strict-transport-security: max-age=86400 ; includeSubDomains
set-cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336; max-age=31536000; path=/; secure; samesite=none
ak_bmsc=FACA867FEFC82587A7F3AE5B06DA3A9A~000000000000000000000000000000~YAAQZQplX0pmrRWPAQAAl6u5GBeyvzcxWqsZFjGStGuwAWWEP8gs6vCXTC+LsL6NibqUTNXVGH1Kk3zUFJuP1OnA8yMjR+4elbuzPGoDfbaF9xF1ArrV5lehWcyh4DkXU0DtZ3dKxpll6acVieEtTQGaMqnL9r8Vp/OaDP2zeHZ+ulpjhZ/KDbXFJzvZWtXbzEVYIa/ZiFbgymwKQAvJsjyy3JueZnlEJHwviyCFnbsS7I/dbwNBrjcPEjPIx7Wwq8JBMMjuWhHdLTBius/jkRYjnGslgJnu2CK/fK65Swj0/FAhQP02bgviRJYeGfM3boKcudt3apk/ushXuDjOSH38jBtAQTCbbbt+WiFwfPcY7+bdHEaUAuPkkHB5s73I0WOlOcRJUxsLXx0M; Domain=.microsoft.com; Path=/; Expires=Fri, 26 Apr 2024 06:46:12 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-4FXBGDDKSQ
142.250.74.168200 OK 89 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-4FXBGDDKSQ
IP 142.250.74.168:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File type JavaScript source, ASCII text, with very long lines (5945)
Hash b1ae10b42b6f40c923ab2b2f425917bf
46c62c108e404b66d9292bbd7b7aa7d8b52fb1c5
cb862a7754c4d9929a7d2e04239f5af631b32d58c04b4fba886aa98bf23be62c
GET /gtag/js?id=G-4FXBGDDKSQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 04:46:12 GMT
expires: Fri, 26 Apr 2024 04:46:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88777
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
thuwin7.z13.web.core.windows.net/font-awesome.min.css
52.239.221.65200 OK 27 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/font-awesome.min.css
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type ASCII text, with very long lines (27265)
Hash fd1609eb97e739683acf23120fd6f6c9
19b2e83fe8df09b85e74835c398aefee816bdfcb
ce26d1b76dae2f3b5d0ccc8d0ecd88d2edb411101b8a4c5edc4d9aa7008c9b04
Analyzer Verdict Alert OpenPhish phishing Office365
GET /font-awesome.min.css HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 27428
Content-Type: text/css
Content-MD5: /RYJ65fnOWg6zyMSD9b2yQ==
Last-Modified: Thu, 25 Apr 2024 19:23:20 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2AB7E25E"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4bc3146e-801e-0026-0c94-9763c7000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:11 GMT
m03lm.rdtk.io/postback?format=img&sum={replace}
217.20.112.104400 Bad Request 73 B URL GET HTTP/1.1 m03lm.rdtk.io/postback?format=img&sum={replace}
IP 217.20.112.104:443
ASN #28753 Leaseweb Deutschland GmbH
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoGetSSL
Subject*.rdtk.io
Fingerprint3F:B8:3B:F6:C3:51:99:DC:0C:C4:BD:84:8C:14:9D:BA:06:6F:F8:9F
ValidityWed, 19 Jul 2023 00:00:00 GMT - Fri, 19 Jul 2024 23:59:59 GMT
Hash 6742622fd8c56312fdeefb1afae72019
f060d7d23c7fbc50993bbf1d4980c0908acfa3e8
68399ccccc0b28cf635b2065f20e239ddbb33cc3a2e755879259e0ab23765795
GET /postback?format=img&sum={replace} HTTP/1.1
Host: m03lm.rdtk.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 400 Bad Request
Server: nginx/1.20.2
Date: Fri, 26 Apr 2024 04:46:12 GMT
Content-Type: application/json
Content-Length: 73
Connection: keep-alive
support.microsoft.com/css/fonts/site-fonts.css?v=ndapaexA03b5YtdesW0qf_tHPN7vVTeLDLflY4uoexQ
2.18.172.114200 OK 360 B URL GET HTTP/2 support.microsoft.com/css/fonts/site-fonts.css?v=ndapaexA03b5YtdesW0qf_tHPN7vVTeLDLflY4uoexQ
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type ASCII text, with very long lines (1789), with no line terminators
Hash 36a2c31f1954d2e8dd7ab64b3ea0b7c7
66ce8a4003fe074d92f5d5c08de790d4e65ed34c
9dd6a969ec40d376f962d75eb16d2a7ffb473cdeef55378b0cb7e5638ba87b14
GET /css/fonts/site-fonts.css?v=ndapaexA03b5YtdesW0qf_tHPN7vVTeLDLflY4uoexQ HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da9686e7d306fd"
last-modified: Wed, 24 Apr 2024 20:35:12 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JPL9PIDU:00000002
x-operationid: d2b4ca27293a6debc1d1db4fc2378146
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 360
cache-control: private, max-age=426
expires: Fri, 26 Apr 2024 04:53:18 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/glyphs/glyphs.css?v=6cSmu08b3cpt8CdeHvUrOG7w7IhEGlNwB2AdwX7xSbU
2.18.172.114200 OK 3.0 kB URL GET HTTP/2 support.microsoft.com/css/glyphs/glyphs.css?v=6cSmu08b3cpt8CdeHvUrOG7w7IhEGlNwB2AdwX7xSbU
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type Unicode text, UTF-8 (with BOM) text, with very long lines (10253), with no line terminators
Hash 48636adb79c8c3722257aa3ba6b6ee15
2d56f155fccbd3fbc4268d19c63fba7ce63232b2
e9c4a6bb4f1bddca6df0275e1ef52b386ef0ec88441a537007601dc17ef149b5
GET /css/glyphs/glyphs.css?v=6cSmu08b3cpt8CdeHvUrOG7w7IhEGlNwB2AdwX7xSbU HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da9687bdce27a4"
last-modified: Wed, 24 Apr 2024 20:41:11 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JSU2QSK2:00000002
x-operationid: b739abd10cb0a47858a422753526b48f
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 3042
cache-control: private, max-age=1172
expires: Fri, 26 Apr 2024 05:05:44 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/Article/css.css?v=PiG1K5O28_MJrxxKMSEZkAAz83Ll48xMog65nTBWJhU
2.18.172.114200 OK 27 kB URL GET HTTP/2 support.microsoft.com/css/Article/css.css?v=PiG1K5O28_MJrxxKMSEZkAAz83Ll48xMog65nTBWJhU
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type Unicode text, UTF-8 (with BOM) text, with very long lines (64795), with no line terminators
Hash 0234943560422c35994ae97078bb3a28
646dd007262e7797c792fc834a9368cdc559c2af
3e21b52b93b6f3f309af1c4a312119900033f372e5e3cc4ca20eb99d30562615
GET /css/Article/css.css?v=PiG1K5O28_MJrxxKMSEZkAAz83Ll48xMog65nTBWJhU HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da968826b427a8"
last-modified: Wed, 24 Apr 2024 20:44:07 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JV6EP2NO:00000002
x-operationid: 73f13afe6ed9ae7c194016d93eb32a17
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 26888
cache-control: private, max-age=715
expires: Fri, 26 Apr 2024 04:58:07 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/Article/officeShared.css?v=A4_7TMcrQ0n6vBJStacalKhpVNwsoNRpXkktRcV8MWU
2.18.172.114200 OK 626 B URL GET HTTP/2 support.microsoft.com/css/Article/officeShared.css?v=A4_7TMcrQ0n6vBJStacalKhpVNwsoNRpXkktRcV8MWU
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type ASCII text, with very long lines (1194), with no line terminators
Hash 8b0b345ff0fcdabbdb6be5d760b1ce07
8e74f1a21ef56b0fbbe06a4008023e06f8af6786
038ffb4cc72b4349fabc1252b5a71a94a86954dc2ca0d4695e492d45c57c3165
GET /css/Article/officeShared.css?v=A4_7TMcrQ0n6vBJStacalKhpVNwsoNRpXkktRcV8MWU HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da968826b5812a"
last-modified: Wed, 24 Apr 2024 20:44:07 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JV6EP77B:00000002
x-operationid: 756ca237214a5d37c29b29d609f3dfaa
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 626
cache-control: private, max-age=3596
expires: Fri, 26 Apr 2024 05:46:08 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/Article/article.css?v=-OJaypRpKt4uk-zq9ueLKkYEBHxo1ocdJ8GzWJTLWrI
2.18.172.114200 OK 25 kB URL GET HTTP/2 support.microsoft.com/css/Article/article.css?v=-OJaypRpKt4uk-zq9ueLKkYEBHxo1ocdJ8GzWJTLWrI
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65511), with no line terminators
Hash f12733c5da7923d982ef110c16700af9
5ea567915d13f3f24e3b63d4c5e7253645351ef5
f8e25aca94692ade2e93eceaf6e78b2a4604047c68d6871d27c1b35894cb5ab2
GET /css/Article/article.css?v=-OJaypRpKt4uk-zq9ueLKkYEBHxo1ocdJ8GzWJTLWrI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da9686e73bf37e"
last-modified: Wed, 24 Apr 2024 20:35:11 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JPL9PLJO:00000003
x-operationid: 7fccd81c167befe3dbefe776d0f379a1
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 25042
cache-control: private, max-age=2249
expires: Fri, 26 Apr 2024 05:23:41 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/lib/ucs/dist/ucsCreativeService.js?v=Xoy5TlH5ODlsYqqzeOnM642UwAhzAIQYiqwgfoFRaX4
2.18.172.114200 OK 235 kB URL GET HTTP/2 support.microsoft.com/lib/ucs/dist/ucsCreativeService.js?v=Xoy5TlH5ODlsYqqzeOnM642UwAhzAIQYiqwgfoFRaX4
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type JavaScript source, ASCII text, with very long lines (65460)
Size 235 kB (235067 bytes)
Hash 0848b540e7cefa19b6b90711e600470e
15a6d705e861bdbd6e4620f3982c4cdd6581bcd5
5e8cb94e51f938396c62aab378e9cceb8d94c008730084188aac207e8151697e
GET /lib/ucs/dist/ucsCreativeService.js?v=Xoy5TlH5ODlsYqqzeOnM642UwAhzAIQYiqwgfoFRaX4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da968751e303a1"
last-modified: Wed, 24 Apr 2024 20:38:10 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JRAKQBVI:00000002
x-operationid: 70087af450140e1cc20177be7ef83d1c
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 235067
cache-control: private, max-age=77
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/lib/jquery/dist/jquery.min.js?v=9_aliU8dGd2tb6OSsuzixeV4y_faTqgFtohetphbbj0
2.18.172.114200 OK 39 kB URL GET HTTP/2 support.microsoft.com/lib/jquery/dist/jquery.min.js?v=9_aliU8dGd2tb6OSsuzixeV4y_faTqgFtohetphbbj0
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type JavaScript source, ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /lib/jquery/dist/jquery.min.js?v=9_aliU8dGd2tb6OSsuzixeV4y_faTqgFtohetphbbj0 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da9686e99d9e04"
last-modified: Wed, 24 Apr 2024 20:35:15 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JPKTC315:00000002
x-operationid: 57aa37b93e0e485a3ee8ff22f3f136d9
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 39223
cache-control: private, max-age=150
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/lib/oneds/dist/ms.analytics-web-4.0.2.min.js?v=O7wAAOKAVN2-OLLnoh3KjWb9pW6khEi85GWLxrUYqXA
2.18.172.114200 OK 70 kB URL GET HTTP/2 support.microsoft.com/lib/oneds/dist/ms.analytics-web-4.0.2.min.js?v=O7wAAOKAVN2-OLLnoh3KjWb9pW6khEi85GWLxrUYqXA
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type JavaScript source, ASCII text, with very long lines (65398)
Hash 107489d1ed6be77bfd69ebe4d7b52b6d
fd56df206a1dd0223d6d18adac841582282a346e
3bbc0000e28054ddbe38b2e7a21dca8d66fda56ea48448bce4658bc6b518a970
GET /lib/oneds/dist/ms.analytics-web-4.0.2.min.js?v=O7wAAOKAVN2-OLLnoh3KjWb9pW6khEi85GWLxrUYqXA HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da968677c633d9"
last-modified: Wed, 24 Apr 2024 20:32:04 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JOHA9FU0:00000004
x-operationid: 3f6f7a4a1d5111d87ad4f2a258634758
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 69736
cache-control: private, max-age=40
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
thuwin7.z13.web.core.windows.net/_Fm7-alert.mp3
52.239.221.65206 Partial Content 201 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/_Fm7-alert.mp3
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type Audio file with ID3 version 2.3.0, contains:
- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural
Size 201 kB (200832 bytes)
Hash 0116152611dd51432e852781f8cc7e82
2408d3d281b25649894f78a4e19f7f8a8ac735f9
fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65
Analyzer Verdict Alert OpenPhish phishing Office365
GET /_Fm7-alert.mp3 HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Length: 200832
Content-Type: audio/mpeg
Content-Range: bytes 0-200831/200832
Last-Modified: Thu, 25 Apr 2024 19:23:20 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2AB6D21F"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4bc315ab-801e-0026-3194-9763c7000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
thuwin7.z13.web.core.windows.net/main.js
52.239.221.65200 OK 1.4 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/main.js
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type JavaScript source, ASCII text, with CRLF line terminators
Hash da6aacc1ca8eaa4902d9fee5c9c984b7
a06f41817583ce6182dd7121460c0bd16ea8b088
989120d05b8f3d703fd6e63b49b94845d7e038d536dd27723619e1f00623683f
Analyzer Verdict Alert OpenPhish phishing Office365
GET /main.js HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1358
Content-Type: text/javascript
Content-MD5: 2mqswcqOqkkC2f7lycmEtw==
Last-Modified: Thu, 25 Apr 2024 19:23:21 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2B344EA6"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f1aa9460-b01e-003d-2394-975dc4000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
thuwin7.z13.web.core.windows.net/scripts.js
52.239.221.65200 OK 464 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/scripts.js
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type JavaScript source, ASCII text
Hash 2856b9008b89d67be19d586e43ae8521
d47ac3f1328fb58b19584d77d2e3acc93663fb10
19e9aaa12f8478366b3707ff49b0e3cfc4818f9343b48f5d43890c943d1b1a3d
Analyzer Verdict Alert OpenPhish phishing Office365
GET /scripts.js HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 464
Content-Type: text/javascript
Content-MD5: KFa5AIuJ1nvhnVhuQ66FIQ==
Last-Modified: Thu, 25 Apr 2024 19:23:22 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2BC2CF0D"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aaa01822-901e-0015-4f94-973c6c000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:11 GMT
thuwin7.z13.web.core.windows.net/speech.mp3
52.239.221.65416 The range specified is invalid for the current size of the resource. 340 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/speech.mp3
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type HTML document, ASCII text, with very long lines (340), with no line terminators
Hash 4ca58d03b649f662a5abd253299d09cc
8ed1e46d9ca110177f749a1f4c7239513843a697
8d2c3d24c8707a589cf997e89c349f4d944357249f600669fa02754de27bbf6f
Analyzer Verdict Alert OpenPhish phishing Office365
GET /speech.mp3 HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 416 The range specified is invalid for the current size of the resource.
