r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12902
Expires: Tue, 28 Mar 2023 19:27:48 GMT
Date: Tue, 28 Mar 2023 15:52:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7913
Expires: Tue, 28 Mar 2023 18:04:39 GMT
Date: Tue, 28 Mar 2023 15:52:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 28 Mar 2023 15:28:04 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1482
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5ad3eec59bebbf969f175627757507c1
b176af3a70db378c9e1f219bab24d9d446070d6f
704fa284035b4c9aa487331b516f5f11c324e204756ae2503bad2606ed34f25e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "704FA284035B4C9AA487331B516F5F11C324E204756AE2503BAD2606ED34F25E"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6636
Expires: Tue, 28 Mar 2023 17:43:22 GMT
Date: Tue, 28 Mar 2023 15:52:46 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: VueAGBunOJgZerZmflUTIX7/aSD7bPT88f9tg2rvvu4R7gp/AkfaZ8XFQVOQp/ZINgT3VwdrrFI=
x-amz-request-id: 368YVZ9XBA42666Q
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 28 Mar 2023 14:56:15 GMT
age: 3391
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 15:52:46 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
143.198.232.196/tj6/index.php
143.198.232.196200 OK 813 B URL HTTP/1.1 143.198.232.196/tj6/index.php
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash fc5ea794f4e6647a495200c6e5d86061
b3247eff7ee8a08c20fb46e88143f392b4bfe951
29135cd98e2222dde05a6ebda4a55d78570e7876fa2b66888a0a92c7e2c5a660
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/index.php HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:46 GMT
Server: Apache/2.4.52 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 813
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
143.198.232.196200 OK 6.7 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (422), with CRLF line terminators
Hash f9537a3b9b29a7962d31bcc11c9d9e72
498fda4a22cfd72fc32ab270c11136f1ca671587
6607a91be6c06f5f1130547174169499d7fc2cb61c2fe69edcd589abed339a5e
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/index.html HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/index.php
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:46 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:41 GMT
ETag: "5295-5f7f7b94b0cea-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6724
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Retry-After, Last-Modified, Content-Length, Content-Type, ETag, Pragma, Alert, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 28 Mar 2023 15:17:26 GMT
cache-control: public,max-age=3600
age: 2120
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 472 B IP 142.250.74.99:0
Hash 7e2d8156baac12231cc9cbfdefedacf1
62384d8842fb5b560ac39636bb519953e22dc664
ee4dbd79fc1569ab6ae0ea7b90b4b7d8dbb846296cf7fc68b24be78b7b95993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 28 Mar 2023 15:52:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-86788540-2
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-86788540-2
IP 142.250.74.168:0
File type ASCII text, with very long lines (2206)
Hash 53c84cf34076771cc2e432e1d756da4c
762fd5726ac1c20a08e071a30080a0992443195c
02e9ad1a327a1211ed87ccbbc499ac9dcd7dc03340649dfd52115fed065b69fe
GET /gtag/js?id=UA-86788540-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.232.196/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 28 Mar 2023 15:52:47 GMT
expires: Tue, 28 Mar 2023 15:52:47 GMT
cache-control: private, max-age=900
last-modified: Tue, 28 Mar 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44807
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 76a0aba3ddb470751c690f5a725159f2
8cb789e8e0dfa336270700ef1e607173f2aee6cd
e76de476654125a06994065d66e30c6fb6c354d0f67fd4e31a3f78679e2bfdcb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E76DE476654125A06994065D66E30C6FB6C354D0F67FD4E31A3F78679E2BFDCB"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11839
Expires: Tue, 28 Mar 2023 19:10:06 GMT
Date: Tue, 28 Mar 2023 15:52:47 GMT
Connection: keep-alive
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
104.18.11.207200 OK 16 kB URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
IP 104.18.11.207:0
File type ASCII text, with very long lines (59765)
Hash d4102e7d5f9f9b93cfa383229a3b596a
701ed79a7975fa52e948a47bd00e4daacedecbaa
3aeb365c44432ad738617cd48ec2277ac2101fd058bfd67a824a95842632b891
GET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://143.198.232.196
Connection: keep-alive
Referer: http://143.198.232.196/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 15:52:47 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"02d223393e00c273efdcb1ade8f4f8b1"
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
cdn-cachedat: 01/05/2023 11:07:49
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-edgestorageid: 1080
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 91c45f582e37356a01d15a3f3404569a
cdn-cache: HIT
cf-cache-status: HIT
age: 204
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7af10acdcab3b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/styles.css
