{"report_id":"10af5ff7-b8db-42b2-be6e-e200d1a33bdc","version":6,"status":"done","tags":["phishing","gophish"],"date":"2026-03-25T15:55:58Z","url":{"schema":"http","addr":"corporate.remote-otp.com/activateyouraccount?rid=RhB5bB3","fqdn":"corporate.remote-otp.com","domain":"remote-otp.com","tld":"com"},"ip":{"addr":"52.51.90.0","port":0,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"final":{"url":{"schema":"https","addr":"corporate.remote-otp.com/activateyouraccount?rid=RhB5bB3","fqdn":"corporate.remote-otp.com","domain":"remote-otp.com","tld":"com"},"title":"Sign in to your Microsoft Account","dom":{"size":6730,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"520a579cf1ee231a6b9ca8344f830de3","sha1":"21bbf54a584d45c64ef3c0936293cbd71c760b47","sha256":"be0ceac0efe13f1a0f21d0edc0383f7a4e1bea401cfc3c27ff55510f59bd7ba7","sha512":"b5175fb14a499d0b4e60e1a4792db023b33d47be11435316da56bb49b6b596f80dd345ff9212373ee4fa3bf5cd5d8e8f69cbe61773f9ef7b3dc9722fbbf7c0d7","ssdeep":"192:kyvzmunzq4cevFjhZDlSqJ+yzOn/bpRS4QKar6y+:kmYiFlZhQLSq","tlshash":"cfd1449565f31456654395b93be7960977a4c043820acd193fbc66c8cfcaec58ca33ca","dom_hash":"domhash925c8a55497d288e715e9cb4484f13a3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"corporate.remote-otp.com/activateyouraccount?rid=RhB5bB3","fqdn":"corporate.remote-otp.com","domain":"remote-otp.com","tld":"com"},"ip":{"addr":"52.51.90.0","port":0,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-29T15:55:58Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"corporate.remote-otp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"corporate.remote-otp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Gophish Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","gophish"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Gophish Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","gophish"],"meta":null}]},"summary":[{"fqdn":"corporate.remote-otp.com","ip":{"addr":"54.217.38.204","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2023-10-05","domain_rank":0,"first_seen":"2026-03-25T13:58:11.282712Z","last_seen":"2026-03-25T13:58:11.282712Z","alert_count":6,"request_count":2,"received_data":7901,"sent_data":1010,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"aadcdn.msauth.net","ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"domain_registered":"2018-10-25","domain_rank":5248,"first_seen":"2018-11-19T10:50:03Z","last_seen":"2026-03-25T13:25:07.362056Z","alert_count":0,"request_count":3,"received_data":9439,"sent_data":1538,"comment":"","tags":null,"fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Gophish Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","gophish"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"corporate.remote-otp.com/activateyouraccount?rid=RhB5bB3","fqdn":"corporate.remote-otp.com","domain":"remote-otp.com","tld":"com"},"ip":{"addr":"54.217.38.204","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"introduction_type":"scriptElement","is_inline":true,"md5":"98cec8a9ee69142c9e6de13743d7eb15","sha1":"0b87b52d7d51e696c26fac87e74ad8cabf71a0bb","sha256":"6488969a29bec47560954f4959a162038a25b21a5b1a7c4196c63a9414120937","sha512":"15f81715b205067ad2ea1ee13221b46012b184ac68d3434cc923b79e360c0eb612be859a1a1d0e63578c01d77d46f3cc763d30acc32f6d11d35b8a65c7ef431e","ssdeep":"","tlshash":"1921afbe329618340e9779bb2486838af570c0932c4ba4147a3d5288af94f417979bd7","size":1388,"data":"","first_seen":"2025-04-06T09:44:46.040849Z","last_seen":"2026-04-28T18:05:44.871368Z","times_seen":100,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"aadcdn.msauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg","fqdn":"aadcdn.msauth.net","domain":"msauth.net","tld":"net"},"ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://corporate.remote-otp.com/activateyouraccount?rid=RhB5bB3","date":"2026-03-25T15:55:35.