Content-Length: 340
Content-Type: text/html
Content-Range: bytes */0
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: InvalidRange
x-ms-request-id: 53e17d90-201e-0000-2294-972bdf000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
support.microsoft.com/css/landingpage/landing-page.min.css?v=bsypBN5WVpDzG6HXOSaBmAWvfrY4Mb4yjRW7upsgLDw
2.18.172.114200 OK 16 kB URL GET HTTP/2 support.microsoft.com/css/landingpage/landing-page.min.css?v=bsypBN5WVpDzG6HXOSaBmAWvfrY4Mb4yjRW7upsgLDw
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type Unicode text, UTF-8 text, with very long lines (64025)
Hash 292f566c910a37fdd1f543abb604a1d7
bc7e96bde6577542ccb9aa46f56a485d75206885
6ecca904de565690f31ba1d73926819805af7eb63831be328d15bbba9b202c3c
GET /css/landingpage/landing-page.min.css?v=bsypBN5WVpDzG6HXOSaBmAWvfrY4Mb4yjRW7upsgLDw HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da9686785cd280"
last-modified: Wed, 24 Apr 2024 20:32:05 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JOH6R9U6:00000002
x-operationid: 64abd55ed71ae94b10044f5914f6232a
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 15778
cache-control: private, max-age=145
expires: Fri, 26 Apr 2024 04:48:37 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4
2.18.172.114200 OK 814 B URL GET HTTP/2 support.microsoft.com/css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type ASCII text, with very long lines (2230), with no line terminators
Hash 4d56af8acf934242a6d0c2d5fd5785e1
9d58373c57c53221c4762b87bdc186f6e38384d0
6f26f0cc605a8c789c557b2956ce78d147d5d2cc16d2f09b3a606306bca3f4de
GET /css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da9687bdce0536"
last-modified: Wed, 24 Apr 2024 20:41:11 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JSU2QQON:00000002
x-operationid: 274707d923da5b8c4b0365f3b46cde18
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 814
cache-control: private, max-age=524
expires: Fri, 26 Apr 2024 04:54:56 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/sitewide/articleCss-overwrite.css?v=O7yu2Cg-qoAsBvhGS48yhf2mlOxS_rhyTDcV3OMUiJ4
2.18.172.114200 OK 768 B URL GET HTTP/2 support.microsoft.com/css/sitewide/articleCss-overwrite.css?v=O7yu2Cg-qoAsBvhGS48yhf2mlOxS_rhyTDcV3OMUiJ4
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type ASCII text, with very long lines (3080), with no line terminators
Hash 5948bdfe0605dacd8281f30e29d2f36f
251ea6b3194850ac193dc231c19eb214bd058519
3bbcaed8283eaa802c06f8464b8f3285fda694ec52feb8724c3715dce314889e
GET /css/sitewide/articleCss-overwrite.css?v=O7yu2Cg-qoAsBvhGS48yhf2mlOxS_rhyTDcV3OMUiJ4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da968826b58988"
last-modified: Wed, 24 Apr 2024 20:44:07 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JV6EP4VK:00000003
x-operationid: 3b130a9a5e15073ec432536548a4a33c
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 768
cache-control: private, max-age=1867
expires: Fri, 26 Apr 2024 05:17:19 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U
2.18.172.114200 OK 1.3 kB URL GET HTTP/2 support.microsoft.com/css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type ASCII text, with very long lines (4873), with no line terminators
Hash ed927cf0f8a1be103df48446270416ee
f7b2be7fc2b063aac03e76df9f3e19d615970213
ebdd298dfd39a35e5f54469f12953081a17cbea55f3a4a79c0fd4997d804f7d5
GET /css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da968751531d89"
last-modified: Wed, 24 Apr 2024 20:38:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JRAKPSPK:00000002
x-operationid: d726fd3caebc998c0c03abb2fa36b6e8
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1320
cache-control: private, max-age=780
expires: Fri, 26 Apr 2024 04:59:12 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/Support.Main.min.js?v=95eIH6oBOxiZbGB2ohOX2DGM9f0xuWWf2WBZLxh3z64
2.18.172.114200 OK 24 kB URL GET HTTP/2 support.microsoft.com/js/Support.Main.min.js?v=95eIH6oBOxiZbGB2ohOX2DGM9f0xuWWf2WBZLxh3z64
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (56143)
Hash e9ed45828a949a28f4649e3d60fd988d
cb7dd7dcd50aa7d58c60def4e9affc94cf86899f
f797881faa013b18996c6076a21397d8318cf5fd31b9659fd960592f1877cfae
GET /js/Support.Main.min.js?v=95eIH6oBOxiZbGB2ohOX2DGM9f0xuWWf2WBZLxh3z64 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da9686785dcb02"
last-modified: Wed, 24 Apr 2024 20:32:05 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JOH6REN4:00000003
x-operationid: 1ecde6d6327c803046e8583219615e0a
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 24432
cache-control: private, max-age=3115
expires: Fri, 26 Apr 2024 05:38:07 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/SilentSignInManager.Main.min.js?v=l3zJiCulB2MzPfZOmNJrw8YKFdbvpKLB_nBXmYXt34Q
2.18.172.114200 OK 20 kB URL GET HTTP/2 support.microsoft.com/js/SilentSignInManager.Main.min.js?v=l3zJiCulB2MzPfZOmNJrw8YKFdbvpKLB_nBXmYXt34Q
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (45900)
Hash f00cfba8f9859dfefdfe90ea520c6fcf
b32e153588a287de81050e327eb5bd7a90b04d99
977cc9882ba50763333df64e98d26bc3c60a15d6efa4a2c1fe70579985eddf84
GET /js/SilentSignInManager.Main.min.js?v=l3zJiCulB2MzPfZOmNJrw8YKFdbvpKLB_nBXmYXt34Q HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da9687bc04f98b"
last-modified: Wed, 24 Apr 2024 20:41:08 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JT065T7V:00000003
x-operationid: d9342636835dce1fe482c084d1d20beb
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 20088
cache-control: private, max-age=1636
expires: Fri, 26 Apr 2024 05:13:28 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/feedback.js?v=vbvaO9lwMf9by3a0J9Ls2cRheSLDhg9mLlH7GKxcxZE
2.18.172.114200 OK 6.5 kB URL GET HTTP/2 support.microsoft.com/js/feedback.js?v=vbvaO9lwMf9by3a0J9Ls2cRheSLDhg9mLlH7GKxcxZE
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type JavaScript source, ASCII text, with CRLF line terminators
Hash c49c34ee38f103bcb82f58ded32f57db
757c8ce6d92102903f636c20b70e414a5e9a2e20
bdbbda3bd97031ff5bcb76b427d2ecd9c4617922c3860f662e51fb18ac5cc591
GET /js/feedback.js?v=vbvaO9lwMf9by3a0J9Ls2cRheSLDhg9mLlH7GKxcxZE HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da9686e7d354df"
last-modified: Wed, 24 Apr 2024 20:35:12 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JPL9PK39:00000002
x-operationid: 05c4972edc0f87046f597294af0bcfd9
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 6516
cache-control: private, max-age=1133
expires: Fri, 26 Apr 2024 05:05:05 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/shimmerExperiment.Main.min.js?v=srYmQ6fE_kpOEpNK2BnwKTzAAYG3jYCRr__zYXzrlrE
2.18.172.114200 OK 347 B URL GET HTTP/2 support.microsoft.com/js/shimmerExperiment.Main.min.js?v=srYmQ6fE_kpOEpNK2BnwKTzAAYG3jYCRr__zYXzrlrE
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type JavaScript source, ASCII text, with very long lines (503)
Hash a3bc5418f2834309ce2918b15f3b8eea
62ba2712c6d4960f1057e103f6e1f3c95f2c701b
b2b62643a7c4fe4a4e12934ad819f0293cc00181b78d8091affff3617ceb96b1
GET /js/shimmerExperiment.Main.min.js?v=srYmQ6fE_kpOEpNK2BnwKTzAAYG3jYCRr__zYXzrlrE HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da9687bc04482e"
last-modified: Wed, 24 Apr 2024 20:41:08 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JT065UQ0:00000005
x-operationid: cb7d06ec8eebb1838339ce0fe3668dd3
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 347
cache-control: private, max-age=2763
expires: Fri, 26 Apr 2024 05:32:15 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/PromotionBanner.Main.min.js?v=lp-oElF56fHcgXg3_3136ma6-dIh4myKxYmYJw5UxKk
2.18.172.114200 OK 1.5 kB URL GET HTTP/2 support.microsoft.com/js/PromotionBanner.Main.min.js?v=lp-oElF56fHcgXg3_3136ma6-dIh4myKxYmYJw5UxKk
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type JavaScript source, ASCII text, with very long lines (3771)
Hash 3ac61fd106dd3e7bcf5701d2b67bf612
f1c42d74cc3cdd638a95e40be4f42494adcdf515
969fa8125179e9f1dc817837ff7d77ea66baf9d221e26c8ac58998270e54c4a9
GET /js/PromotionBanner.Main.min.js?v=lp-oElF56fHcgXg3_3136ma6-dIh4myKxYmYJw5UxKk HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da96882917d170"
last-modified: Wed, 24 Apr 2024 20:44:11 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JV6JQAAK:00000002
x-operationid: 9ec1c5190793dbe0c7ac8cd1d6bfd084
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1501
cache-control: private, max-age=598
expires: Fri, 26 Apr 2024 04:56:10 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
thuwin7.z13.web.core.windows.net/jquery.min.js
52.239.221.65200 OK 85 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/jquery.min.js
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type JavaScript source, ASCII text, with very long lines (32478)
Hash 20c129bedb4a26db02fc0f54d026c3f5
093b9d2728788de24a728742070a348b2848573f
436ecc90fab5ed1034b68a4a0e924e0132d93d9e7fb59b4fe23018eb7d9242c1
Analyzer Verdict Alert OpenPhish phishing Office365
GET /jquery.min.js HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 84817
Content-Type: text/javascript
Content-MD5: IMEpvttKJtsC/A9U0CbD9Q==
Last-Modified: Thu, 25 Apr 2024 19:23:21 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2B2A47CF"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 120898ee-401e-0064-3994-97da47000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:11 GMT
thuwin7.z13.web.core.windows.net/bootstrap.min.js
52.239.221.65200 OK 60 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/bootstrap.min.js
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type JavaScript source, ASCII text, with very long lines (59765)
Hash 02d223393e00c273efdcb1ade8f4f8b1
0cc93b8421d89c24a889642428b363cb831de78a
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
Analyzer Verdict Alert OpenPhish phishing Office365
GET /bootstrap.min.js HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 60044
Content-Type: text/javascript
Content-MD5: AtIjOT4AwnPv3LGt6PT4sQ==
Last-Modified: Thu, 25 Apr 2024 19:23:19 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2A6EF659"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aaa01816-901e-0015-4394-973c6c000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:11 GMT
support.microsoft.com/js/Article.Main.min.js?v=hEaMyxm8oJPvp5yaC8dftJhgRysY7uGxzJ1zallHI28
2.18.172.114200 OK 5.7 kB URL GET HTTP/2 support.microsoft.com/js/Article.Main.min.js?v=hEaMyxm8oJPvp5yaC8dftJhgRysY7uGxzJ1zallHI28
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type JavaScript source, ASCII text, with very long lines (15362)
Hash 62d0603255799b2717f54159c276af48
97056df066cb1687d7998f4186d3d06c3797eca9
84468ccb19bca093efa79c9a0bc75fb49860472b18eee1b1cc9d736a5947236f
GET /js/Article.Main.min.js?v=hEaMyxm8oJPvp5yaC8dftJhgRysY7uGxzJ1zallHI28 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da9687528407af"
last-modified: Wed, 24 Apr 2024 20:38:11 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JRAUCP72:00000002
x-operationid: 4f582cb7fe786e119b2e1763b4a0c563
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 5730
cache-control: private, max-age=3197
expires: Fri, 26 Apr 2024 05:39:29 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/29-591900/68-c3a397/f4-0855a6/a8-3dc4a6/f1-3221a1/dc-d4cb46/1f-806835/7a-c9e644?ver=2.0&_cf=20210618
2.18.173.151200 OK 23 kB URL GET HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/29-591900/68-c3a397/f4-0855a6/a8-3dc4a6/f1-3221a1/dc-d4cb46/1f-806835/7a-c9e644?ver=2.0&_cf=20210618
IP 2.18.173.151:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectwww.microsoft.com
FingerprintE1:57:9B:A5:51:25:CE:C3:A7:8E:39:F5:5C:F8:1D:A8:BF:A9:4F:88
ValidityThu, 14 Sep 2023 17:24:20 GMT - Sun, 08 Sep 2024 17:24:20 GMT
File type Unicode text, UTF-8 text, with very long lines (64241)
Hash b7af9fb8eb3f12d3baa37641537bedc2
a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4
928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71
GET /onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/29-591900/68-c3a397/f4-0855a6/a8-3dc4a6/f1-3221a1/dc-d4cb46/1f-806835/7a-c9e644?ver=2.0&_cf=20210618 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 26 Mar 2024 00:24:53 GMT
x-activity-id: 06c822fd-8249-4ab6-a7b0-3146ee74fdba
x-appversion: 1.0.8823.42235
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odwestcentralus, dt: 2018-05-03T20:14:23.4188992Z, bt: 2024-02-28T08:27:50.0000000Z}
ms-operation-id: 7710a3d30eba16489a4331717c4937c0
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2024-03-26T00:24:53
x-s2: 2024-03-26T00:24:53
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
x-azure-ref: 20240326T063233Z-z0hg63zc0x7k91z6mmes18ew3400000000qg000000002g8p
accept-ranges: bytes
content-encoding: gzip
content-length: 22747
ak-forward-host:
cache-control: public, max-age=28841933
expires: Wed, 26 Mar 2025 00:25:05 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV493246bb.0
ms-cv-esi: CASMicrosoftCV493246bb.0
x-rtag: RT
X-Firefox-Spdy: h2
thuwin7.z13.web.core.windows.net/bg1.jpg
52.239.221.65200 OK 0 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/bg1.jpg
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert OpenPhish phishing Office365
GET /bg1.jpg HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: image/jpeg
Content-MD5: 1B2M2Y8AsgTpgAmY7PhCfg==
Last-Modified: Thu, 25 Apr 2024 19:23:19 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2A4A3290"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4bc3180c-801e-0026-7094-9763c7000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
thuwin7.z13.web.core.windows.net/bg2.jpg
52.239.221.65200 OK 0 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/bg2.jpg
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert OpenPhish phishing Office365
GET /bg2.jpg HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: image/jpeg
Content-MD5: 1B2M2Y8AsgTpgAmY7PhCfg==
Last-Modified: Thu, 25 Apr 2024 19:23:19 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2A4B69AE"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f1aa95c5-b01e-003d-6e94-975dc4000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
thuwin7.z13.web.core.windows.net/microsoft.png
52.239.221.65200 OK 1.0 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/microsoft.png
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert OpenPhish phishing Office365
GET /microsoft.png HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1045
Content-Type: image/png
Content-MD5: vytGBZD7udjpYRpukAa4Fg==
Last-Modified: Thu, 25 Apr 2024 19:23:21 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2B5435E6"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aaa01920-901e-0015-3e94-973c6c000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
thuwin7.z13.web.core.windows.net/minimize.jpg
52.239.221.65200 OK 17 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/minimize.jpg
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3
Hash 4bf52eb9b3efce840add1a90d83a40e5
6348a7617dfce3165e07af53a48df7892d62ffe1
a85f1e749a829c5c909837844c6b53ce0a9ae2adb7c8eac0e7b96c372c679a0d
Analyzer Verdict Alert OpenPhish phishing Office365
GET /minimize.jpg HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 17173
Content-Type: image/jpeg
Content-MD5: S/UuubPvzoQK3RqQ2DpA5Q==
Last-Modified: Thu, 25 Apr 2024 19:23:21 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2B7616BC"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 53e17ea1-201e-0000-2694-972bdf000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
support.microsoft.com/js/MeControlCallout.Main.min.js?v=tLNC8gJXmcpgKnVZCzJOdJOwkDcmcgvOTKeTIHyDJVw
2.18.172.114200 OK 1.2 kB URL GET HTTP/2 support.microsoft.com/js/MeControlCallout.Main.min.js?v=tLNC8gJXmcpgKnVZCzJOdJOwkDcmcgvOTKeTIHyDJVw
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type JavaScript source, ASCII text, with very long lines (2674)
Hash 468d4acc570cffc7101ac8a63514ad31
6983e89b6ec798b5b8c2b3b76d9311808437b572
b4b342f2025799ca602a75590b324e7493b0903726720bce4ca793207c83255c
GET /js/MeControlCallout.Main.min.js?v=tLNC8gJXmcpgKnVZCzJOdJOwkDcmcgvOTKeTIHyDJVw HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da9686785d1a28"
last-modified: Wed, 24 Apr 2024 20:32:05 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JOH6RE87:00000002
x-operationid: 73cf8f505e37a1f252a0dfffd1db6d9d
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1178
cache-control: private, max-age=2615
expires: Fri, 26 Apr 2024 05:29:47 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/d6-d6e6df/89-746ba4/df-3feeb0/f5-14aef8/bd-f5f332/27-13b2c3/e9-07937b/33-b505e5/fa-7a47db/6e-e2d05f/74-0b2d48/88-5b9b75/1b-240b37/4e-8e1a50/c2-370434/6f-bf5d0f/ea-315ddf/2e-e273bf/17-02d9ee/cf-2a93c7/c0-2ffa80/77-785548/48-4f52bb/3c-6c8ad0/3a-0d7cd3/5f-7d882b/c1-621df2/38-e8e647/17-c82a09/85-bd536d/44-776362/f8-86938e/61-951d1b/39-3d9dc2/81-96da47/ec-e44e19/6c-7627b9?ver=2.0&_cf=20210618&iife=1
2.18.173.151200 OK 36 kB URL GET HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/d6-d6e6df/89-746ba4/df-3feeb0/f5-14aef8/bd-f5f332/27-13b2c3/e9-07937b/33-b505e5/fa-7a47db/6e-e2d05f/74-0b2d48/88-5b9b75/1b-240b37/4e-8e1a50/c2-370434/6f-bf5d0f/ea-315ddf/2e-e273bf/17-02d9ee/cf-2a93c7/c0-2ffa80/77-785548/48-4f52bb/3c-6c8ad0/3a-0d7cd3/5f-7d882b/c1-621df2/38-e8e647/17-c82a09/85-bd536d/44-776362/f8-86938e/61-951d1b/39-3d9dc2/81-96da47/ec-e44e19/6c-7627b9?ver=2.0&_cf=20210618&iife=1
IP 2.18.173.151:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectwww.microsoft.com
FingerprintE1:57:9B:A5:51:25:CE:C3:A7:8E:39:F5:5C:F8:1D:A8:BF:A9:4F:88
ValidityThu, 14 Sep 2023 17:24:20 GMT - Sun, 08 Sep 2024 17:24:20 GMT
File type JavaScript source, ASCII text, with very long lines (42133)
Hash b9c3e4320db870036919f1ee117bda6e
29b5a9066b5b1f1fe5afe7ee986e80a49e86606a
a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48
GET /onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/d6-d6e6df/89-746ba4/df-3feeb0/f5-14aef8/bd-f5f332/27-13b2c3/e9-07937b/33-b505e5/fa-7a47db/6e-e2d05f/74-0b2d48/88-5b9b75/1b-240b37/4e-8e1a50/c2-370434/6f-bf5d0f/ea-315ddf/2e-e273bf/17-02d9ee/cf-2a93c7/c0-2ffa80/77-785548/48-4f52bb/3c-6c8ad0/3a-0d7cd3/5f-7d882b/c1-621df2/38-e8e647/17-c82a09/85-bd536d/44-776362/f8-86938e/61-951d1b/39-3d9dc2/81-96da47/ec-e44e19/6c-7627b9?ver=2.0&_cf=20210618&iife=1 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Wed, 17 Jan 2024 22:30:34 GMT
x-activity-id: 246a010f-d3ad-44e4-babb-d471f27afa0c
x-appversion: 1.0.8745.29656
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-12-12T00:28:32.0000000Z}
ms-operation-id: a2913d150cfe9e45ac69fffd9f385eb7
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2024-01-17T22:30:34
x-s2: 2024-01-17T22:30:34
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 36102
cache-control: public, max-age=22959867
expires: Thu, 16 Jan 2025 22:30:39 GMT
date: Fri, 26 Apr 2024 04:46:12 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4932479b.0
ms-cv-esi: CASMicrosoftCV4932479b.0
x-rtag: RT
X-Firefox-Spdy: h2
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
95.101.11.74200 OK 4.1 kB URL GET HTTP/2 img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
IP 95.101.11.74:443
ASN #20940 Akamai International B.V.