143.198.232.196200 OK 1.8 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/styles.css
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, ASCII text, with CRLF line terminators
Hash 671fb60364cc19bd6fa5eeb5fde90766
a58d30bbedc7fc9759ee760531b33281ad86ad46
2a8bce10db8a8f2ef69b5dbfa03d634628bd851159c63c1ddb78749ed4834bce
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/styles.css HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:46 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:41 GMT
ETag: "1938-5f7f7b9557e20-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1842
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
104.17.24.14200 OK 27 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (32180)
Hash b1e4b2a99336201b37fb8cea5d57abb9
d57980f0d0eaaf57ec33ddc9ed027274cfa86027
c805bfd991983f57b5b7878b998f7529e9b7e2df4bc2d39ba493934e23ba3f8a
GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.232.196/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 15:52:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 26660
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14983"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 25465555
expires: Sun, 17 Mar 2024 15:52:47 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WXoJXZ%2F59CX%2F7o86g%2FwRnQIxxP2divmpiXF5GyLb4u06rLj9RTlaD8iIADPVLKxox%2FHmantssMlv4foyCO0DN5ZTezFjQUyCrt0F%2FNzvnmB%2B7Jq84%2BcXalpCj2JtIGYTbxWDvzYZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7af10acf8cbcfac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/scripts.js
143.198.232.196200 OK 873 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/scripts.js
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Hash 0f0a223eb69c7e24a06cfa959e4f603c
618fb94f27a5a089ca107965cba835f3fc75fe12
eff65cbde09165cbc3adf0bb9104ed2bcf08fd41272fdc919b7ddb7635df9472
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/scripts.js HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:47 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:43 GMT
ETag: "1cd3-5f7f7b96f9156-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 873
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript
push.services.mozilla.com/
54.186.188.230101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.188.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3rKam34gNJ0uzkTU55XOVQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hyb+8ZvpuAyGxPup42Es7kDtqZk=
143.198.232.196/tj6/9chrmx0973xu9x08x/chat.css
143.198.232.196200 OK 1.9 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/chat.css
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, ASCII text, with CRLF line terminators
Hash a414a61aa76cf470454c59eb61953e6d
e0532f2bf0344fbf2ee434fdd8f5c123aa33873c
e00dd91658bf458e94a3f9a3673e3b585901e990c6539de11c6e7ebf6a206db1
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/chat.css HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:47 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:44 GMT
ETag: "206a-5f7f7b975cbe2-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1873
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
oneocsp.microsoft.com/ocsp
204.79.197.203200 OK 1.8 kB URL HTTP/1.1 oneocsp.microsoft.com/ocsp
IP 204.79.197.203:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 379cf4548b77933900da8e46ac67cafc
3e811939779815f0653d4404a2b7ea496644ade5
08e79aeaff14bc46b3a11bf8d5850659e88bdf66e5c1a71b104dfdfcfff6c978
POST /ocsp HTTP/1.1
Host: oneocsp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 1777
Content-Type: application/ocsp-response
Expires: Mon, 03 Apr 2023 15:50:17 GMT
Last-Modified: Mon, 27 Mar 2023 17:09:35 GMT
ETag: "08e79aeaff14bc46b3a11bf8d5850659e88bdf66e5c1a71b104dfdfcfff6c978"
X-Powered-By: ASP.NET
x-content-type-options: nosniff
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 9B3DB2B713464F4489C3497A5926A0D8 Ref B: OSL30EDGE0307 Ref C: 2023-03-28T15:52:47Z
Date: Tue, 28 Mar 2023 15:52:47 GMT
support.microsoft.com/
2.18.172.114301 Moved Permanently 0 B IP 2.18.172.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.232.196/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-length: 0
server: Kestrel
location: https://support.microsoft.com/en-US
request-context: appId=
x-correlationid: 0HMPF0GD45CFB:00000037
x-operationid: aaa85820c8aa65198b0f377bef17fd6b
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Tue, 28 Mar 2023 15:52:47 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 28 Mar 2023 15:52:47 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/en-US
2.18.172.114200 OK 24 kB URL HTTP/2 support.microsoft.com/en-US
IP 2.18.172.114:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1478), with CRLF, LF line terminators
Hash e90d0067484905a3afa06f18a83d2cb8
e45edb985307a8d921d06db0c7aa72884b11c2bd
429cce20aa123ea9a5d5ce6682f4cbd25b75b1f255c9825c9219351ab901e918
GET /en-US HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://143.198.232.196/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: Kestrel
request-context: appId=