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aadcdn.msauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft TLS G2 RSA CA OCSP 04","organization":"Microsoft Corporation"},"validity":{"start":"Fri, 06 Mar 2026 19:39:46 GMT","end":"Wed, 02 Sep 2026 19:39:46 GMT"},"fingerprint":{"sha1":"90:D1:7D:09:02:B5:35:F1:FD:F7:6C:6A:EF:1D:B2:99:60:B0:E2:0C","sha256":"9C:1A:83:B2:23:49:7D:D8:8A:D4:AE:F6:D2:F6:A4:AB:35:F3:21:16:30:7F:01:51:68:8C:F6:B3:04:EA:91:B0"}}},"request":{"raw":"GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1\r\nHost: aadcdn.msauth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://corporate.remote-otp.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:55:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 621\r\ncache-control: public, max-age=31536000\r\ncontent-encoding: gzip\r\nlast-modified: Wed, 24 May 2023 10:11:49 GMT\r\netag: 0x8DB5C3F49ED96E0\r\nx-ms-request-id: a9b605d9-e01e-004f-53fd-ab8daf000000\r\nx-ms-version: 2009-09-19\r\nx-ms-lease-status: unlocked\r\nx-ms-blob-type: BlockBlob\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,ETag,Last-Modified,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding\r\naccess-control-allow-origin: *\r\nx-azure-ref: 20260325T155535Z-16c6dc4f4d6qffd2hC1SVG0gm80000002ap000000000415a\r\nx-fd-int-roxy-purgeid: 0\r\nx-cache: TCP_HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}],"data":{"size":1592,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4e48046ce74f4b89d45037c90576bfac","sha1":"4a41b3b51ed787f7b33294202da72220c7cd2c32","sha256":"8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93","sha512":"b2bba2a68edaa1a08cfa31ed058afb5e6a3150aabb9a78db9f5ccc2364186d44a015986a57707b57e2cc855fa7da57861ad19fc4e7006c2c239c98063fe903cf","ssdeep":"","tlshash":"b931787f43b45ae7239017741760626c13f4ee917169d0b4dba30c9a8d4bd33327843a","first_seen":"2023-04-14T20:16:11Z","last_seen":"2026-05-01T06:06:08.16735Z","times_seen":77108,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":34,"dns":1,"connect":9,"send":0,"wait":8,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"corporate.remote-otp.com/favicon.ico","fqdn":"corporate.remote-otp.com","domain":"remote-otp.com","tld":"com"},"ip":{"addr":"54.217.38.204","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://corporate.remote-otp.com/activateyouraccount?rid=RhB5bB3","date":"2026-03-25T15:55:35.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.remote-otp.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Wed, 09 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:9A:87:11:EC:8B:1A:EA:89:B5:6E:5E:E5:A6:C4:81:5B:19:F8:20","sha256":"CB:BF:22:97:75:0C:3B:CB:21:AE:0F:A8:F1:42:4A:A3:24:D7:DC:FB:DD:14:E3:E5:8E:1B:5C:34:4E:02:DA:23"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: corporate.remote-otp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://corporate.remote-otp.com/activateyouraccount?rid=RhB5bB3\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:55:35 GMT\r\ncontent-type: text/html\r\ncontent-length: 604\r\nlast-modified: Tue, 10 Mar 2026 16:08:11 GMT\r\netag: \"69b041eb-25c\"\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15724800; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":604,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (604), with no line