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
Hash 9f14c20150a003d7ce4de57c298f0fba
daa53cf17cc45878a1b153f3c3bf47dc9669d78f
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
GET /cms/api/am/imageFileData/RE1Mu3b?ver=5c31 HTTP/1.1
Host: img-prod-cms-rt-microsoft-com.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
last-modified: Fri, 29 Mar 2024 02:43:56 GMT
x-source-length: 4054
x-datacenter: eastus
x-activityid: 589f0591-2c36-4efd-9682-14f010bee537
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 4054
cache-control: public, max-age=338355
expires: Tue, 30 Apr 2024 02:45:28 GMT
date: Fri, 26 Apr 2024 04:46:13 GMT
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
X-Firefox-Spdy: h2
thuwin7.z13.web.core.windows.net/qsbs-firewall.png
52.239.221.65200 OK 920 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/qsbs-firewall.png
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type PNG image data, 77 x 63, 8-bit colormap, non-interlaced
Hash b0495ede4c875843fec037c794e9ff9a
c813aefba255a5cc53aea7811f987ccb551c3128
52b762d47c066e16300675d56cc359b504ffd3239438c96eb973864311bb7b79
Analyzer Verdict Alert OpenPhish phishing Office365
GET /qsbs-firewall.png HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 920
Content-Type: image/png
Content-MD5: sEle3kyHWEP+wDfHlOn/mg==
Last-Modified: Thu, 25 Apr 2024 19:23:21 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2B81F048"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aaa01998-901e-0015-2f94-973c6c000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
thuwin7.z13.web.core.windows.net/kxFy-clip.png
52.239.221.65200 OK 542 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/kxFy-clip.png
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type PNG image data, 66 x 68, 8-bit colormap, non-interlaced
Hash 0e9558d2d6e8000ce5c6c749c8fc67c2
f7ba9490807ef70bb6195150d6287cd54b7fefd0
91fb42a68a122344fd78cfd5f0cf9d06ff6d307fd4a5c68f40231c5950ece9a1
Analyzer Verdict Alert OpenPhish phishing Office365
GET /kxFy-clip.png HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 542
Content-Type: image/png
Content-MD5: DpVY0tboAAzlxsdJyPxnwg==
Last-Modified: Thu, 25 Apr 2024 19:23:20 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2B077D9B"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 120899a5-401e-0064-5894-97da47000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
13.107.246.53200 OK 82 kB URL GET HTTP/2 wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
IP 13.107.246.53:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerDigiCert Inc
Subjectwcpstatic.microsoft.com
Fingerprint96:4B:57:E4:81:B4:75:FB:18:73:3C:6F:4F:0B:DF:5B:6B:17:F8:E7
ValidityThu, 07 Dec 2023 00:00:00 GMT - Sat, 07 Dec 2024 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (63888), with no line terminators
Hash 5f524e20ce61f542125454baf867c47b
7e9834fd30dcfd27532ce79165344a438c31d78b
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
GET /mscc/lib/v2/wcp-consent.js HTTP/1.1
Host: wcpstatic.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:13 GMT
content-type: application/javascript
content-length: 81726
content-encoding: gzip
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 283
cache-control: max-age=43200
content-md5: X1JOIM5h9UISVFS6+GfEew==
etag: 0x8DA85F6EA62BF74
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 945e3897-701e-00a3-6f94-97829f000000
x-ms-version: 2009-09-19
x-azure-ref: 20240426T044613Z-16c4f695cc528cbmd0ku63snec00000008ag0000000031kc
accept-ranges: bytes
X-Firefox-Spdy: h2
thuwin7.z13.web.core.windows.net/s-S4-acc.png
52.239.221.65200 OK 813 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/s-S4-acc.png
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type PNG image data, 77 x 72, 8-bit colormap, non-interlaced
Hash d648c1837d01495eccd63e053491f72a
991d8f6c72777239472410d6129fd5f25ed9d134
9edbf56b360080f5d6765dce77353b8130e9f8316ad34c68f6c2792cdc446321
Analyzer Verdict Alert OpenPhish phishing Office365
GET /s-S4-acc.png HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 813
Content-Type: image/png
Content-MD5: 1kjBg30BSV7M1j4FNJH3Kg==
Last-Modified: Thu, 25 Apr 2024 19:23:21 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2BA3D120"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4bc31937-801e-0026-0794-9763c7000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
thuwin7.z13.web.core.windows.net/-EBq-current.png
52.239.221.65200 OK 1.2 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/-EBq-current.png
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type PNG image data, 27 x 28, 8-bit colormap, non-interlaced
Hash 35629cc2adc804353a548305f1217206
cda6e89c5f6a644683aea6999a5d11e00dc64275
c1d52e31f7fc13cbb3efca8b0ec937ddd97a5ec545c4dad26193429db10d8662
Analyzer Verdict Alert OpenPhish phishing Office365
GET /-EBq-current.png HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1162
Content-Type: image/png
Content-MD5: NWKcwq3IBDU6VIMF8SFyBg==
Last-Modified: Thu, 25 Apr 2024 19:23:19 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2A4A8058"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 53e17f5c-201e-0000-4f94-972bdf000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
thuwin7.z13.web.core.windows.net/Z5BR-network.png
52.239.221.65200 OK 607 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/Z5BR-network.png
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type PNG image data, 63 x 70, 8-bit colormap, non-interlaced
Hash 2cd03a547f00cad010f9038619df45de
912f919836a77a514c76b990aceaf5e930a24024
c56a8ae4818963e0d71eda4ebf46b4f2cdd3a238537dc8e99711fb690d272a73
Analyzer Verdict Alert OpenPhish phishing Office365
GET /Z5BR-network.png HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 607
Content-Type: image/png
Content-MD5: LNA6VH8AytAQ+QOGGd9F3g==
Last-Modified: Thu, 25 Apr 2024 19:23:22 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2C0FAE40"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f1aa966c-b01e-003d-0894-975dc4000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
thuwin7.z13.web.core.windows.net/uZbx-si.png
52.239.221.65200 OK 5.4 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/uZbx-si.png
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type PNG image data, 42 x 702, 8-bit grayscale, non-interlaced
Hash 51147eb9734c3c0caf22aa77a80d96f0
dc33807cd0c0c35bb98d8e23efe2d625137a43f5
92d8510869b3d581401a93130fa72e4b54c5bf28dc8005994c5248d9afbfc37b
Analyzer Verdict Alert OpenPhish phishing Office365
GET /uZbx-si.png HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 5377
Content-Type: image/png
Content-MD5: URR+uXNMPAyvIqp3qA2W8A==
Last-Modified: Thu, 25 Apr 2024 19:23:22 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2BF28304"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aaa019bf-901e-0015-5194-973c6c000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
thuwin7.z13.web.core.windows.net/nOxp-sett.png
52.239.221.65200 OK 463 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/nOxp-sett.png
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type PNG image data, 33 x 31, 8-bit colormap, non-interlaced
Hash 905d91c276116928fa306ea732723fa9
092604f6a8786e46a7dee06065d29d2896fcf568
9cffd13c2ce05ebe032709a88fa59504e1218a12b175ec40d5aab280c18be51e
Analyzer Verdict Alert OpenPhish phishing Office365
GET /nOxp-sett.png HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 463
Content-Type: image/png
Content-MD5: kF2RwnYRaSj6MG6nMnI/qQ==
Last-Modified: Thu, 25 Apr 2024 19:23:21 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2B8106ED"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aaa019f1-901e-0015-7f94-973c6c000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
thuwin7.z13.web.core.windows.net/re.gif
52.239.221.65200 OK 15 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/re.gif
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type GIF image data, version 89a, 193 x 71
Hash 6fcb78e0cd7933a70eea2cf071f82118
70364bffd62fe33360abe70ecc7f7c0541b3b54c
4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86
Analyzer Verdict Alert OpenPhish phishing Office365
GET /re.gif HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 14751
Content-Type: image/gif
Content-MD5: b8t44M15M6cO6izwcfghGA==
Last-Modified: Thu, 25 Apr 2024 19:23:21 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2BA3AA39"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4bc319e8-801e-0026-3294-9763c7000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
support.microsoft.com/css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI
2.18.172.114200 OK 654 B URL GET HTTP/2 support.microsoft.com/css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type ASCII text, with very long lines (1877), with no line terminators
Hash dcd61ee564f0aaa6f4304f2b12fa08b9
114bb27fb0b7127541b5db9f33ed2cc1ea42c101
7ede728a94fe48f55ce32325e302bd3e73135ea85552b5096683d056b6038d42
GET /css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da968677c47d55"
last-modified: Wed, 24 Apr 2024 20:32:04 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JOHA9DMP:00000002
x-operationid: c1e114655c54ceed64492f1cc9a91f2b
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 654
cache-control: private, max-age=1576
expires: Fri, 26 Apr 2024 05:12:29 GMT
date: Fri, 26 Apr 2024 04:46:13 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI
2.18.172.114200 OK 1.5 kB URL GET HTTP/2 support.microsoft.com/css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type ASCII text, with very long lines (4370), with no line terminators
Hash 5f05b23bad0f2d477c4e6b9266f99a74
e6cc0be0a86b8330b4fd16ce8eb27614fb313b40
70099f944ddce86c3b9e24ce88c3c489ef4c63cef20c4da64a5dc33bbfe36512
GET /css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da968751531f92"
last-modified: Wed, 24 Apr 2024 20:38:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JRAKQC86:00000002
x-operationid: 35a5441d66a82329a35beafe797c6ca5
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1492
cache-control: private, max-age=3290
expires: Fri, 26 Apr 2024 05:41:03 GMT
date: Fri, 26 Apr 2024 04:46:13 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=xyG63Bj9vxUihHD_jCNKMNtbuM2dcQOR-mljcLVR9rM
2.18.172.114200 OK 535 B URL GET HTTP/2 support.microsoft.com/css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=xyG63Bj9vxUihHD_jCNKMNtbuM2dcQOR-mljcLVR9rM
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type ASCII text, with very long lines (1685), with no line terminators
Hash 7e9edaa648ac5bbd2afb55847cdcdcf7
67644113fc5debc0131513c92f571ac7e876f2a5
c721badc18fdbf15228470ff8c234a30db5bb8cd9d710391fa696370b551f6b3
GET /css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=xyG63Bj9vxUihHD_jCNKMNtbuM2dcQOR-mljcLVR9rM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1da9686785d1615"
last-modified: Wed, 24 Apr 2024 20:32:05 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HN34JOH6REN4:00000004
x-operationid: 95ebc561bcdc0169e8d950307cf559a3
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 535
cache-control: private, max-age=3205
expires: Fri, 26 Apr 2024 05:39:38 GMT
date: Fri, 26 Apr 2024 04:46:13 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/fonts/segoe-ui/west-european/light/latest.woff2
2.18.172.114200 OK 27 kB URL GET HTTP/2 support.microsoft.com/css/fonts/segoe-ui/west-european/light/latest.woff2
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type Web Open Font Format (Version 2), TrueType, length 27168, version 0.0
Hash b7640425501065524cec27d4a55a85ed
f254c388a65efb4b271c56deb5685a77ebe09d9d
fe8a1047376498c80a157d13555e42a92ad480fcb0bcc9de51ad1930fbeb7f91
GET /css/fonts/segoe-ui/west-european/light/latest.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/css/fonts/site-fonts.css?v=ndapaexA03b5YtdesW0qf_tHPN7vVTeLDLflY4uoexQ
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 27168
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1da9687bc042020"
last-modified: Wed, 24 Apr 2024 20:41:08 GMT
request-context: appId=
x-correlationid: 0HN34JT065O2U:00000002
x-operationid: 3dec4b28c2479b4fba31285291290c7e
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=1715
expires: Fri, 26 Apr 2024 05:14:48 GMT
date: Fri, 26 Apr 2024 04:46:13 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/fonts/segoe-ui/west-european/normal/latest.woff2
2.18.172.114200 OK 34 kB URL GET HTTP/2 support.microsoft.com/css/fonts/segoe-ui/west-european/normal/latest.woff2
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type Web Open Font Format (Version 2), TrueType, length 34052, version 0.0
Hash 36397a3bc139c6e9f81d383f060f080a
3f4f86c10920d4ed345f4858b6cde9f93e1aeb81
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
GET /css/fonts/segoe-ui/west-european/normal/latest.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/css/fonts/site-fonts.css?v=ndapaexA03b5YtdesW0qf_tHPN7vVTeLDLflY4uoexQ
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 34052
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1da968677c4ff04"
last-modified: Wed, 24 Apr 2024 20:32:04 GMT
request-context: appId=
x-correlationid: 0HN34JOHA9EPM:00000002
x-operationid: b4a0249d2eaffdb992139651920e5b5b
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=2289
expires: Fri, 26 Apr 2024 05:24:22 GMT
date: Fri, 26 Apr 2024 04:46:13 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/fonts/segoe-ui/west-european/semibold/latest.woff2
2.18.172.114200 OK 29 kB URL GET HTTP/2 support.microsoft.com/css/fonts/segoe-ui/west-european/semibold/latest.woff2
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type Web Open Font Format (Version 2), TrueType, length 29388, version 0.0
Hash 6e75a94d5f7170a1ab532d32c2a35755
9c1b6fff544089941bbeddbcf529c3f0b46d853a
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
GET /css/fonts/segoe-ui/west-european/semibold/latest.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/css/fonts/site-fonts.css?v=ndapaexA03b5YtdesW0qf_tHPN7vVTeLDLflY4uoexQ
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 29388
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1da968677c408cc"
last-modified: Wed, 24 Apr 2024 20:32:04 GMT
request-context: appId=
x-correlationid: 0HN34JOHA9AKV:00000002
x-operationid: cfb61faf9d7e1766707764d339dc3246
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=3119
expires: Fri, 26 Apr 2024 05:38:12 GMT
date: Fri, 26 Apr 2024 04:46:13 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