x-correlationid: 0HMPF0GD45CFB:00000038
x-operationid: df8b3984945a4ece44c2ba4d8c32f72a
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-encoding: gzip
expires: Tue, 28 Mar 2023 15:52:47 GMT
cache-control: max-age=0, no-cache, private
pragma: no-cache
date: Tue, 28 Mar 2023 15:52:47 GMT
content-length: 23897
strict-transport-security: max-age=86400 ; includeSubDomains
set-cookie: EXPID=a01683dc-eb88-4f82-ad5b-e222a7061f35; max-age=31536000; path=/; secure; samesite=none
ak_bmsc=78D9EFE768E4F675ED353EEFCBDE2EF9~000000000000000000000000000000~YAAQZQplX6s9qhSHAQAAdv/rKBNwMn/dWci2v9lSdavA8yl4Z6eGZyitFvZ7F0jzC16tDlwiTlBKjdFfel6rigMQ8BBgtF6+lmTbMp8VkmtFf5BaWNyTND7TdCaYA0k2vYbY944ieuGbupQVdSwGUnYvA+fBQ3DWhQrl7lPNz/uNk/5Si4sTn0aaAxIzmyDvHcFkQtWV1OQH8Eddq3lG7+3HRDvQiASjcedDo76nlZyysG3xrOSZ6j7LLvA5LV6yOwyUVfkuXgKnPQbnBQW2l48naS28XmSrI5f5mjI9WDNQbHTPobkgJMLA3Q8x0+z40xuprvQXk0SdKIZ4SViQupBwGkZaxLbxHmBGR1j9jtDPTP8HMXNfp+0hqR5mdaXpv38sEiPK129PC2iY; Domain=.microsoft.com; Path=/; Expires=Tue, 28 Mar 2023 17:52:47 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
support.microsoft.com/css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U
2.18.172.114200 OK 1.3 kB URL HTTP/2 support.microsoft.com/css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U
IP 2.18.172.114:0
File type ASCII text, with very long lines (4873), with no line terminators
Hash 980d2f51140df4a6347102960ceb0282
9225687f02246a11e61f9b2e4602e43368ae4839
88658b7776899cac32aae184f9e8ce8707c2fd00827844f1fb24661d4cca1cb8
GET /css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d93cd346ef7089"
last-modified: Thu, 09 Feb 2023 22:10:11 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATABNE1H1:00000002
x-operationid: b6aaf70cde0425da4903e5fb37a673c4
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1277
cache-control: private, max-age=28527633
date: Tue, 28 Mar 2023 15:52:47 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
2.18.172.114200 OK 1.1 kB URL HTTP/2 support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
IP 2.18.172.114:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (2867), with no line terminators
Hash 6477e3936b0e197b65cc1ff23763e340
096188c0ef95054d95c5dafe755df0106428c0b1
2056691cd1dcca7ad51f6c386f8c7baa4954a164b9b10d41a668910a8e91b854
GET /css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d946ecac3c4438"
last-modified: Wed, 22 Feb 2023 18:37:10 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOL0GAVE0JM:00000002
x-operationid: a787865460805e45a4ed6a8d8eb3b741
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1096
cache-control: private, max-age=28693388
date: Tue, 28 Mar 2023 15:52:47 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=YGV57BU430a7ZsW5KMqnuRyMdbmYgAZw1My61NVoXnI
2.18.172.114200 OK 457 B URL HTTP/2 support.microsoft.com/css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=YGV57BU430a7ZsW5KMqnuRyMdbmYgAZw1My61NVoXnI
IP 2.18.172.114:0
File type ASCII text, with very long lines (1176), with no line terminators
Hash aa795408c331dfaffab3545718661469
135fdb999daec028f2e75b0f8c04903a77312efd
67672916726b635cbb6ef236ca23f4ebf9d457a15c32bdeaf0cf57333d3bfc09
GET /css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=YGV57BU430a7ZsW5KMqnuRyMdbmYgAZw1My61NVoXnI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd3d8f76898"
last-modified: Thu, 09 Feb 2023 22:14:16 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATD2K46LS:00000003
x-operationid: 4e1e65f9a5dcbd438d51ed8ee235d2e6
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 457
cache-control: private, max-age=28534453
date: Tue, 28 Mar 2023 15:52:47 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI
2.18.172.114200 OK 219 kB URL HTTP/2 support.microsoft.com/lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI
IP 2.18.172.114:0
File type ASCII text, with very long lines (65460)
Size 219 kB (218885 bytes)
Hash cc521a7256e94d43df24fc6ccf1cabc9
783de4bf06ccd26af4eb56f6d8a7473a551c3135
0e379b6c1a7940b9d0cb6277c2b30e71e228bdc4f80417e785dd1b54ce122662
GET /lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d960ed04e0139f"
last-modified: Mon, 27 Mar 2023 20:45:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPF0HDN66BU:00000002
x-operationid: d540b1c7e70b53a8db1984134d65885c
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 218885
cache-control: private, max-age=48
date: Tue, 28 Mar 2023 15:52:47 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM
2.18.172.114200 OK 370 B URL HTTP/2 support.microsoft.com/js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM
IP 2.18.172.114:0
File type ASCII text, with CRLF line terminators
Hash 5590a7dc56b6f43b99568fe62e2d03cf
f2923af0b22bd272acbbcd68958a7df4169ec703
f594937c23c9154cc20ef4522bebb8ac61cae53824ad6e02660c381b396b952d
GET /js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd346ef60aa"
last-modified: Thu, 09 Feb 2023 22:10:11 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATABNE7TR:00000005
x-operationid: 51607aea3d1cb3147dd5e10983c20ef3
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 370
cache-control: private, max-age=28534804