terminators","md5":"2f59f9cb5c638ec35ae4654a13b8c1eb","sha1":"ea8a55a97d333bf0117cf5806753986ec972a387","sha256":"7247dc81d93f5fcd184171001bee2078c7e0254239086fd84add4f9d5f26188b","sha512":"d6196e33393de08d0720401cadfb75dffd7813c62fa86192bf35d661d05b2e589527297a0f2b6c4f2aa0c53b7470c948db93d839012a49cb66b05ae39b7783b7","ssdeep":"","tlshash":"b8f04186dc20c48d53705e85ae31f31ec88aae0c8e219cc061f441bc08e0fc9896bc04","first_seen":"2026-03-10T17:03:51.743104Z","last_seen":"2026-03-30T12:11:53.999716Z","times_seen":168,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"corporate.remote-otp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"corporate.remote-otp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Gophish Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","gophish"],"meta":null}]}},{"url":{"schema":"https","addr":"corporate.remote-otp.com/activateyouraccount?rid=RhB5bB3","fqdn":"corporate.remote-otp.com","domain":"remote-otp.com","tld":"com"},"ip":{"addr":"54.217.38.204","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:55:34.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.remote-otp.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Wed, 09 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:9A:87:11:EC:8B:1A:EA:89:B5:6E:5E:E5:A6:C4:81:5B:19:F8:20","sha256":"CB:BF:22:97:75:0C:3B:CB:21:AE:0F:A8:F1:42:4A:A3:24:D7:DC:FB:DD:14:E3:E5:8E:1B:5C:34:4E:02:DA:23"}}},"request":{"raw":"GET /activateyouraccount?rid=RhB5bB3 HTTP/1.1\r\nHost: corporate.remote-otp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:55:34 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 1965\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nx-server: gophish\r\nstrict-transport-security: max-age=15724800; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6757,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"c20b034a975298733105cd9ac1b288ba","sha1":"3e1d6d4e644dfbd8045dcfae16eff77f59c22c1b","sha256":"2bd630a92fa39a71f7649ee8625bd0b7825071a378f0bc5a2590b2c93877cbe2","sha512":"ff52206d38ae15369ef1eb0f28fbd831fe0db571ec5a8dafa9858700c4f7bd34e006b5352d7149109b1d650147dbc30b208ed73bc81aa4e5170fff3cca9d9679","ssdeep":"192:cyvzmunzq4cevFjhZDlSqJ+yzbn/bCGST10ar6y+:cmYiFlZhF7Sg","tlshash":"5ad1449565f31456654395b93ae796097794c043830acd193fbc6ac8cfcaec58ca33ca","first_seen":"2025-05-13T09:32:21.129831Z","last_seen":"2026-04-28T18:05:44.866194Z","times_seen":59,"resource_available":true,"data":null}},"time_used":642,"timings":{"blocked":248,"dns":102,"connect":33,"send":0,"wait":146,"receive":0,"ssl":110},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"corporate.remote-otp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"corporate.remote-otp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Gophish Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","gophish"],"meta":null}]}},{"url":{"schema":"https","addr":"aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg","fqdn":"aadcdn.msauth.net","domain":"msauth.net","tld":"net"},"ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://corporate.remote-otp.com/activateyouraccount?rid=RhB5bB3","date":"2026-03-25T15:55:35.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aadcdn.msauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft TLS G2 RSA CA OCSP 04","organization":"Microsoft Corporation"},"validity":{"start":"Fri, 06 Mar 2026 19:39:46 GMT","end":"Wed, 02 Sep 2026 19:39:46 GMT"},"fingerprint":{"sha1":"90:D1:7D:09:02:B5:35:F1:FD:F7:6C:6A:EF:1D:B2:99:60:B0:E2:0C","sha256":"9C:1A:83:B2:23:49:7D:D8:8A:D4:AE:F6:D2:F6:A4:AB:35:F3:21:16:30:7F:01:51:68:8C:F6:B3:04:EA:91:B0"}}},"request":{"raw":"GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1\r\nHost: aadcdn.msauth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://corporate.remote-otp.