2.18.173.151200 OK 26 kB URL GET HTTP/2 www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
IP 2.18.173.151:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectwww.microsoft.com
FingerprintE1:57:9B:A5:51:25:CE:C3:A7:8E:39:F5:5C:F8:1D:A8:BF:A9:4F:88
ValidityThu, 14 Sep 2023 17:24:20 GMT - Sun, 08 Sep 2024 17:24:20 GMT
File type Web Open Font Format, TrueType, length 26288, version 0.0
Hash d0263dc03be4c393a90bda733c57d6db
8a032b6deab53a33234c735133b48518f8643b92
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
GET /mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
DNT: 1
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
last-modified: Thu, 18 Jan 2024 11:19:43 GMT
x-activity-id: 1d286420-d906-4932-a5b6-7cdae2bc95a2
x-appversion: 1.0.8745.29656
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-12-12T00:28:32.0000000Z}
ms-operation-id: d591d5197659514a84508ea6267c8621
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 26288
cache-control: public, max-age=23006020
expires: Fri, 17 Jan 2025 11:19:53 GMT
date: Fri, 26 Apr 2024 04:46:13 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4932776b.0
ms-cv-esi: CASMicrosoftCV4932776b.0
x-rtag: RT
X-Firefox-Spdy: h2
support.microsoft.com/css/fonts/support-icons/mdl2/latest_v4_69.woff2
2.18.172.114200 OK 30 kB URL GET HTTP/2 support.microsoft.com/css/fonts/support-icons/mdl2/latest_v4_69.woff2
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type Web Open Font Format (Version 2), TrueType, length 29588, version 0.0
Hash f04217f47619ac51664e7a65b3f77b48
c32c07c33ba8850f282492b2bd38be170b556541
5975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61
GET /css/fonts/support-icons/mdl2/latest_v4_69.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/css/fonts/site-fonts.css?v=ndapaexA03b5YtdesW0qf_tHPN7vVTeLDLflY4uoexQ
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 29588
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1da96882917ac14"
last-modified: Wed, 24 Apr 2024 20:44:11 GMT
request-context: appId=
x-correlationid: 0HN34JV6JQCBD:00000003
x-operationid: 69ff04cd50aaca62f0814abb2ebdf9b5
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=1626
expires: Fri, 26 Apr 2024 05:13:19 GMT
date: Fri, 26 Apr 2024 04:46:13 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
thuwin7.z13.web.core.windows.net/_Fm7-alert.mp3
52.239.221.65206 Partial Content 201 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/_Fm7-alert.mp3
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type Audio file with ID3 version 2.3.0, contains:
- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural
Size 201 kB (200832 bytes)
Hash 0116152611dd51432e852781f8cc7e82
2408d3d281b25649894f78a4e19f7f8a8ac735f9
fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65
Analyzer Verdict Alert OpenPhish phishing Office365
GET /_Fm7-alert.mp3 HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Cookie: PHPREFS=full; _ga_4FXBGDDKSQ=GS1.1.1714106773.1.0.1714106773.0.0.0; _ga=GA1.1.1211007173.1714106773
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Length: 200832
Content-Type: audio/mpeg
Content-Range: bytes 0-200831/200832
Last-Modified: Thu, 25 Apr 2024 19:23:20 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2AB6D21F"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4bc31ab6-801e-0026-7594-9763c7000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
thuwin7.z13.web.core.windows.net/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
52.239.221.65404 The requested content does not exist. 321 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type HTML document, ASCII text, with very long lines (321), with no line terminators
Hash b209caf61768421aea6d3cc6e3702002
e72f56a537084360b0115cf1badba6e787dd97bb
847095d57572b0c4e9059f07f2bb82152281d339ce7b5304c726fea462585900
Analyzer Verdict Alert OpenPhish phishing Office365
GET /fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2 HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Cookie: PHPREFS=full; _ga_4FXBGDDKSQ=GS1.1.1714106773.1.0.1714106773.0.0.0; _ga=GA1.1.1211007173.1714106773
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: aaa01aa3-901e-0015-0494-973c6c000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
support.microsoft.com/en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler
2.18.172.114302 Found 0 B URL GET HTTP/2 support.microsoft.com/en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/en-us/windows
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-length: 0
server: Kestrel
location: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497035733727929.ZTUzYWY0ZmQtMWFhMC00ZDI1LTlhYjEtMjcxMmFhMTk1M2ZiMTBmNGRlZmItYTVhYi00YzJkLThhOTctMTBlMGU4YjIyNzgw&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJr9XS7iaZfuYQ6pYPeUWApPlfuO6Hp9aKIeACnD0ywqXCHhxsyv7NFczL1VCA-rCvdIbsX5coXEKpqR-0JQaQqVqAghR3K7L65RmfuiAEE_yuMG8n4t2HT-rptSh3TcurgHE9XNWVYFuaKKm4qSlfBmaW4qzDX3Hnt94JhFFQB5JycgZGU5u-FXx-MR7vs9c2Ykh6yUVJssg-eDEAVkyRgs09xWZwtheEkPmZugBPUf7mBawx6ba3RvxTmYzu885r4UnxJR6ymJ3NrUobgfwvuerCQVChGHFPolkGDNiwQgaJE8c_HeVjdKx4NrMUbaqS2xZPb-Pd3J0uYBipgbPzkO&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0
request-context: appId=
x-correlationid: 0HN34JPL9PN47:0000007E
x-operationid: 7e6ac48251d2a0c51e791baa39842118
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Fri, 26 Apr 2024 04:46:13 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 26 Apr 2024 04:46:13 GMT
set-cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8CiTzr73KWNFsUGcHEnPeJoVI-w3sHYRNlMtLcp6cBGzLgE68gD3lEiYvOuPO3uu-UVcY2OuODCr_dMpslKvgZgascIsxGMXI_OmZTC7bf9fjCPr9Y4Yuahcr6dLERyR3AB8AW7cckWILjAr1y4__0KsyUIDHwo-BbpHgT4PQS8JKRzzwLO5b4d1PQsvAu46wL8oCw8TwRZyQHzvmnT9EhzTgN9Y_RRtfcPxbKSe72Fir2ljFdLbenOmgXz6Pf0xpDurEtK1ah0SVjsRdJpOmsA=N; expires=Fri, 26 Apr 2024 05:01:13 GMT; path=/signin-oidc; secure; samesite=none; httponly
.AspNetCore.Correlation.zS8JdGxMqyHTzSR2inh8pME4CZdux_sa5GzpvLZ_Nag=N; expires=Fri, 26 Apr 2024 05:01:13 GMT; path=/signin-oidc; secure; samesite=none; httponly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
thuwin7.z13.web.core.windows.net/cross.png
52.239.221.65200 OK 386 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/cross.png
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced
Size 386 kB (386359 bytes)
Hash be42ad7752720327d28bf52dbdbb64c2
f4cce31b9236319aa9c87fee038638d1de12c07d
c3ad6aa1c03fd108854f008cfec2753ba623e1470a4d61798b5d8c050e474868
Analyzer Verdict Alert OpenPhish phishing Office365
GET /cross.png HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 386359
Content-Type: image/png
Content-MD5: vkKtd1JyAyfSi/Utvbtkwg==
Last-Modified: Thu, 25 Apr 2024 19:23:21 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2B567D48"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 120899cf-401e-0064-7a94-97da47000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
thuwin7.z13.web.core.windows.net/fonts/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
52.239.221.65404 The requested content does not exist. 321 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/fonts/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type HTML document, ASCII text, with very long lines (321), with no line terminators
Hash 437a57d3a1945f915ca758d79f959fea
9eca3f3289ec7625280c5fe0841608dc21cc669e
103a44a5f7e1810c855778e5506578cdf590f811efb2abe24732d87f53c2afe6
Analyzer Verdict Alert OpenPhish phishing Office365
GET /fonts/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Cookie: PHPREFS=full; _ga_4FXBGDDKSQ=GS1.1.1714106773.1.0.1714106773.0.0.0; _ga=GA1.1.1211007173.1714106773
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: 12089a74-401e-0064-0594-97da47000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:12 GMT
support.content.office.net/en-us/media/608e4be9-144c-4e0c-9c74-522091145bff.png
2.16.68.157200 OK 134 kB URL GET HTTP/2 support.content.office.net/en-us/media/608e4be9-144c-4e0c-9c74-522091145bff.png
IP 2.16.68.157:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.content.office.net
Fingerprint78:C2:32:59:AC:8E:8A:A4:31:8A:BC:4B:EB:25:12:C1:D2:00:05:0F
ValiditySat, 29 Jul 2023 00:57:06 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type PNG image data, 800 x 450, 8-bit colormap, non-interlaced
Size 134 kB (134332 bytes)
Hash 0ac986feee19e0644c89fd1fc4fbd61a
41d0c5bf6d6b2e5ce0cc5d58790bd22041f4eeea
0bda9e3cd6f539197f34ced03402c52c60bc1aac4260b1799e79576f0a54663e
GET /en-us/media/608e4be9-144c-4e0c-9c74-522091145bff.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 134332
content-type: image/png
content-md5: CsmG/u4Z4GRMif0fxPvWGg==
last-modified: Mon, 25 Sep 2023 22:19:14 GMT
etag: 0x8DBBE157349B8CD
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 512e5549-601e-0029-0261-8c5b14000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Fri, 26 Apr 2024 04:46:13 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/82ffd042-9c3d-41ff-b7f4-56bfb0d0f94d.jpg
2.16.68.157200 OK 38 kB URL GET HTTP/2 support.content.office.net/en-us/media/82ffd042-9c3d-41ff-b7f4-56bfb0d0f94d.jpg
IP 2.16.68.157:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.content.office.net
Fingerprint78:C2:32:59:AC:8E:8A:A4:31:8A:BC:4B:EB:25:12:C1:D2:00:05:0F
ValiditySat, 29 Jul 2023 00:57:06 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x450, components 3
Hash 3662e8423dbf93ecbb554a07f3e99eb3
f3b749d5d61f5924942fa6c8debc82459461cd1f
56e33bdb5b225ff31a5ca86d04b08d483d60d7078c2254818dd7ff96cc7933e3
GET /en-us/media/82ffd042-9c3d-41ff-b7f4-56bfb0d0f94d.jpg HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 37493
content-type: image/jpeg
content-md5: NmLoQj2/k+y7VUoH8+mesw==
last-modified: Thu, 18 Jan 2024 23:11:25 GMT
etag: 0x8DC187ACB170947
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 14daf9d7-201e-0007-373d-900903000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Fri, 26 Apr 2024 04:46:13 GMT
X-Firefox-Spdy: h2
login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497035733727929.ZTUzYWY0ZmQtMWFhMC00ZDI1LTlhYjEtMjcxMmFhMTk1M2ZiMTBmNGRlZmItYTVhYi00YzJkLThhOTctMTBlMGU4YjIyNzgw&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJr9XS7iaZfuYQ6pYPeUWApPlfuO6Hp9aKIeACnD0ywqXCHhxsyv7NFczL1VCA-rCvdIbsX5coXEKpqR-0JQaQqVqAghR3K7L65RmfuiAEE_yuMG8n4t2HT-rptSh3TcurgHE9XNWVYFuaKKm4qSlfBmaW4qzDX3Hnt94JhFFQB5JycgZGU5u-FXx-MR7vs9c2Ykh6yUVJssg-eDEAVkyRgs09xWZwtheEkPmZugBPUf7mBawx6ba3RvxTmYzu885r4UnxJR6ymJ3NrUobgfwvuerCQVChGHFPolkGDNiwQgaJE8c_HeVjdKx4NrMUbaqS2xZPb-Pd3J0uYBipgbPzkO&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0
20.190.177.148200 OK 9.9 kB URL GET HTTP/1.1 login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497035733727929.ZTUzYWY0ZmQtMWFhMC00ZDI1LTlhYjEtMjcxMmFhMTk1M2ZiMTBmNGRlZmItYTVhYi00YzJkLThhOTctMTBlMGU4YjIyNzgw&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJr9XS7iaZfuYQ6pYPeUWApPlfuO6Hp9aKIeACnD0ywqXCHhxsyv7NFczL1VCA-rCvdIbsX5coXEKpqR-0JQaQqVqAghR3K7L65RmfuiAEE_yuMG8n4t2HT-rptSh3TcurgHE9XNWVYFuaKKm4qSlfBmaW4qzDX3Hnt94JhFFQB5JycgZGU5u-FXx-MR7vs9c2Ykh6yUVJssg-eDEAVkyRgs09xWZwtheEkPmZugBPUf7mBawx6ba3RvxTmYzu885r4UnxJR6ymJ3NrUobgfwvuerCQVChGHFPolkGDNiwQgaJE8c_HeVjdKx4NrMUbaqS2xZPb-Pd3J0uYBipgbPzkO&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0
IP 20.190.177.148:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerDigiCert Inc
Subjectstamp2.login.microsoftonline.com
Fingerprint8E:D8:59:8A:1D:3D:D8:ED:91:3E:38:F9:83:25:B0:8F:8D:A3:38:5C
ValidityThu, 04 Apr 2024 00:00:00 GMT - Fri, 04 Apr 2025 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (9109), with CRLF, LF line terminators
Hash 79b41ab0a882eb8476ffe5c1ccccd998
8fc68a21b4118343333e98de7a0573ddb6a65ee0
7862b1b3ca809a65601e114f2a390601bf5d3268bd5240f16cd8a7cd8839a0e8
GET /common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497035733727929.ZTUzYWY0ZmQtMWFhMC00ZDI1LTlhYjEtMjcxMmFhMTk1M2ZiMTBmNGRlZmItYTVhYi00YzJkLThhOTctMTBlMGU4YjIyNzgw&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJr9XS7iaZfuYQ6pYPeUWApPlfuO6Hp9aKIeACnD0ywqXCHhxsyv7NFczL1VCA-rCvdIbsX5coXEKpqR-0JQaQqVqAghR3K7L65RmfuiAEE_yuMG8n4t2HT-rptSh3TcurgHE9XNWVYFuaKKm4qSlfBmaW4qzDX3Hnt94JhFFQB5JycgZGU5u-FXx-MR7vs9c2Ykh6yUVJssg-eDEAVkyRgs09xWZwtheEkPmZugBPUf7mBawx6ba3RvxTmYzu885r4UnxJR6ymJ3NrUobgfwvuerCQVChGHFPolkGDNiwQgaJE8c_HeVjdKx4NrMUbaqS2xZPb-Pd3J0uYBipgbPzkO&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msftauth.net>; rel=dns-prefetch,<https://aadcdn.msauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 95a28333-bd71-4fd4-bf9a-6fbb93d19100
x-ms-ests-server: 2.1.17846.6 - NEULR1 ProdSlices
x-ms-clitelem: 1,0,0,,
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: buid=0.AQUAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd81-p8-WS61nlRhJAVYO8wgp3r-z8dLFsq57LeXcFqfojSMnGpNow9dHlvlYFbp45ErgUDFAKRE4pKwy1VQIEAQNOr5_BaG9RfPnho7Tye67cgAA; expires=Sun, 26-May-2024 04:46:13 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8QnOyBaVUmbQW7yxb787huag9qfW9txTxUdQzutzG5RKdjk-oypoQRqS6sVGbyeaceiDiBpYksgtSdKIWGLokOQd5uz9S325pYIEAbof3dx0Ifmm-CaoFsuCVLLoED-RYJWAqhINymRX3UaMAWXe9K8t-CydLm4eViZs3ulqoufggAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
esctx-tWRGegy3uO0=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd81Z7lxfCil9XCi22AfoEiOoogZbsm0WxXjpM60z6gO6pCxfulr0EAmBhevz1I49gUyA_vQZ_56o-79Q3jSPGcD890A71dQSGKJz-q-274vRN8TgpIJAZmby4iSHfqdU3dlTOB19KDKEuZCnwMVftu_SAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
fpc=AoYsHHUvHihClPU-R3tXxApqwEtIAQAAAJQovd0OAAAA; expires=Sun, 26-May-2024 04:46:13 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Fri, 26 Apr 2024 04:46:13 GMT
Content-Length: 9934
aadcdn.msftauth.net/shared/1.0/content/js/FetchSessions_Core_JZTKIH_Tdx6afyJMNXnGEQ2.js
152.199.23.37200 OK 52 kB URL GET HTTP/2 aadcdn.msftauth.net/shared/1.0/content/js/FetchSessions_Core_JZTKIH_Tdx6afyJMNXnGEQ2.js
IP 152.199.23.37:443
Requested by https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497035733727929.ZTUzYWY0ZmQtMWFhMC00ZDI1LTlhYjEtMjcxMmFhMTk1M2ZiMTBmNGRlZmItYTVhYi00YzJkLThhOTctMTBlMGU4YjIyNzgw&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJr9XS7iaZfuYQ6pYPeUWApPlfuO6Hp9aKIeACnD0ywqXCHhxsyv7NFczL1VCA-rCvdIbsX5coXEKpqR-0JQaQqVqAghR3K7L65RmfuiAEE_yuMG8n4t2HT-rptSh3TcurgHE9XNWVYFuaKKm4qSlfBmaW4qzDX3Hnt94JhFFQB5JycgZGU5u-FXx-MR7vs9c2Ykh6yUVJssg-eDEAVkyRgs09xWZwtheEkPmZugBPUf7mBawx6ba3RvxTmYzu885r4UnxJR6ymJ3NrUobgfwvuerCQVChGHFPolkGDNiwQgaJE8c_HeVjdKx4NrMUbaqS2xZPb-Pd3J0uYBipgbPzkO&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0