date: Tue, 28 Mar 2023 15:52:47 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/RememberedAccounts.Main.min.js?v=1Mc30Yfs6TsuKFz2OgKMJvnlXrjLh2JDVdhGC713IDI
2.18.172.114200 OK 1.5 kB URL HTTP/2 support.microsoft.com/js/RememberedAccounts.Main.min.js?v=1Mc30Yfs6TsuKFz2OgKMJvnlXrjLh2JDVdhGC713IDI
IP 2.18.172.114:0
File type ASCII text, with very long lines (3210)
Hash abacf605817f7bb1f2245546c860c307
0192c687a50e29983a911f4c1f917b257f73040a
ce3d44e3442ce64875ff8694a31a156fd1f65c0e230223c51a362620b40304f2
GET /js/RememberedAccounts.Main.min.js?v=1Mc30Yfs6TsuKFz2OgKMJvnlXrjLh2JDVdhGC713IDI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95c211af3cac2"
last-modified: Tue, 21 Mar 2023 18:15:24 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPA72L3N5K5:00000004
x-operationid: 73c91fd003c67fabf203dd1a02f11a18
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1507
cache-control: private, max-age=31025640
date: Tue, 28 Mar 2023 15:52:47 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w
2.18.172.114200 OK 5.7 kB URL HTTP/2 support.microsoft.com/js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w
IP 2.18.172.114:0
File type ASCII text, with CRLF line terminators
Hash 1a5373f3c18d893ea7793c15e7823b4b
dfa62d27a25503bd56b9da0f5b8e4eece4dc4af6
4877b869b10a33d65ec3fb27064a62177222171abdf5c635d709cdc63677202b
GET /js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d93cd42c69ee47"
last-modified: Thu, 09 Feb 2023 22:16:36 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATE6LP715:00000003
x-operationid: b9c892bd5daa72879e796e66ae1f8bb4
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 5700
cache-control: private, max-age=28531818
date: Tue, 28 Mar 2023 15:52:47 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/cross.svg
143.198.232.196200 OK 586 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/cross.svg
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , Unicode text, UTF-8 text, with very long lines (584), with no line terminators
Hash bc1f7dd210381c4c10bd93c4bccdc587
76d3599df283231936edf5b2a31d15e8e76c22dd
50dc14b3d1fdd6aeeb9f2ca92062357bacecbf8f05992346ffe4178fd81ff68c
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/cross.svg HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:47 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:46 GMT
ETag: "24a-5f7f7b9a136d0"
Accept-Ranges: bytes
Content-Length: 586
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
support.microsoft.com/js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo
2.18.172.114200 OK 847 B URL HTTP/2 support.microsoft.com/js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo
IP 2.18.172.114:0
File type ASCII text, with CRLF line terminators
Hash f98824c7874bdc9841e01fbaa01543b4
b730428ca089dbe0723ff771a684a289152fea92
04384335b3aec1cfec1fd9f4502c5d59af217d9ae49f0015e4ceeef3f10bcb72
GET /js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95b63110b87a7"
last-modified: Mon, 20 Mar 2023 19:35:03 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMP9F9QRNTIA:00000002
x-operationid: 339e5f86b50090f398deab88aaa43966
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 847
cache-control: private, max-age=30858280
date: Tue, 28 Mar 2023 15:52:47 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/virus-images.png
143.198.232.196200 OK 33 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/virus-images.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 200 x 191, 8-bit/color RGBA, non-interlaced\012- data
Hash 68c7d1836cf921e767b980e8ce6d845b
395fc474214809b1282fc589e4a8f0be81b16adc
870e9d768ba46521935ced4cee560acfbb4f12370e5476dc6a2a45f0141a8392
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/virus-images.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:47 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:40 GMT
ETag: "8256-5f7f7b9459d98"
Accept-Ranges: bytes
Content-Length: 33366
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
support.microsoft.com/js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM
2.18.172.114200 OK 75 kB URL HTTP/2 support.microsoft.com/js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM
IP 2.18.172.114:0
File type Unicode text, UTF-8 text, with very long lines (65454)
Hash 905e4956b0ee0ce4dacb9d8d6aa748b6
4be710784f7df01c5d86dfb68ede898a82554b06
96be4a840515cb727871c66b3c40195b19b089cb6631040f6829984682af64ae
GET /js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d94c908da8eb8a"
last-modified: Wed, 01 Mar 2023 22:52:52 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOQL02L0OMJ:00000002
x-operationid: 5b8b5494cf9f7a6fc6840973a3afbd03
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 75066
cache-control: private, max-age=29644501
date: Tue, 28 Mar 2023 15:52:47 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css
95.101.11.49200 OK 473 B URL HTTP/1.1 statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css
IP 95.101.11.49:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (342), with CRLF line terminators
Hash a40589609d8e75c109e93abbff0dcf60