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:55:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 1435\r\ncache-control: public, max-age=31536000\r\ncontent-encoding: gzip\r\nlast-modified: Wed, 24 May 2023 10:11:48 GMT\r\netag: 0x8DB5C3F4911527F\r\nx-ms-request-id: ca8912c5-c01e-000e-7e5e-ab9d59000000\r\nx-ms-version: 2009-09-19\r\nx-ms-lease-status: unlocked\r\nx-ms-blob-type: BlockBlob\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,ETag,Last-Modified,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding\r\naccess-control-allow-origin: *\r\nx-azure-ref: 20260325T155535Z-16c6dc4f4d6qffd2hC1SVG0gm80000002ap0000000004159\r\nx-fd-int-roxy-purgeid: 0\r\nx-cache: TCP_HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}],"data":{"size":3651,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ee5c8d9fb6248c938fd0dc19370e90bd","sha1":"d01a22720918b781338b5bbf9202b241a5f99ee4","sha256":"04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a","sha512":"c77215b729d0e60c97f075998e88775cd0f813b4d094dc2fdd13e5711d16f4e5993d4521d0fbd5bf7150b0dbe253d88b1b1ff60901f053113c5d7c1919852d58","ssdeep":"","tlshash":"6371117b132887dae9d4a78c2e997b8d377095c4b1b24290874328a5bc086f7f038d60","first_seen":"2023-04-06T08:44:24Z","last_seen":"2026-05-01T06:32:19.510827Z","times_seen":124823,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":35,"dns":1,"connect":9,"send":0,"wait":8,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg","fqdn":"aadcdn.msauth.net","domain":"msauth.net","tld":"net"},"ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://corporate.remote-otp.com/activateyouraccount?rid=RhB5bB3","date":"2026-03-25T15:55:35.115Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aadcdn.msauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft TLS G2 RSA CA OCSP 04","organization":"Microsoft Corporation"},"validity":{"start":"Fri, 06 Mar 2026 19:39:46 GMT","end":"Wed, 02 Sep 2026 19:39:46 GMT"},"fingerprint":{"sha1":"90:D1:7D:09:02:B5:35:F1:FD:F7:6C:6A:EF:1D:B2:99:60:B0:E2:0C","sha256":"9C:1A:83:B2:23:49:7D:D8:8A:D4:AE:F6:D2:F6:A4:AB:35:F3:21:16:30:7F:01:51:68:8C:F6:B3:04:EA:91:B0"}}},"request":{"raw":"GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1\r\nHost: aadcdn.msauth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://corporate.remote-otp.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:55:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 673\r\ncache-control: public, max-age=31536000\r\ncontent-encoding: gzip\r\nlast-modified: Wed, 24 May 2023 10:11:46 GMT\r\netag: 0x8DB5C3F47E260FD\r\nx-ms-request-id: 481b8cdf-801e-006d-47d7-ac00a2000000\r\nx-ms-version: 2009-09-19\r\nx-ms-lease-status: unlocked\r\nx-ms-blob-type: BlockBlob\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,ETag,Last-Modified,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding\r\naccess-control-allow-origin: *\r\nx-azure-ref: 20260325T155535Z-16c6dc4f4d6qffd2hC1SVG0gm80000002ap000000000415b\r\nx-fd-int-roxy-purgeid: 0\r\nx-cache: TCP_HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}],"data":{"size":1864,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bc3d32a696895f78c19df6c717586a5d","sha1":"9191cb156a30a3ed79c44c0a16c95159e8ff689d","sha256":"0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68","sha512":"8d4f38907f3423a86d90575772b292680f7970527d2090fc005f9b096cc81d3f279d59ad76eafca30c3d4bbaf2276bbaa753e2a46a149424cf6f1c319ded5a64","ssdeep":"","tlshash":"4e310059c51d3566ec04c3aceae1d468315e71efa8a581c961849b3f95b0dce0eccb70","first_seen":"2023-04-12T23:20:27Z","last_seen":"2026-05-01T05:00:56.690001Z","times_seen":102710,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":29,"dns":1,"connect":7,"send":0,"wait":8,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}