Certificate IssuerDigiCert Inc
Subjectaadcdn.msftauth.net
Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (51537)
Hash 2594ca207fd3771e9a7f224c3579c611
82f1ca3738b5eebb35d7f8653dbb6e97beb3a7da
5649555a22805dd81dce54264e06f3caee454d258c763cd07a3bcd0098bd0632
GET /shared/1.0/content/js/FetchSessions_Core_JZTKIH_Tdx6afyJMNXnGEQ2.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 2345441
cache-control: public, max-age=31536000
content-md5: hGiW2fwnCG0q5pkJb40n/w==
content-type: application/x-javascript
date: Fri, 26 Apr 2024 04:46:13 GMT
etag: 0x8DC4DBF692ED7F7
last-modified: Tue, 26 Mar 2024 18:06:07 GMT
server: ECAcc (ska/F776)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 1eed42de-701e-003c-763f-828f2e000000
x-ms-version: 2009-09-19
content-length: 51612
X-Firefox-Spdy: h2
thuwin7.z13.web.core.windows.net/microsoft.png
52.239.221.65200 OK 1.0 kB URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/microsoft.png
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert OpenPhish phishing Office365
GET /microsoft.png HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Cookie: PHPREFS=full; _ga_4FXBGDDKSQ=GS1.1.1714106773.1.0.1714106773.0.0.0; _ga=GA1.1.1211007173.1714106773
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1045
Content-Type: image/png
Content-MD5: vytGBZD7udjpYRpukAa4Fg==
Last-Modified: Thu, 25 Apr 2024 19:23:21 GMT
Accept-Ranges: bytes
ETag: "0x8DC655D2B5435E6"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 12089ac8-401e-0064-4994-97da47000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:13 GMT
support.microsoft.com/css/fonts/segoe-ui/west-european/light/latest.woff2
2.18.172.114200 OK 27 kB URL GET HTTP/2 support.microsoft.com/css/fonts/segoe-ui/west-european/light/latest.woff2
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type Web Open Font Format (Version 2), TrueType, length 27168, version 0.0
Hash b7640425501065524cec27d4a55a85ed
f254c388a65efb4b271c56deb5685a77ebe09d9d
fe8a1047376498c80a157d13555e42a92ad480fcb0bcc9de51ad1930fbeb7f91
GET /css/fonts/segoe-ui/west-european/light/latest.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/css/fonts/site-fonts.css?v=ndapaexA03b5YtdesW0qf_tHPN7vVTeLDLflY4uoexQ
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336; MicrosoftApplicationsTelemetryDeviceId=5dc379cf-099b-4960-9734-7f519c9b402b; ai_session=NfVjlnfdAkwcWpQy6hpFX0|1714106773667|1714106773667
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 27168
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1da9687bc042020"
last-modified: Wed, 24 Apr 2024 20:41:08 GMT
request-context: appId=
x-correlationid: 0HN34JT065O2U:00000002
x-operationid: 3dec4b28c2479b4fba31285291290c7e
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=1715
expires: Fri, 26 Apr 2024 05:14:48 GMT
date: Fri, 26 Apr 2024 04:46:13 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/fonts/segoe-ui/west-european/normal/latest.woff2
2.18.172.114200 OK 34 kB URL GET HTTP/2 support.microsoft.com/css/fonts/segoe-ui/west-european/normal/latest.woff2
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type Web Open Font Format (Version 2), TrueType, length 34052, version 0.0
Hash 36397a3bc139c6e9f81d383f060f080a
3f4f86c10920d4ed345f4858b6cde9f93e1aeb81
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
GET /css/fonts/segoe-ui/west-european/normal/latest.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/css/fonts/site-fonts.css?v=ndapaexA03b5YtdesW0qf_tHPN7vVTeLDLflY4uoexQ
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336; MicrosoftApplicationsTelemetryDeviceId=5dc379cf-099b-4960-9734-7f519c9b402b; ai_session=NfVjlnfdAkwcWpQy6hpFX0|1714106773667|1714106773667
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 34052
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1da968677c4ff04"
last-modified: Wed, 24 Apr 2024 20:32:04 GMT
request-context: appId=
x-correlationid: 0HN34JOHA9EPM:00000002
x-operationid: b4a0249d2eaffdb992139651920e5b5b
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=2289
expires: Fri, 26 Apr 2024 05:24:22 GMT
date: Fri, 26 Apr 2024 04:46:13 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/fonts/segoe-ui/west-european/semibold/latest.woff2
2.18.172.114200 OK 29 kB URL GET HTTP/2 support.microsoft.com/css/fonts/segoe-ui/west-european/semibold/latest.woff2
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type Web Open Font Format (Version 2), TrueType, length 29388, version 0.0
Hash 6e75a94d5f7170a1ab532d32c2a35755
9c1b6fff544089941bbeddbcf529c3f0b46d853a
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
GET /css/fonts/segoe-ui/west-european/semibold/latest.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/css/fonts/site-fonts.css?v=ndapaexA03b5YtdesW0qf_tHPN7vVTeLDLflY4uoexQ
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336; MicrosoftApplicationsTelemetryDeviceId=5dc379cf-099b-4960-9734-7f519c9b402b; ai_session=NfVjlnfdAkwcWpQy6hpFX0|1714106773667|1714106773667
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 29388
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1da968677c408cc"
last-modified: Wed, 24 Apr 2024 20:32:04 GMT
request-context: appId=
x-correlationid: 0HN34JOHA9AKV:00000002
x-operationid: cfb61faf9d7e1766707764d339dc3246
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=3119
expires: Fri, 26 Apr 2024 05:38:12 GMT
date: Fri, 26 Apr 2024 04:46:13 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=5a2cee6a-98b5-4dbe-51d6-4369fe35e206&partnerId=smcconvergence&idpflag=proxy
20.190.177.148200 OK 1.3 kB URL GET HTTP/1.1 login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=5a2cee6a-98b5-4dbe-51d6-4369fe35e206&partnerId=smcconvergence&idpflag=proxy
IP 20.190.177.148:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerDigiCert Inc
Subjectstamp2.login.microsoftonline.com
Fingerprint8E:D8:59:8A:1D:3D:D8:ED:91:3E:38:F9:83:25:B0:8F:8D:A3:38:5C
ValidityThu, 04 Apr 2024 00:00:00 GMT - Fri, 04 Apr 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with CRLF line terminators
Hash bb99cbe18af89b4bd60e98135261b6c4
2baa402eeae20853de5d4a0f485a8c103be7f3d4
6f09f16844ae8f5e76b68e2330ab599dbf6334d743338f0da6fc63e977adbc61
GET /savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=5a2cee6a-98b5-4dbe-51d6-4369fe35e206&partnerId=smcconvergence&idpflag=proxy HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Cookie: buid=0.AQUAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd81-p8-WS61nlRhJAVYO8wgp3r-z8dLFsq57LeXcFqfojSMnGpNow9dHlvlYFbp45ErgUDFAKRE4pKwy1VQIEAQNOr5_BaG9RfPnho7Tye67cgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8QnOyBaVUmbQW7yxb787huag9qfW9txTxUdQzutzG5RKdjk-oypoQRqS6sVGbyeaceiDiBpYksgtSdKIWGLokOQd5uz9S325pYIEAbof3dx0Ifmm-CaoFsuCVLLoED-RYJWAqhINymRX3UaMAWXe9K8t-CydLm4eViZs3ulqoufggAA; esctx-tWRGegy3uO0=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd81Z7lxfCil9XCi22AfoEiOoogZbsm0WxXjpM60z6gO6pCxfulr0EAmBhevz1I49gUyA_vQZ_56o-79Q3jSPGcD890A71dQSGKJz-q-274vRN8TgpIJAZmby4iSHfqdU3dlTOB19KDKEuZCnwMVftu_SAA; fpc=AoYsHHUvHihClPU-R3tXxApqwEtIAQAAAJQovd0OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 67c49914-6538-4493-8d94-e93311b2b900
x-ms-ests-server: 2.1.17846.6 - WEULR1 ProdSlices
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: fpc=AoYsHHUvHihClPU-R3tXxApqwEtIAQAAAJQovd0OAAAA; expires=Sun, 26-May-2024 04:46:14 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Fri, 26 Apr 2024 04:46:13 GMT
Content-Length: 1305
thuwin7.z13.web.core.windows.net/fonts/fontawesome-webfont.woff2
52.239.221.65404 The requested content does not exist. 321 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/fonts/fontawesome-webfont.woff2
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type HTML document, ASCII text, with very long lines (321), with no line terminators
Hash b27c82f43ed62228a62362815db76d56
9f8921870484d9f7f29b37a181d6bef38d029179
905e5557085c20cb8f8b5e3e792e0277d3b39b0ce8ba334b91e9e51110838f01
Analyzer Verdict Alert OpenPhish phishing Office365
GET /fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/font-awesome.min.css
Cookie: PHPREFS=full; _ga_4FXBGDDKSQ=GS1.1.1714106773.1.0.1714106773.0.0.0; _ga=GA1.1.1211007173.1714106773
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: 12089b4d-401e-0064-3d94-97da47000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:13 GMT
login.live.com/Me.htm?v=3
20.190.181.23200 OK 1.1 kB URL GET HTTP/1.1 login.live.com/Me.htm?v=3
IP 20.190.181.23:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497035733727929.ZTUzYWY0ZmQtMWFhMC00ZDI1LTlhYjEtMjcxMmFhMTk1M2ZiMTBmNGRlZmItYTVhYi00YzJkLThhOTctMTBlMGU4YjIyNzgw&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJr9XS7iaZfuYQ6pYPeUWApPlfuO6Hp9aKIeACnD0ywqXCHhxsyv7NFczL1VCA-rCvdIbsX5coXEKpqR-0JQaQqVqAghR3K7L65RmfuiAEE_yuMG8n4t2HT-rptSh3TcurgHE9XNWVYFuaKKm4qSlfBmaW4qzDX3Hnt94JhFFQB5JycgZGU5u-FXx-MR7vs9c2Ykh6yUVJssg-eDEAVkyRgs09xWZwtheEkPmZugBPUf7mBawx6ba3RvxTmYzu885r4UnxJR6ymJ3NrUobgfwvuerCQVChGHFPolkGDNiwQgaJE8c_HeVjdKx4NrMUbaqS2xZPb-Pd3J0uYBipgbPzkO&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0
Certificate IssuerDigiCert Inc
Subjectlogin.live.com
Fingerprint82:2F:20:E4:BD:99:37:36:52:F8:AF:FC:4D:86:73:BA:3A:7A:65:3E
ValidityFri, 29 Mar 2024 00:00:00 GMT - Sat, 29 Mar 2025 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
Hash e86ef8b6111e5fb1d1665bcdc90888c9
994bf7651cb967cd9053056af2d69acb74db7f29
3410242720de50b090d07a23aee2dad879b31d36f2615732962ec4cfa8a9d458
GET /Me.htm?v=3 HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=315360000
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Mon, 24 Apr 2034 04:46:14 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C511_BL2
x-ms-request-id: ff196227-2115-4157-b603-f91b35e20ca6
PPServer: PPV: 30 H: BL02EPF0001D771 V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=a36fd9b32a23414fb54bab6da326d00e; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=N<=1714106774&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Fri, 26 Apr 2024 04:46:13 GMT
Content-Length: 1132
thuwin7.z13.web.core.windows.net/fonts/fontawesome-webfont.woff
52.239.221.65404 The requested content does not exist. 321 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/fonts/fontawesome-webfont.woff
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type HTML document, ASCII text, with very long lines (321), with no line terminators
Hash fd00d9edc6471c0e5d5264d72bd92c12
02498fe3220c05346fe8aedeb25d1423a448f4f6
d7f8a5b0728877f2b4f177353bfb1fff344d6f55316989a5f3d359a1f9d9c7b8
Analyzer Verdict Alert OpenPhish phishing Office365
GET /fonts/fontawesome-webfont.woff HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/font-awesome.min.css
Cookie: PHPREFS=full; _ga_4FXBGDDKSQ=GS1.1.1714106773.1.0.1714106773.0.0.0; _ga=GA1.1.1211007173.1714106773
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: 12089b76-401e-0064-6594-97da47000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:13 GMT
login.live.com/Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc
20.190.181.23 5.1 kB URL login.live.com/Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc
IP 20.190.181.23:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerDigiCert Inc
Subjectlogin.live.com
Fingerprint82:2F:20:E4:BD:99:37:36:52:F8:AF:FC:4D:86:73:BA:3A:7A:65:3E
ValidityFri, 29 Mar 2024 00:00:00 GMT - Sat, 29 Mar 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (11488)
Hash a8228c178544fed8577ab2c2398d7487
831d64b9c226ac38072fa0d4f5464f3972ebbec1
96d657bc67c5ceb1a1b1386a6e8dbb89ce0e5826e392a0159cf71efcf957584c
GET /Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Fri, 26 Apr 2024 04:45:14 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-DNS-Prefetch-Control: on
Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C541_BL2
x-ms-request-id: 4ebdb254-9c58-484c-a691-133f3651156d
PPServer: PPV: 30 H: BL02EPF0001D938 V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=e8e733147e184baba2c39ecc079b1718; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=12<=1714106774&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
OParams=11O.DtNMoUhgfuIWRyKOJhcPfGO9LyP2o9tL!a8aqp2FWZQwHKjj8F5xFyN46BpF!lRBbQjQK0HAdipMGhpGOfD1*525MVM3Dc5QcL7VzszzBwtlFkvxkeB1ZiwoOs4mgw3vBYrtO6i3jXRmhN9a9e!mkkj1oEyTxYOEoXQTspGAGysbjtU05hqHdyRITtQFaQTQ9QDpq9XJJOboXvj9yUYhVi8xkEyV46iYdSAKRHAiXHCopzZCH0aVSTA2zfU6DUhFVFqk*B0w23iU10AfFIkFOLU$; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Fri, 26 Apr 2024 04:46:14 GMT
Content-Length: 5114
thuwin7.z13.web.core.windows.net/fonts/fontawesome-webfont.ttf
52.239.221.65404 The requested content does not exist. 321 B URL GET HTTP/1.1 thuwin7.z13.web.core.windows.net/fonts/fontawesome-webfont.ttf
IP 52.239.221.65:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintBB:34:D6:3A:62:B7:47:5E:08:34:B0:C4:23:10:61:B4:52:CF:26:DE
ValidityWed, 27 Sep 2023 17:37:10 GMT - Fri, 27 Sep 2024 17:37:10 GMT
File type HTML document, ASCII text, with very long lines (321), with no line terminators
Hash c9ad10c6751d3d1a047e5d20fb903d58
438f42e21f5adff4d4436d983b2360186460a30a
d1e96a39fab727d04742774e9d3fb83fac850023bd5960c701ba3316e88226da
Analyzer Verdict Alert OpenPhish phishing Office365
GET /fonts/fontawesome-webfont.ttf HTTP/1.1
Host: thuwin7.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/font-awesome.min.css
Cookie: PHPREFS=full; _ga_4FXBGDDKSQ=GS1.1.1714106773.1.0.1714106773.0.0.0; _ga=GA1.1.1211007173.1714106773
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: 12089b99-401e-0064-0594-97da47000000
x-ms-version: 2018-03-28
Date: Fri, 26 Apr 2024 04:46:13 GMT
mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1
13.107.246.53200 OK 12 kB URL GET HTTP/2 mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1
IP 13.107.246.53:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint15:1B:3E:26:F4:4A:EE:1C:C2:40:74:BB:BD:AE:20:E4:35:B0:40:40
ValidityWed, 17 Jan 2024 06:03:21 GMT - Sat, 11 Jan 2025 06:03:21 GMT
File type JavaScript source, ASCII text, with very long lines (30651)
Hash a7b3e42431f6c12c64f0592929cd696c
8c22c84f365f9ed967818d17ff7a6f307b731ae6
488034b909cf93338dc893e981761f87ceaeacf570032935255c3c39d5eab366
GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:13 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, no-transform, max-age=7200
expires: Fri, 26 Apr 2024 02:49:27 GMT
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref: 20240426T044613Z-16c4f695cc5hfq6f949ffdfmq00000000340000000002qq1