76ae9c943d54022e24b90467713a73a431eddd6d
2c959c2618be84448b26de18639db8a66126449c6ebb29f4f6d33e00adb5b069
GET /statics/override.css HTTP/1.1
Host: statics-marketingsites-neu-ms-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 11 Jun 2019 23:22:13 GMT
ETag: 0x8D6EEC3A2D67C35
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 794b2968-c01e-0059-40d6-660f8c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 473
Unused62: 8096267
Date: Tue, 28 Mar 2023 15:52:47 GMT
Connection: keep-alive
support.microsoft.com/SocContent/officeShared
2.18.172.114200 OK 636 B URL HTTP/2 support.microsoft.com/SocContent/officeShared
IP 2.18.172.114:0
File type ASCII text, with very long lines (1576), with no line terminators
Hash c552445dfdd7ea4de00874233e3d88cc
2ba812615470808e26780d736122c7d46c2bec0e
ba5215c29d63a42b9cef03ab2506f7a28f3446880a5e7c5b38f47cb809da637c
GET /SocContent/officeShared HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 28 Mar 2023 15:52:47 GMT
x-correlationid: 1c027021-1933-42b1-a89d-223bfc6f7847
x-usersessionid: 1c027021-1933-42b1-a89d-223bfc6f7847
x-officefe: OdcSupFrontEnd_IN_17
x-officeversion: 16.0.16322.42701
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=31535998
expires: Wed, 27 Mar 2024 15:52:45 GMT
date: Tue, 28 Mar 2023 15:52:47 GMT
content-length: 636
set-cookie: EXPID=ff840f3f-c690-4842-b411-4c8db60cb335; expires=Thu, 28-Mar-2024 15:52:47 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4
2.18.172.114200 OK 1.9 kB URL HTTP/2 support.microsoft.com/js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4
IP 2.18.172.114:0
File type ASCII text, with very long lines (6261)
Hash d860a5eba2cb21a350c6b002a30b03de
a4514156fbd14905578dd4441bc6a1c51eb8162d
379799b97d2437e7280a8d952fe80856341c6deb95c2c0fe5f9ce4a453bd57d9
GET /js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd345be2e2a"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATAF6QE2N:00000004
x-operationid: 0c33f4345f817b6f011038a201c6071e
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1876
cache-control: private, max-age=28534940
date: Tue, 28 Mar 2023 15:52:47 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/SocContent/articleCss
2.18.172.114200 OK 18 kB URL HTTP/2 support.microsoft.com/SocContent/articleCss
IP 2.18.172.114:0
File type Unicode text, UTF-8 text, with very long lines (65518), with no line terminators
Hash eb4cf7babe624ca5751ffc0bd0029da7
d9014486ade1ac5c32014c707acc93b0eb51d0b4
3f66a84c6c0db43726cd535a95616bf062cc999f9d872768cfe5cf20e3452657
GET /SocContent/articleCss HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 28 Mar 2023 15:52:47 GMT
x-correlationid: 2040b80e-5a0c-4cbf-97b5-e5d4ea526cc9
x-usersessionid: 2040b80e-5a0c-4cbf-97b5-e5d4ea526cc9
x-officefe: OdcSupFrontEnd_IN_17
x-officeversion: 16.0.16322.42701
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=31536000
expires: Wed, 27 Mar 2024 15:52:47 GMT
date: Tue, 28 Mar 2023 15:52:47 GMT
content-length: 17812
set-cookie: EXPID=af8d4217-3484-4b46-a08c-ee1b56d720c0; expires=Thu, 28-Mar-2024 15:52:47 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/MeControlCallout.Main.min.js?v=z8A9eaXPs1zFIC_swsevu3o3DKi6YuzedODbJugVTXM
2.18.172.114200 OK 1.4 kB URL HTTP/2 support.microsoft.com/js/MeControlCallout.Main.min.js?v=z8A9eaXPs1zFIC_swsevu3o3DKi6YuzedODbJugVTXM
IP 2.18.172.114:0
File type ASCII text, with very long lines (3103)
Hash b07d3f6fdb6a8fb7b089fab2824977dd
0249397d04d129b62e78062ed998ced6a985cf2d
39b9721fc16771b8ce8d75a439b3ff461871a10a612a52752afea1316a8981d9
GET /js/MeControlCallout.Main.min.js?v=z8A9eaXPs1zFIC_swsevu3o3DKi6YuzedODbJugVTXM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fc6deb55"
last-modified: Thu, 09 Feb 2023 22:08:06 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9HC2Q1K:00000005
x-operationid: 76d8dcd77a3516abcc1e065f2e041877
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1364
cache-control: private, max-age=28534987
date: Tue, 28 Mar 2023 15:52:47 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/socbundles/article
2.18.172.114200 OK 15 kB URL HTTP/2 support.microsoft.com/socbundles/article
IP 2.18.172.114:0
File type ASCII text, with very long lines (62046), with no line terminators
Hash a7a35095b42d66f97324a02e61aeabbd
fc5b2ce888868bb62b40f2b580c16d0e23b53f4a
138863d8ea2818321a86df2e3f72b28feb8348def4d72d5d29b09d57fe235a83
GET /socbundles/article HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 28 Mar 2023 15:52:47 GMT
x-correlationid: 65494f4e-a878-490a-b93d-f7d04e8eb844
x-usersessionid: 65494f4e-a878-490a-b93d-f7d04e8eb844
x-officefe: OdcSupFrontEnd_IN_6
x-officeversion: 16.0.16322.42701
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=0
expires: Tue, 28 Mar 2023 15:52:47 GMT
date: Tue, 28 Mar 2023 15:52:47 GMT
content-length: 15150
set-cookie: EXPID=368d4b0f-4a2a-4d4f-88f9-8c5cdcbaac54; expires=Thu, 28-Mar-2024 15:52:47 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
95.101.11.74200 OK 4.1 kB URL HTTP/2 img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
IP 95.101.11.74:0
ASN #20940 Akamai International B.V.