x-fd-int-roxy-purgeid: 38334287
x-cache: TCP_HIT
content-encoding: br
X-Firefox-Spdy: h2
logincdn.msauth.net/16.000/content/js/MeControl_5BiUVwve_jNbxMN6Aaj8bg2.js
13.107.246.53 6.1 kB URL logincdn.msauth.net/16.000/content/js/MeControl_5BiUVwve_jNbxMN6Aaj8bg2.js
IP 13.107.246.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JavaScript source, ASCII text, with very long lines (17287), with no line terminators
Hash e41894570bdefe335bc4c37a01a8fc6e
34d6f423170a67f9280bf4d21c02958e48f7d870
8894250ad2ace3aca911b3e12fa60f3d3300c1a36cf795d8c1f8afc3edb461f0
GET /16.000/content/js/MeControl_5BiUVwve_jNbxMN6Aaj8bg2.js HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com/
Origin: https://login.live.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:14 GMT
content-type: application/x-javascript
content-length: 6054
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Sat, 06 Apr 2024 05:04:44 GMT
etag: 0x8DC55F71314F7ED
x-ms-request-id: 1a58764d-901e-005b-4f7e-92a3ba000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240426T044614Z-16c4f695cc54rz7xga6xfvddx000000009s0000000005z31
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
support.microsoft.com/en-us/silentsigninhandler
2.18.172.114200 OK 527 B URL GET HTTP/2 support.microsoft.com/en-us/silentsigninhandler
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
File type JavaScript source, ASCII text, with CRLF line terminators
Hash e79e4a2ff60914c3316dc5fb0f299cbb
ebfccf8ab4ffcc6322c8e84eb6bc7018b28f5b69
56d1ce7977a2311c226f1e445996a09d658d0c4641274fe11a9a3d359161079e
GET /en-us/silentsigninhandler HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336; MicrosoftApplicationsTelemetryDeviceId=5dc379cf-099b-4960-9734-7f519c9b402b; ai_session=NfVjlnfdAkwcWpQy6hpFX0|1714106773667|1714106773667
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: Kestrel
request-context: appId=
x-correlationid: 0HN34JOH6RF65:000000EF
x-operationid: 403702803e9b990d07d169af032ce2d5
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
vary: Accept-Encoding
content-encoding: gzip
expires: Fri, 26 Apr 2024 04:46:14 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 26 Apr 2024 04:46:14 GMT
content-length: 527
strict-transport-security: max-age=86400 ; includeSubDomains
set-cookie: EXPID=947080c2-9675-4bbe-9497-fd54c0626336; max-age=31536000; path=/; secure; samesite=none
ak_bmsc=BCFD7F0301E31D7875B9051D3F6E40C1~000000000000000000000000000000~YAAQZQplX15mrRWPAQAAHrS5GBfqxq7QZzZef9lwyVf+g17B9Q4rN8Mf9duvP6fPHPfIAtYy0pEZF5GTPgf/dht7+suO1eXACd7xiiBIg2VXzatD03OArWL27tmTrxGtvP40WEdXCsMzbJF3ivwJ0jPzxvwsgWKpc0MT9h17FTZqsohSmnu3BiD+YtGKgL1/HypHDLlpPZ15BOI2f2ysNBAynZwOMPf8QFGusHGzkJ4/ouqBf5zQ0yQ/vtxVotYD6xtsnVZonPnbc7PWUmf4ajClB6+87LcJlbSrPkIb5GUUUUttVsYV/wTnpwRK/veu48wCZMARfnifSdjGzahWtj09AfK3AztxtLkrLZmAEiTWdVjH5YKv0qSn58MCf+Sr1Vu5Y5M6Mmc8pUOc; Domain=.microsoft.com; Path=/; Expires=Fri, 26 Apr 2024 06:46:14 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
104.208.16.95200 OK 0 B URL OPTIONS HTTP/2 browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP 104.208.16.95:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
Fingerprint29:9F:60:88:78:23:9D:24:60:B8:2E:13:B5:87:2A:4D:B5:97:77:02
ValiditySat, 30 Mar 2024 21:44:48 GMT - Tue, 25 Mar 2025 21:44:48 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Referer: https://support.microsoft.com/
Origin: https://support.microsoft.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, 3600
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://support.microsoft.com
date: Fri, 26 Apr 2024 04:46:15 GMT
X-Firefox-Spdy: h2
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
104.208.16.95200 OK 153 B URL OPTIONS HTTP/2 browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP 104.208.16.95:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
Fingerprint29:9F:60:88:78:23:9D:24:60:B8:2E:13:B5:87:2A:4D:B5:97:77:02
ValiditySat, 30 Mar 2024 21:44:48 GMT - Tue, 25 Mar 2025 21:44:48 GMT
Hash d6e35e6c6e7cd51bf5aac56584d9626f
95a87e610457f5b6b1454942df383121007ea850
9dc6cc6be9f8383a39630ab1cea3f27d2aeb50399d20c5295e181ce4dcc55f19
POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Client-Id: NO_AUTH
client-version: 1DS-Web-JS-4.0.2
apikey: ac04587c8d6b439297eee84d88c95e8b-e1b6c3bf-fa11-485c-aebc-a825e1f68c8f-7432
upload-time: 1714106774285
time-delta-to-apply-millis: use-collector-delta
cache-control: no-cache, no-store
content-type: application/x-json-stream
Content-Length: 12842
Origin: https://support.microsoft.com
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 153
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=f2389e6e889549d1ac97a24f9f9cfaf9&HASH=f238&LV=202404&V=4&LU=1714106775541; Domain=.microsoft.com; Expires=Sat, 26 Apr 2025 04:46:15 GMT; Path=/;Secure; SameSite=None
MS0=fe0b3bbc0b0a47c3a7237676871cb027; Domain=.microsoft.com; Expires=Fri, 26 Apr 2024 05:16:15 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 1256
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://support.microsoft.com
access-control-expose-headers: time-delta-millis
date: Fri, 26 Apr 2024 04:46:15 GMT
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-bf24a88e.js
104.22.25.131200 OK 89 kB URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-bf24a88e.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type JavaScript source, ASCII text, with very long lines (10466), with no line terminators
Hash c96127c9a0429d69fecbeb73fd410443
33b18dbf011650d5e011f8f3af41048a2010ef54
cf0bb2630fde34a664dc471d3a575a72c37b5a96cb74fcafb92ca7f17fefbe40
GET /_s/v4/app/662a1eb9625/js/twk-chunk-bf24a88e.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"c96127c9a0429d69fecbeb73fd410443"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 66370
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed941a53712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js
151.101.1.229200 OK 41 kB URL GET HTTP/2 cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js
IP 151.101.1.229:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type ASCII text, with very long lines (32014)
Hash 7bb7aac0cac89a90304af1c72eb4f50d
729f6f8ca5787d89743b0ed7eb27fd76406bf985
f5c06455e539dcd889f7f05d709b5adc76c444099fe57f431365af2fc57e803b
GET /emojione/2.2.7/lib/js/emojione.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"49dda-cp9vjKV4fYl0Ow7X6yf9dkBr+YU"
content-encoding: br
accept-ranges: bytes
date: Fri, 26 Apr 2024 04:46:16 GMT
age: 9655427
x-served-by: cache-fra-eddf8230136-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 41275
X-Firefox-Spdy: h2
vsa77.tawk.to/s/?k=662b3197a3c8d40bf9080163&cver=0&pop=false&asver=875&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtUm1XVTNuY2ZIZlRFNHJ0TTRsaUw4Iiwic2lkIjoiNjYyYjMxOTdhM2M4ZDQwYmY5MDgwMTYzIiwiaWF0IjoxNzE0MTA2Nzc1LCJleHAiOjE3MTQxMDg1NzUsImp0aSI6ImF3Q1pJLWtRcVNSM2s4c2EwV1lSZyJ9.Eyw00tcwL1-1ZQIptkdQ3z50XCoDw2zlZKMkFbfFfd1r6xClnP_KzyrRIzwEoTIIuS8GAhMurmbEzm8LvcUsRQ&EIO=3&transport=websocket&__t=OyOkRYI
104.22.24.131 0 B URL vsa77.tawk.to/s/?k=662b3197a3c8d40bf9080163&cver=0&pop=false&asver=875&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtUm1XVTNuY2ZIZlRFNHJ0TTRsaUw4Iiwic2lkIjoiNjYyYjMxOTdhM2M4ZDQwYmY5MDgwMTYzIiwiaWF0IjoxNzE0MTA2Nzc1LCJleHAiOjE3MTQxMDg1NzUsImp0aSI6ImF3Q1pJLWtRcVNSM2s4c2EwV1lSZyJ9.Eyw00tcwL1-1ZQIptkdQ3z50XCoDw2zlZKMkFbfFfd1r6xClnP_KzyrRIzwEoTIIuS8GAhMurmbEzm8LvcUsRQ&EIO=3&transport=websocket&__t=OyOkRYI
IP 104.22.24.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/?k=662b3197a3c8d40bf9080163&cver=0&pop=false&asver=875&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtUm1XVTNuY2ZIZlRFNHJ0TTRsaUw4Iiwic2lkIjoiNjYyYjMxOTdhM2M4ZDQwYmY5MDgwMTYzIiwiaWF0IjoxNzE0MTA2Nzc1LCJleHAiOjE3MTQxMDg1NzUsImp0aSI6ImF3Q1pJLWtRcVNSM2s4c2EwV1lSZyJ9.Eyw00tcwL1-1ZQIptkdQ3z50XCoDw2zlZKMkFbfFfd1r6xClnP_KzyrRIzwEoTIIuS8GAhMurmbEzm8LvcUsRQ&EIO=3&transport=websocket&__t=OyOkRYI HTTP/1.1
Host: vsa77.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://thuwin7.z13.web.core.windows.net
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TAnfPDbgafdHHX4MngcKcg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Fri, 26 Apr 2024 04:46:16 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: UVYDgrxKzagHYCH5J0gobz+WH5w=
sec-websocket-extensions: permessage-deflate
strict-transport-security: max-age=0; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 87a3ed94fdae0b61-OSL
alt-svc: h3=":443"; ma=86400
embed.tawk.to/_s/v4/app/662a1eb9625/languages/en.js
104.22.25.131200 OK 4.1 kB URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/languages/en.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type JavaScript source, ASCII text, with CRLF, LF line terminators
Hash 7f37a030886ec7fce1d065ec482789ee
661ad608ac1513e2ccdec4cd55eb552a8604c8f6
75b20e74e3effa00e4b62b9da6df7d7542d91cb4b50078b8365112d556a73a7e
GET /_s/v4/app/662a1eb9625/languages/en.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"7f37a030886ec7fce1d065ec482789ee"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 66370
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed93da2b712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-4fe9d5dd.js
104.22.25.131200 OK 408 B URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-4fe9d5dd.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type JavaScript source, ASCII text, with very long lines (906), with no line terminators
Hash 1c5ecf371149feca23bd895ba9dfec4d
6f6213ae4c63d959441572d232f0425467ed05de
fb193c2bcf1a14030cea8d72baa20ab7b1cf88f9e90adb31895279beedf6bf84
GET /_s/v4/app/662a1eb9625/js/twk-chunk-4fe9d5dd.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"1c5ecf371149feca23bd895ba9dfec4d"
cross-origin-opener-policy-report-only: same-origin; report-to="gfe-default_product_name"
report-to: {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]}
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 66370
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed945a6c712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
104.208.16.95200 OK 153 B URL OPTIONS HTTP/2 browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP 104.208.16.95:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
Fingerprint29:9F:60:88:78:23:9D:24:60:B8:2E:13:B5:87:2A:4D:B5:97:77:02
ValiditySat, 30 Mar 2024 21:44:48 GMT - Tue, 25 Mar 2025 21:44:48 GMT
Hash cc5a586a8dd67dc98eccfda96aceb441
feb70664ee5bdfc5bc8ca8fcc60583905424eafa
df5bcb3c22cc19f910b6412986c7a24c149334c4d90d1b507dfa287c7bd11ae3
POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Client-Id: NO_AUTH
client-version: 1DS-Web-JS-4.0.2
apikey: ac04587c8d6b439297eee84d88c95e8b-e1b6c3bf-fa11-485c-aebc-a825e1f68c8f-7432
upload-time: 1714106775775
time-delta-to-apply-millis: 1256
cache-control: no-cache, no-store
content-type: application/x-json-stream
Content-Length: 4950
Origin: https://support.microsoft.com
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Cookie: MC1=GUID=f2389e6e889549d1ac97a24f9f9cfaf9&HASH=f238&LV=202404&V=4&LU=1714106775541; MS0=fe0b3bbc0b0a47c3a7237676871cb027
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 153
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1188
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://support.microsoft.com
access-control-expose-headers: time-delta-millis
date: Fri, 26 Apr 2024 04:46:16 GMT
X-Firefox-Spdy: h2
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
104.208.16.95200 OK 154 B URL OPTIONS HTTP/2 browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP 104.208.16.95:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
Fingerprint29:9F:60:88:78:23:9D:24:60:B8:2E:13:B5:87:2A:4D:B5:97:77:02
ValiditySat, 30 Mar 2024 21:44:48 GMT - Tue, 25 Mar 2025 21:44:48 GMT
Hash a4d1d869cb33c512018f81ede73e9d65
3b94613a4585d1f2389e29b5d4b44f0fd61e88a2
856b6ec4671e10fb5ca81a6c3aceb3908cce82654cd9be6f684ccc487c2463b6
POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Client-Id: NO_AUTH
client-version: 1DS-Web-JS-3.2.17
apikey: b8ffe739c47a401190627519795ca4d2-044a8309-9d4b-430b-9d47-6e87775cbab6-6888
upload-time: 1714106775683
time-delta-to-apply-millis: use-collector-delta
cache-control: no-cache, no-store
content-type: application/x-json-stream
Content-Length: 25554
Origin: https://support.microsoft.com
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 154
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=80b94bef2dbd44bbb9fc0df239d880e0&HASH=80b9&LV=202404&V=4&LU=1714106776838; Domain=.microsoft.com; Expires=Sat, 26 Apr 2025 04:46:16 GMT; Path=/;Secure; SameSite=None
MS0=8d618a6b1bc34364a52f26415402bb14; Domain=.microsoft.com; Expires=Fri, 26 Apr 2024 05:16:16 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 1155
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://support.microsoft.com
access-control-expose-headers: time-delta-millis
date: Fri, 26 Apr 2024 04:46:16 GMT
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-7c2f6ba4.js
104.22.25.131200 OK 11 kB URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-7c2f6ba4.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (4709), with no line terminators
Hash 2aa77ebd44e41be8f065a2c774eb95b5
fba248ab0541c60cb157ade66888469593da1268
3ea4c2b974c8cde470e8b4c7d826b07055ed3662184f72fa0c25dc017e7d7eb7
GET /_s/v4/app/662a1eb9625/js/twk-chunk-7c2f6ba4.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"2aa77ebd44e41be8f065a2c774eb95b5"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 66370
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed943a64712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-71978bb6.js
104.22.25.131200 OK 20 kB URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-71978bb6.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type JavaScript source, ASCII text, with very long lines (18219), with no line terminators
Hash 1a61ae5574b1eb2c5f0f8bfeea28d732
0f4ad0dc72e3f4640d257659880899a3828a3ceb
33f2e9d5d5d3cbb5e9b9962839c6d01044ddd1a3a16b6a638e48b97ca8ffe01f
GET /_s/v4/app/662a1eb9625/js/twk-chunk-71978bb6.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"1a61ae5574b1eb2c5f0f8bfeea28d732"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 66370
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed942a57712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.0.2&apikey=ac04587c8d6b439297eee84d88c95e8b-e1b6c3bf-fa11-485c-aebc-a825e1f68c8f-7432&upload-time=1714106798326&time-delta-to-apply-millis=1256&w=0&NoResponseBody=true