File type PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f14c20150a003d7ce4de57c298f0fba
daa53cf17cc45878a1b153f3c3bf47dc9669d78f
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
GET /cms/api/am/imageFileData/RE1Mu3b?ver=5c31 HTTP/1.1
Host: img-prod-cms-rt-microsoft-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 4054
content-type: image/png
access-control-allow-origin: *
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
last-modified: Tue, 21 Mar 2023 21:28:45 GMT
x-source-length: 4054
x-datacenter: northeu
x-activityid: 60ae8c31-b81c-4a60-a78d-f0f73ed25c40
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
cache-control: public, max-age=236607
expires: Fri, 31 Mar 2023 09:36:14 GMT
date: Tue, 28 Mar 2023 15:52:47 GMT
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
X-Firefox-Spdy: h2
ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.1.min.js
152.199.19.160200 OK 31 kB URL HTTP/2 ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.1.min.js
IP 152.199.19.160:0
File type ASCII text, with very long lines (65451)
Hash 01ed540a1edc0b1cae4b91ef5d576be3
0f4aa0ea331348a4c2bca0f3898dd681646455c4
da348028c4b581592016ee99ec4ee38cdaaac87d2c0317962c52c18a9338a101
GET /ajax/jQuery/jquery-3.5.1.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 19775292
cache-control: public,max-age=31536000
content-type: application/javascript
date: Tue, 28 Mar 2023 15:52:47 GMT
etag: "80e72fc8fd6fd61:0"
last-modified: Tue, 11 Aug 2020 16:38:03 GMT
server: ECAcc (ska/F74F)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30976
X-Firefox-Spdy: h2
www.microsoft.com/videoplayer/js/vxpiframe.js
2.18.173.151200 OK 6.3 kB URL HTTP/2 www.microsoft.com/videoplayer/js/vxpiframe.js
IP 2.18.173.151:0
File type ASCII text, with very long lines (13602)
Hash 009d92e8af9d884776822cbb40471dab
8215ca8a1c6d3c6b68c99aa3bc84df2ad57386f7
7ca4a25996ab5129a87d219a3382b645e266b1e43b6f3052770dc23bf15e7fb6
GET /videoplayer/js/vxpiframe.js HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/en-US
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: private, no-transform
content-type: application/x-javascript; charset=utf-8
x-activity-id: 49e944fa-80eb-4fbf-99b0-5fb75f587813
x-appversion: 1.0.8420.1412
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-01-20T08:47:04.0000000Z}
ms-operation-id: 5fd1248419aec8418540f95ff1033df8
p3p: CP="CAO CONi OTR OUR DEM ONL"
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 6332
date: Tue, 28 Mar 2023 15:52:47 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV1786871f.0
ms-cv-esi: CASMicrosoftCV1786871f.0
set-cookie: akacd_OneRF=1687794767~rv=98~id=c083ad25d289ecbb219990f46eb88295; path=/; Expires=Mon, 26 Jun 2023 15:52:47 GMT; Secure; SameSite=None
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231
2.18.173.151200 OK 23 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231
IP 2.18.173.151:0
File type Unicode text, UTF-8 text, with very long lines (64241)
Hash 09800dff9a5770bdc368ae73ec89b229
52864194fec1b7fa70ba6e8bda68f0d8f27b21d1
d981d06eaec00bf7feef2b5dc799c3b50332ee867b8048109d45cb6a97e52557
GET /onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 13 Dec 2022 20:44:18 GMT
x-activity-id: e0ba9742-9e0a-46e2-9ac8-f1af67b30f54
x-appversion: 1.0.8349.33967
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-11-11T02:52:14.0000000Z}
ms-operation-id: de38bdd2a32ec64d9a993e889dba99e3
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-12-13T20:44:18
x-s2: 2022-12-13T20:44:19
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 22729
cache-control: public, max-age=29876844
expires: Fri, 08 Mar 2024 11:00:11 GMT
date: Tue, 28 Mar 2023 15:52:47 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV178687da.0
ms-cv-esi: CASMicrosoftCV178687da.0
x-rtag: RT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/seo.png
143.198.232.196200 OK 21 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/seo.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash d6a6abff8300306298b9839210a01272
5d816e96fe022415f817bc580273bb6e3c58fb33
8d3a47bb7fede0db929ed92f8ebaee71fc12e3b4cc4f43362f3fc304d6fd130b
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/seo.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:47 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:42 GMT
ETag: "5095-5f7f7b9652fc2"
Accept-Ranges: bytes
Content-Length: 20629
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
13.107.238.53200 OK 82 kB URL HTTP/2 wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (63888), with no line terminators
Hash e51f388b62281af5b4a9193cce419941
364f3d737462b7fd063107fe2c580fdb9781a45a
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
GET /mscc/lib/v2/wcp-consent.js HTTP/1.1
Host: wcpstatic.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: max-age=43200
content-length: 81726
content-type: application/javascript
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
age: 9127
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2f3ba352-001e-003f-6578-619f7d000000
x-ms-version: 2009-09-19
x-azure-ref: 0Tw0jZAAAAADWHaHWzHUzTZmauFyZdKJ9U1ZHMjBFREdFMDYxNAAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
date: Tue, 28 Mar 2023 15:52:47 GMT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/microsoft.png
143.198.232.196200 OK 1.0 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/microsoft.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/microsoft.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:47 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:42 GMT
ETag: "415-5f7f7b9600e9a"
Accept-Ranges: bytes
Content-Length: 1045
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
support.microsoft.com/en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler
2.18.172.114302 Found 0 B URL HTTP/2 support.microsoft.com/en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler
IP 2.18.172.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
content-length: 0
server: Kestrel
location: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156155681401685.ZGVlZDY3NjYtMTZkYi00MGY4LWExODYtODJlZDFiMjE3OWQyM2Q4ZjlhNGEtZTVlYi00YjE3LWIyYzQtOGYwMDVjMjhjMmI3&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-jvUNlPyhomFYOTqJI9YGkH3h-nwJprk0f-5w0YP16FT11r-nJa5TPxSu8WshHGxa3tCz3rS_SitDxphM60ugTX1Y-pt-eAIbIPXJdi7Sv5Cu3bvsSNITkV6owNHDXqDoxLpcq9sU0iVqtRvdmxDliPleq17af0NVpJ4KWer6ici2ZNWcclioaMSdOXoY-x0hlgFseQPvbD-RbtNsRr_wWRIav_Ew7oI8I3ts69X_cZRVn80WSliZujbHAHpiM5bMtMYjSDhjZqN1obSXK1C_pQw3KHEXbyLt8eVphFu1t7wxnpqvqn_Ksu6_IM9kzUh99v5IAqpJiS9yvqWw8Qqq_Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
request-context: appId=
x-correlationid: 0HMPF0JQUBJMJ:000001B2
x-operationid: bf25047788fe59d0ab30acbe75e98588
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Tue, 28 Mar 2023 15:52:48 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 28 Mar 2023 15:52:48 GMT
set-cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8PY55fRSQr1CrcRGN2fDm-ivaQMdXOlBrFmEM2rcDHADLF3gLkwwK3oKRdCM-dQUAPlGXUok2kDk7t3Nj3-4lz7juHH0J5a6f3ExnH8PnfekpKVQ39vskYrGbFmgCEcdK4aGtpvsDuNX_cfpA_RxmSUGq4V9VHx6tbi56HZaQ7XX0uK-R1k9kvE547HZT0TJ5nrzT2F7as1tNlcr61d89ap0G4NHt-jhmmYBmwx-7B1TNLeS53NNuJv-eb9RxU9gUNryOTVtevWfyDni52qvgtk=N; expires=Tue, 28 Mar 2023 16:07:48 GMT; path=/signin-oidc; secure; samesite=none; httponly
.AspNetCore.Correlation.GNRh7H1EqcLLuiPtmoCLo2kP_xnx9qzzJ3lpv1T1SyQ=N; expires=Tue, 28 Mar 2023 16:07:48 GMT; path=/signin-oidc; secure; samesite=none; httponly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/s-S4-acc.png
143.198.232.196200 OK 813 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/s-S4-acc.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 77 x 72, 8-bit colormap, non-interlaced\012- data
Hash d648c1837d01495eccd63e053491f72a
991d8f6c72777239472410d6129fd5f25ed9d134
9edbf56b360080f5d6765dce77353b8130e9f8316ad34c68f6c2792cdc446321
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/s-S4-acc.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:48 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:47 GMT
ETag: "32d-5f7f7b9ab88c2"
Accept-Ranges: bytes
Content-Length: 813
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
2.18.173.151200 OK 34 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
IP 2.18.173.151:0
File type Web Open Font Format (Version 2), TrueType, length 34052, version 0.0\012- data
Hash 36397a3bc139c6e9f81d383f060f080a
3f4f86c10920d4ed345f4858b6cde9f93e1aeb81
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
GET /static/fonts/segoe-ui/west-european/normal/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 34052
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "588d483e9c7d51:0"
cache-control: public, max-age=451342
expires: Sun, 02 Apr 2023 21:15:10 GMT
date: Tue, 28 Mar 2023 15:52:48 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
2.18.173.151200 OK 29 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
IP 2.18.173.151:0
File type Web Open Font Format (Version 2), TrueType, length 29388, version 0.0\012- data
Hash 6e75a94d5f7170a1ab532d32c2a35755
9c1b6fff544089941bbeddbcf529c3f0b46d853a
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
GET /static/fonts/segoe-ui/west-european/Semibold/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 29388
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "5b68d583e9c7d51:0"
cache-control: public, max-age=155961
expires: Thu, 30 Mar 2023 11:12:09 GMT
date: Tue, 28 Mar 2023 15:52:48 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