104.208.16.95 0 B URL browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.0.2&apikey=ac04587c8d6b439297eee84d88c95e8b-e1b6c3bf-fa11-485c-aebc-a825e1f68c8f-7432&upload-time=1714106798326&time-delta-to-apply-millis=1256&w=0&NoResponseBody=true
IP 104.208.16.95:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
Fingerprint29:9F:60:88:78:23:9D:24:60:B8:2E:13:B5:87:2A:4D:B5:97:77:02
ValiditySat, 30 Mar 2024 21:44:48 GMT - Tue, 25 Mar 2025 21:44:48 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.0.2&apikey=ac04587c8d6b439297eee84d88c95e8b-e1b6c3bf-fa11-485c-aebc-a825e1f68c8f-7432&upload-time=1714106798326&time-delta-to-apply-millis=1256&w=0&NoResponseBody=true HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 979
Origin: https://support.microsoft.com
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Cookie: MC1=GUID=80b94bef2dbd44bbb9fc0df239d880e0&HASH=80b9&LV=202404&V=4&LU=1714106776838; MS0=8d618a6b1bc34364a52f26415402bb14
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 171
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://support.microsoft.com
access-control-expose-headers: time-delta-millis
date: Fri, 26 Apr 2024 04:46:38 GMT
X-Firefox-Spdy: h2
va.tawk.to/log-performance/v3
104.22.25.131200 OK 0 B URL OPTIONS HTTP/3 va.tawk.to/log-performance/v3
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /log-performance/v3 HTTP/1.1
Host: va.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://thuwin7.z13.web.core.windows.net/
Origin: https://thuwin7.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:16 GMT
content-type: text/html; charset=utf-8
x-served-by: visitor-application-preemptive-vv7c
access-control-allow-origin: https://thuwin7.z13.web.core.windows.net
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
cache-control: public, s-maxage=600, max-age=600
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed98bcb1712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
va.tawk.to/v1/session/start
104.22.25.131200 OK 0 B URL OPTIONS HTTP/3 va.tawk.to/v1/session/start
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /v1/session/start HTTP/1.1
Host: va.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://thuwin7.z13.web.core.windows.net/
Origin: https://thuwin7.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: text/html; charset=utf-8
x-served-by: visitor-application-preemptive-1f96
access-control-allow-origin: https://thuwin7.z13.web.core.windows.net
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
cache-control: public, s-maxage=600, max-age=600
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed8fd97b569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
mem.gfx.ms/scripts/me/MeControl/10.24086.4/en-US/meCore.min.js
13.107.246.53200 OK 101 kB URL GET HTTP/2 mem.gfx.ms/scripts/me/MeControl/10.24086.4/en-US/meCore.min.js
IP 13.107.246.53:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint15:1B:3E:26:F4:4A:EE:1C:C2:40:74:BB:BD:AE:20:E4:35:B0:40:40
ValidityWed, 17 Jan 2024 06:03:21 GMT - Sat, 11 Jan 2025 06:03:21 GMT
File type JavaScript source, ASCII text, with very long lines (34235), with CRLF, LF line terminators
Size 101 kB (100769 bytes)
Hash 6fe3dd83a0d98bc1977f57ea33c37693
8df606f40e4cc8c07ce929d5a82fd5304eaf4eb7
a5268a183f2a091d2d17773997e89a25fc45cbd60e586edf61f544fb85d6f6a8
GET /scripts/me/MeControl/10.24086.4/en-US/meCore.min.js HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:14 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 29 Mar 2024 00:16:14 GMT
etag: W/"1da81a8fbcebaa1"
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref: 20240426T044614Z-16c4f695cc54rz7xga6xfvddx000000009s0000000005z2t
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
content-encoding: br
X-Firefox-Spdy: h2
edgecdn.dev/code?code=a7400ed6d3f8ef9dff8b932728043756
172.67.193.253200 OK 32 B URL GET HTTP/2 edgecdn.dev/code?code=a7400ed6d3f8ef9dff8b932728043756
IP 172.67.193.253:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjectedgecdn.dev
Fingerprint3F:07:B3:96:B1:DD:2E:6E:FA:40:71:23:6E:40:81:A8:2E:E8:AC:44
ValiditySun, 03 Mar 2024 21:00:28 GMT - Sat, 01 Jun 2024 21:00:27 GMT
File type ASCII text, with no line terminators
Hash 4cf09a531c260f6f06378fd2521c1b24
cd708e55317c517e02c97c54d62e1f99952c5773
d8637afc3e6a2a5512a1d6914980ba597263c1d015c8c6940ed04f59447f9d0e
GET /code?code=a7400ed6d3f8ef9dff8b932728043756 HTTP/1.1
Host: edgecdn.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:13 GMT
content-type: text/javascript;charset=UTF-8
p3p: CP="CAO PSA OUR"
expires: Tue, 03 Jul 2001 06:00:00 GMT
pragma: no-cache
cache-control: max-age=3600, s-max-age=84600
set-cookie: PHPSESSID=1ipdthqntbmvo1chi9med6i8gl; path=/; secure; SameSite=None
last-modified: Fri, 26 Apr 2024 04:46:13 GMT
vary: Accept-Encoding,User-Agent
access-control-allow-origin: *
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VoHtDdtj3UIlsDDT%2FOT8a5WCQ5fZbdcZG0MnHziztUjLpbIzXY7TsTdzCFvYz0aj0wu1vrUpPDBadUyG6iELB67XHNpfndiUImzkKxOb465S5xDF2t8qiz6cYBmA5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3ed851f1a5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
support.microsoft.com/signin-oidc
2.18.172.114302 Found 0 B URL POST HTTP/2 support.microsoft.com/signin-oidc
IP 2.18.172.114:443
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectsupport.microsoft.com
Fingerprint28:BA:B3:E8:C1:D2:C8:B6:A1:1D:E4:BD:DE:3A:91:C1:FC:EF:16:37
ValidityThu, 18 May 2023 19:30:36 GMT - Sun, 12 May 2024 19:30:36 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /signin-oidc HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 477
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8CiTzr73KWNFsUGcHEnPeJoVI-w3sHYRNlMtLcp6cBGzLgE68gD3lEiYvOuPO3uu-UVcY2OuODCr_dMpslKvgZgascIsxGMXI_OmZTC7bf9fjCPr9Y4Yuahcr6dLERyR3AB8AW7cckWILjAr1y4__0KsyUIDHwo-BbpHgT4PQS8JKRzzwLO5b4d1PQsvAu46wL8oCw8TwRZyQHzvmnT9EhzTgN9Y_RRtfcPxbKSe72Fir2ljFdLbenOmgXz6Pf0xpDurEtK1ah0SVjsRdJpOmsA=N; .AspNetCore.Correlation.zS8JdGxMqyHTzSR2inh8pME4CZdux_sa5GzpvLZ_Nag=N; EXPID=947080c2-9675-4bbe-9497-fd54c0626336; MicrosoftApplicationsTelemetryDeviceId=5dc379cf-099b-4960-9734-7f519c9b402b; ai_session=NfVjlnfdAkwcWpQy6hpFX0|1714106773667|1714106773667
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-length: 0
server: Kestrel
location: /en-us/silentsigninhandler
request-context: appId=
x-correlationid: 0HN34JOH6RF65:000000EE
x-operationid: 7a06b955aada04c89f3c1c740162f4e1
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Fri, 26 Apr 2024 04:46:14 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 26 Apr 2024 04:46:14 GMT
set-cookie: .AspNetCore.Correlation.zS8JdGxMqyHTzSR2inh8pME4CZdux_sa5GzpvLZ_Nag=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/signin-oidc; secure; samesite=none; httponly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
mem.gfx.ms/me/mecache?partner=smcconvergence&wreply=https%3A%2F%2Fsupport.microsoft.com
13.107.246.53200 OK 0 B URL GET HTTP/2 mem.gfx.ms/me/mecache?partner=smcconvergence&wreply=https%3A%2F%2Fsupport.microsoft.com
IP 13.107.246.53:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint15:1B:3E:26:F4:4A:EE:1C:C2:40:74:BB:BD:AE:20:E4:35:B0:40:40
ValidityWed, 17 Jan 2024 06:03:21 GMT - Sat, 11 Jan 2025 06:03:21 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /me/mecache?partner=smcconvergence&wreply=https%3A%2F%2Fsupport.microsoft.com HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:14 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: public, no-transform, max-age=7200
expires: Fri, 26 Apr 2024 03:45:55 GMT
x-content-type-options: nosniff
content-security-policy: frame-ancestors https://support.microsoft.com;
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref: 20240426T044614Z-16c4f695cc5hfq6f949ffdfmq00000000340000000002qr6
x-fd-int-roxy-purgeid: 38334287
x-cache: TCP_HIT
content-encoding: br
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-24d8db78.js
104.22.25.131200 OK 113 kB URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-24d8db78.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type JavaScript source, ASCII text, with very long lines (65464)
Size 113 kB (113158 bytes)
Hash aad925e80502e8ac719a2640df03c50c
cf0c95e1856a5296eeb80d6193e3187df00714cf
cba2421f9fa1c1541cb2488a48e26a43a8ddbb9fc7fe1e4655ff23b09c5f006a
GET /_s/v4/app/662a1eb9625/js/twk-chunk-24d8db78.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"aad925e80502e8ac719a2640df03c50c"
cross-origin-opener-policy-report-only: same-origin; report-to="gfe-default_product_name"
report-to: {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]}
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 66369
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed945a6f712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
va.tawk.to/v1/session/start
104.22.25.131200 OK 1.0 kB URL POST HTTP/3 va.tawk.to/v1/session/start
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type troff or preprocessor input, ASCII text, with very long lines (1108), with no line terminators
Hash 74504fb8a02d2986041333e87e22cffe
897956e16728367a74ab268482e69f4ae16d3269
51f746bb71df225858147443ce22daa0398ef2e338915430d7c0a2bde838133f
POST /v1/session/start HTTP/1.1
Host: va.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thuwin7.z13.web.core.windows.net/
Content-Type: application/json; charset=utf-8
Content-Length: 192
Origin: https://thuwin7.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: application/json
x-served-by: visitor-application-preemptive-9rr3
access-control-allow-origin: https://thuwin7.z13.web.core.windows.net
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed90d90b712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-48f3b594.js
104.22.25.131200 OK 19 kB URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-48f3b594.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type JavaScript source, ASCII text, with very long lines (19106), with no line terminators
Hash d18819d6e50e90f8225b99b3e3f8b033
72f8cfb54c4eba6d2d7e3f626ef4a6a524e91f14
ea68bb2a55d65245ef64dd7300f276a9666cf0eadd83601560aa4ee2ef13ebaf
GET /_s/v4/app/662a1eb9625/js/twk-chunk-48f3b594.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"d18819d6e50e90f8225b99b3e3f8b033"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 66370
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed944a66712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-runtime.js
104.22.25.131200 OK 2.3 kB URL GET HTTP/2 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-runtime.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type JavaScript source, ASCII text, with very long lines (2349), with no line terminators
Hash 47add194bc0d294ee4c4a0c0d4bc3dca
1d30f98d12e3698493d548edbd929d050db7a12b
4a2a839a289dd4ee494be8ffef191a4462eae739d5c7fb568048b96a54a97a82
GET /_s/v4/app/662a1eb9625/js/twk-runtime.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thuwin7.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:14 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"22011f5c9255e6d37ef412f49777e88c"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed8c39eab50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
va.tawk.to/log-performance/v3
104.22.25.131200 OK 5 B URL POST HTTP/3 va.tawk.to/log-performance/v3
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type ASCII text, with no line terminators
Hash 38a8a3e3b4b6a6e4f295b2e0f899b1f0
474f5fac3d23afbaf16c5a31c98dfcd956e4c186
7652c7891ed06bce4174ab00a6ee9721daf6a4286929213ecb7daf42cd866615
POST /log-performance/v3 HTTP/1.1
Host: va.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thuwin7.z13.web.core.windows.net/
Content-Type: application/json; charset=utf-8
Content-Length: 95
Origin: https://thuwin7.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:16 GMT
content-type: text/html; charset=utf-8
x-served-by: visitor-application-preemptive-9rr3
access-control-allow-origin: https://thuwin7.z13.web.core.windows.net
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed99cd66712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js
13.107.246.53200 OK 92 kB URL GET HTTP/2 js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js
IP 13.107.246.53:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectjs.monitor.azure.com
FingerprintDD:47:44:23:11:4B:FF:38:78:DD:22:21:3B:26:E6:50:05:D5:C2:3F
ValidityMon, 18 Mar 2024 20:01:57 GMT - Thu, 13 Mar 2025 20:01:57 GMT
File type JavaScript source, ASCII text, with very long lines (65394)
Hash 06423867592d7246b2509b064482709f
4ff499e171f2b154dcdd0ab94f843cde151bea4a
b797baa552116e4ba21ead29f41a4258e3b04db8da18e796ce571f05d54d59c5
GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1
Host: js.monitor.azure.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:13 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1800, immutable, no-transform
last-modified: Mon, 25 Mar 2024 17:34:29 GMT
x-ms-request-id: 1433939b-f01e-0019-557d-925bba000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.17
x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.shared.analytics.mectrl-3.2.17.gbl.min.js
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240426T044613Z-16c4f695cc5vgf6c48t4338xf400000009sg000000002c05
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
content-encoding: br
X-Firefox-Spdy: h2
va.tawk.to/v1/widget-settings?propertyId=57319e009c52c0bc56e39866&widgetId=default&sv=null
104.22.25.131200 OK 2.3 kB URL GET HTTP/3 va.tawk.to/v1/widget-settings?propertyId=57319e009c52c0bc56e39866&widgetId=default&sv=null
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type troff or preprocessor input, ASCII text, with very long lines (2653), with no line terminators
Hash 2f2671bf59bc19e32769bffd3f4005f1
b6c54787096011735946f15f4f6d264cc53a5a1a
fec4f1f57898378dad5b9879a2b833bb1609e180ef1c315744ab84890f0b8809
GET /v1/widget-settings?propertyId=57319e009c52c0bc56e39866&widgetId=default&sv=null HTTP/1.1
Host: va.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thuwin7.z13.web.core.windows.net/
Origin: https://thuwin7.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: application/json
x-served-by: visitor-application-preemptive-ckwl
access-control-allow-origin: *
access-control-max-age: 3600
access-control-allow-methods: GET,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
cache-control: public, max-age=7200, s-maxage=1800
etag: W/"2-1-0"
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed8fd97a569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
embed.tawk.to/_s/v4/assets/images/attention-grabbers/62-r-br.svg
104.22.25.131200 OK 3.6 kB URL GET HTTP/3 embed.tawk.to/_s/v4/assets/images/attention-grabbers/62-r-br.svg
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type SVG Scalable Vector Graphics image
Hash 2b362d1cbddebfdfb64e5d6fe3a06868
bd14604dc1b3d9ece22ca44e5b59292c5f22e967
bdc2583b0d11796600fff2234c58b7d3003634ed5fe90910b60297ccbf7e124e
GET /_s/v4/assets/images/attention-grabbers/62-r-br.svg HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: image/svg+xml
last-modified: Sat, 22 May 2021 07:25:17 GMT
etag: W/"9f9370510ae706972f6bca868cd18e3e"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 512034
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed95eb3a712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-f1565420.js
104.22.25.131200 OK 11 kB URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-f1565420.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type JavaScript source, ASCII text, with very long lines (11134), with no line terminators
Hash 6eb7c532b91a2f8beca16a92e84c1ddc
0cfae484662dc97125a619244ae80de75e38a45d
2d1a9b835d8ce6ca7c4290f4a4691b33123ed9f0c01344e768cf540f0b60c873
GET /_s/v4/app/662a1eb9625/js/twk-chunk-f1565420.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"6eb7c532b91a2f8beca16a92e84c1ddc"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 66370
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed942a5d712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-2d0b9454.js
104.22.25.131200 OK 535 B URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-2d0b9454.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type JavaScript source, ASCII text, with very long lines (557), with no line terminators
Hash 3f4a6312d60391bda06462d7321ffcdc
9f09295297840a36d2ac95344b39b0af1a729f82
28d61df22c079e51c45b6f87db516f03cb85cf3f2c3a970be369944c3f91bcf1
GET /_s/v4/app/662a1eb9625/js/twk-chunk-2d0b9454.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"c506281367048d4a134c9affbc68c8c6"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 66370
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed945a6e712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
embed.tawk.to/_s/v4/app/662a1eb9625/css/max-widget.css
104.22.25.131200 OK 80 kB URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/css/max-widget.css
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 841dfc43e314d1221f40ac5fc8a0e1d7
82c3e186304b09a148d3d54464d18daac33dd3df
a9b993fc2ac8c0f86074072925cc9fccabd9d994320655569e54ee00474fe78c
GET /_s/v4/app/662a1eb9625/css/max-widget.css HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: text/css
cache-control: public, max-age=2592000, immutable
cf-bgj: minify
cf-polished: origSize=79639
access-control-allow-origin: *
etag: W/"1898e8df61122af85be88128d075119a"
last-modified: Thu, 25 Apr 2024 09:14:16 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-cache-status: HIT
cf-cache-status: HIT
age: 66369
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed959b0d712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-common.js
104.22.25.131200 OK 225 kB URL GET HTTP/2 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-common.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
Size 225 kB (224976 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_s/v4/app/662a1eb9625/js/twk-chunk-common.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thuwin7.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:14 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"e2366040fcdc5d76ce1dc5d5c3f72561"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed8c39e1b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-vendor.js
104.22.25.131200 OK 83 kB URL GET HTTP/2 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-vendor.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_s/v4/app/662a1eb9625/js/twk-vendor.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thuwin7.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:14 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"3b341e35b39f6195793ecaf5db7c1d63"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed8c29c7b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-vendors.js
104.22.25.131200 OK 217 kB URL GET HTTP/2 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-chunk-vendors.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
Size 217 kB (217391 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_s/v4/app/662a1eb9625/js/twk-chunk-vendors.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thuwin7.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:14 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"77a40166698f808a0942865537165b0f"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed8c29cab50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-main.js
104.22.25.131200 OK 121 B URL GET HTTP/2 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-main.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type ASCII text, with no line terminators
Hash 3b41342f7e3be590563e8e3b5ff770c7
c9ca54d23ea78b320f080b76e22bb6b4e704d55f
ef04d89daeed55613a63a4af62c147ce86e4a7f22c8ce700dd6bdb11ab187e43
GET /_s/v4/app/662a1eb9625/js/twk-main.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thuwin7.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:14 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 09:14:17 GMT
etag: W/"da5bb1dc647470204df0e49f5afac2de"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed8c29c3b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-app.js
104.22.25.131520 No Reason Phrase 12 kB URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/js/twk-app.js
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type HTML document, ASCII text, with very long lines (10164)
Hash 3a996e7269c2bccf4aa52c7796f26517
7514b4dcbaf78c8c65984f3fee7e4e22ac0bafad
98f30b74e1de6ba43e07c3b0d769a60e48cd0e78dd471373e33cc5d525297e22
GET /_s/v4/app/662a1eb9625/js/twk-app.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thuwin7.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 520 No Reason Phrase
date: Fri, 26 Apr 2024 04:46:14 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 87a3ed8c4e46569d-OSL
server: cloudflare
embed.tawk.to/57319e009c52c0bc56e39866/default
104.22.25.131200 OK 2.1 kB URL GET HTTP/2 embed.tawk.to/57319e009c52c0bc56e39866/default
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type JavaScript source, ASCII text, with very long lines (2308), with no line terminators
Hash 1f4d27b65b247c0efd4878da22d523fa
4040b731d631466613253b772f7e88e6c25c6dbc
e5e7587deda0d9bc01d2ef8f5e737d3dc1d13a233c8d46ee10b0e1e4d6b35679
GET /57319e009c52c0bc56e39866/default HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thuwin7.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:13 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, s-maxage=3600
etag: W/"stable-v4-662a1eb9625"
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed84cb97b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
userstatics.com/get/script.js?referrer=https://thuwin7.z13.web.core.windows.net/
0.0.0.0 0 B URL GET userstatics.com/get/script.js?referrer=https://thuwin7.z13.web.core.windows.net/
IP 0.0.0.0:0
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerLet's Encrypt
Subjectuserstatics.com
FingerprintAB:62:24:6D:5D:BB:D9:D8:00:B7:CB:47:DD:7C:74:69:C8:48:16:49
ValidityThu, 28 Mar 2024 13:34:23 GMT - Wed, 26 Jun 2024 13:34:22 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /get/script.js?referrer=https://thuwin7.z13.web.core.windows.net/ HTTP/1.1
Host: userstatics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thuwin7.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:14 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/8.2.1
access-control-allow-origin: https://thuwin7.z13.web.core.windows.net
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U7ihHA2V2TAprWhj%2BAOGoST8q4WI7CdTJpvjC5mLwAhFdGjky8uQs0ziOKtpWpx2t7AWJ9OCG80gq3agUV2jHI8sLt7cPREpNmq0X8dMn3TF%2BPqW5ODkUczi7rYhMNN1c0E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3ed89be135691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/662a1eb9625/css/min-widget.css
104.22.25.131200 OK 25 kB URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/css/min-widget.css
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type ASCII text, with very long lines (24729), with no line terminators
Hash 85bc05ac9c8cf96b380e0ae1866aaadf
29355251295c8610c7ff032d8252d94987adc8a9
1dbc2527f5f9662d10909d5a818c5d50b12f128df778f041ecfc5d438815c8d9
GET /_s/v4/app/662a1eb9625/css/min-widget.css HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: text/css
cache-control: public, max-age=2592000, immutable
cf-bgj: minify
cf-polished: origSize=24809
access-control-allow-origin: *
etag: W/"2d7f176b563b25833791f4844819b5ee"
last-modified: Thu, 25 Apr 2024 09:14:16 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-cache-status: HIT
cf-cache-status: HIT
age: 66369
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed951ad2712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
mem.gfx.ms/scripts/me/MeControl/10.24086.4/en-US/meBoot.min.js
13.107.246.53200 OK 204 kB URL GET HTTP/2 mem.gfx.ms/scripts/me/MeControl/10.24086.4/en-US/meBoot.min.js
IP 13.107.246.53:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://support.microsoft.com/en-us/windows
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint15:1B:3E:26:F4:4A:EE:1C:C2:40:74:BB:BD:AE:20:E4:35:B0:40:40
ValidityWed, 17 Jan 2024 06:03:21 GMT - Sat, 11 Jan 2025 06:03:21 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 204 kB (204055 bytes)
Hash 7b3a8eb2df127e5d0870e11c116a5f8f
3a7ec51120e9ec70911c3b5554dec5aa5fd61168
6bfd174274d9ace1c7e8b7b66f8ae0c33d263af788ed989561e9e43d46622482
GET /scripts/me/MeControl/10.24086.4/en-US/meBoot.min.js HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
DNT: 1
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:46:13 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 29 Mar 2024 00:16:10 GMT
etag: W/"1da81a8f96fc417"
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref: 20240426T044613Z-16c4f695cc54rz7xga6xfvddx000000009s0000000005z2k
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
content-encoding: br
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/662a1eb9625/css/bubble-widget.css
104.22.25.131200 OK 14 kB URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/css/bubble-widget.css
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type ASCII text, with very long lines (13521), with no line terminators
Hash 950518e32fd92957181f766f08d3cf98
9fe20c86b818d3576e9d70e6ed091964cb8b7427
2f56f47d64037d5aa3a96b50c840580e5549fee6f9fafff8af3d1821d189fa5c
GET /_s/v4/app/662a1eb9625/css/bubble-widget.css HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: text/css
cache-control: public, max-age=2592000, immutable
cf-bgj: minify
cf-polished: origSize=13594
access-control-allow-origin: *
etag: W/"ce7913b80c763449b3895d46419f7a6b"
last-modified: Thu, 25 Apr 2024 09:14:16 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-cache-status: HIT
cf-cache-status: HIT
age: 66369
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed959b07712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
embed.tawk.to/_s/v4/app/662a1eb9625/css/message-preview.css
104.22.25.131200 OK 42 kB URL GET HTTP/3 embed.tawk.to/_s/v4/app/662a1eb9625/css/message-preview.css
IP 104.22.25.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
File type ASCII text, with very long lines (42158), with no line terminators
Hash 3ef9389ec195f586dd413bd7961cfb5c
a42064125dfec0d7fca0e4666c8ac7b9adfcda39
5fb233914781fed5ad823ebc0bb5781fbc71375dc50fb0a2f7061974a539eb2b
GET /_s/v4/app/662a1eb9625/css/message-preview.css HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:46:15 GMT
content-type: text/css
cache-control: public, max-age=2592000, immutable
cf-bgj: minify
cf-polished: origSize=42291
access-control-allow-origin: *
etag: W/"471037caa670344edd2ca8e96bbc2125"
last-modified: Thu, 25 Apr 2024 09:14:16 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-cache-status: HIT
cf-cache-status: HIT
age: 66369
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3ed958b04712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
vsa77.tawk.to/s/?k=662b3197a3c8d40bf9080163&cver=0&pop=false&asver=875&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtUm1XVTNuY2ZIZlRFNHJ0TTRsaUw4Iiwic2lkIjoiNjYyYjMxOTdhM2M4ZDQwYmY5MDgwMTYzIiwiaWF0IjoxNzE0MTA2Nzc1LCJleHAiOjE3MTQxMDg1NzUsImp0aSI6ImF3Q1pJLWtRcVNSM2s4c2EwV1lSZyJ9.Eyw00tcwL1-1ZQIptkdQ3z50XCoDw2zlZKMkFbfFfd1r6xClnP_KzyrRIzwEoTIIuS8GAhMurmbEzm8LvcUsRQ&EIO=3&transport=websocket&__t=OyOkRYI
104.22.24.131101 Switching Protocols 0 B URL GET HTTP/1.1 vsa77.tawk.to/s/?k=662b3197a3c8d40bf9080163&cver=0&pop=false&asver=875&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtUm1XVTNuY2ZIZlRFNHJ0TTRsaUw4Iiwic2lkIjoiNjYyYjMxOTdhM2M4ZDQwYmY5MDgwMTYzIiwiaWF0IjoxNzE0MTA2Nzc1LCJleHAiOjE3MTQxMDg1NzUsImp0aSI6ImF3Q1pJLWtRcVNSM2s4c2EwV1lSZyJ9.Eyw00tcwL1-1ZQIptkdQ3z50XCoDw2zlZKMkFbfFfd1r6xClnP_KzyrRIzwEoTIIuS8GAhMurmbEzm8LvcUsRQ&EIO=3&transport=websocket&__t=OyOkRYI
IP 104.22.24.131:443
Requested by https://thuwin7.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjecttawk.to
Fingerprint83:4E:6B:81:26:A0:67:FF:06:8D:D3:DC:E5:70:3F:A3:4B:08:C5:F5
ValidityThu, 28 Mar 2024 00:13:59 GMT - Wed, 26 Jun 2024 00:13:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/?k=662b3197a3c8d40bf9080163&cver=0&pop=false&asver=875&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtUm1XVTNuY2ZIZlRFNHJ0TTRsaUw4Iiwic2lkIjoiNjYyYjMxOTdhM2M4ZDQwYmY5MDgwMTYzIiwiaWF0IjoxNzE0MTA2Nzc1LCJleHAiOjE3MTQxMDg1NzUsImp0aSI6ImF3Q1pJLWtRcVNSM2s4c2EwV1lSZyJ9.Eyw00tcwL1-1ZQIptkdQ3z50XCoDw2zlZKMkFbfFfd1r6xClnP_KzyrRIzwEoTIIuS8GAhMurmbEzm8LvcUsRQ&EIO=3&transport=websocket&__t=OyOkRYI HTTP/1.1
Host: vsa77.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://thuwin7.z13.web.core.windows.net
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TAnfPDbgafdHHX4MngcKcg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Fri, 26 Apr 2024 04:46:16 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: UVYDgrxKzagHYCH5J0gobz+WH5w=
sec-websocket-extensions: permessage-deflate
strict-transport-security: max-age=0; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 87a3ed94fdae0b61-OSL
alt-svc: h3=":443"; ma=86400