2.18.173.151200 OK 26 kB URL HTTP/2 www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
IP 2.18.173.151:0
File type Web Open Font Format, TrueType, length 26288, version 0.0\012- data
Hash d0263dc03be4c393a90bda733c57d6db
8a032b6deab53a33234c735133b48518f8643b92
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
GET /mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
last-modified: Mon, 16 May 2022 14:07:29 GMT
x-activity-id: 3cb43f33-5942-4f33-ae4e-7b00cfb95638
x-appversion: 1.0.8153.36695
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-29T04:23:10.0000000Z}
ms-operation-id: e99e7389d77ceb41a5c2222175beffa7
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 26288
cache-control: public, max-age=29877024
expires: Fri, 08 Mar 2024 11:03:12 GMT
date: Tue, 28 Mar 2023 15:52:48 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV17868bd0.0
ms-cv-esi: CASMicrosoftCV17868bd0.0
x-rtag: RT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/mic.png
143.198.232.196200 OK 194 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/mic.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash df0a213a8bc598e53c8513b360fc910e
b8cb3eac6254ced5dcf57beecf3758a4a9bc8c26
c6ea65b06c0f199ee8073ae19b9909fa004de0bc3d5c9d6402693e14e0ae979f
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/mic.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:47 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:48 GMT
ETag: "c2-5f7f7b9bb9830"
Accept-Ranges: bytes
Content-Length: 194
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
support.microsoft.com/css/Glyphs/SupMDL2_v4_69.woff2
2.18.172.114200 OK 30 kB URL HTTP/2 support.microsoft.com/css/Glyphs/SupMDL2_v4_69.woff2
IP 2.18.172.114:0
File type Web Open Font Format (Version 2), TrueType, length 29588, version 0.0\012- data
Hash f04217f47619ac51664e7a65b3f77b48
c32c07c33ba8850f282492b2bd38be170b556541
5975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61
GET /css/Glyphs/SupMDL2_v4_69.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 29588
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1d93cd345be4514"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
request-context: appId=
x-correlationid: 0HMOATAF6QE2N:0000000C
x-operationid: ba8b01cde138b4c70a8fa265737a057d
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=28535056
date: Tue, 28 Mar 2023 15:52:48 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/socfonts/DevCMDL2.2.50.woff
2.18.172.114200 OK 18 kB URL HTTP/2 support.microsoft.com/socfonts/DevCMDL2.2.50.woff
IP 2.18.172.114:0
File type Web Open Font Format, TrueType, length 18316, version 0.0\012- data
Hash 0cedbb5e7888349e4705a66ede3dd01c
bff3c70dbd94c866bdefc48e7bba1d8f359577ac
12d95d8d400eeafa0258e9d29d6ea5ef0ec9cfc1410b75e47976fcb3f92082b0
GET /socfonts/DevCMDL2.2.50.woff HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/SocContent/css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: font/x-woff
last-modified: Wed, 08 Feb 2023 13:22:44 GMT
accept-ranges: bytes
etag: "0aa706dc03bd91:0"
x-correlationid: 70065751-9c2c-4c50-88be-f28ea4c1b02e
x-usersessionid: 70065751-9c2c-4c50-88be-f28ea4c1b02e
x-officefe: OdcSupFrontEnd_IN_13
x-officeversion: 16.0.16208.42700
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
content-length: 18316
cache-control: public, max-age=7776000
date: Tue, 28 Mar 2023 15:52:48 GMT
access-control-allow-origin:
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI
2.18.172.114200 OK 654 B URL HTTP/2 support.microsoft.com/css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI
IP 2.18.172.114:0
File type ASCII text, with very long lines (1877), with no line terminators
Hash 0d5d7ed2a6b811caffa8f525e3f71610
553802ca3a157bfd1fd028f494b792c201eb1ef7
8af71052a0ee40641e37dc7ec367a380e1d88cdc057a71b460f397085c011fcc
GET /css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd3903fb455"
last-modified: Thu, 09 Feb 2023 22:12:14 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATD1USELT:00000004
x-operationid: 1a5945489342e777d3ba9f9b3ebabcaf
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 654
cache-control: private, max-age=28534618
date: Tue, 28 Mar 2023 15:52:48 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4
2.18.172.114200 OK 814 B URL HTTP/2 support.microsoft.com/css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4
IP 2.18.172.114:0
File type ASCII text, with very long lines (2230), with no line terminators
Hash e22f91333200d597a00d4e98527400e1
76659fa749d8848ace64e464941316325b07bb42
831d28e62fbfbb7488dc3471184f9116ebc453bed3464870815e22c9e2240233
GET /css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fd9f1cb6"
last-modified: Thu, 09 Feb 2023 22:08:08 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9TTJPSF:00000007
x-operationid: a8c1176152eae790e1c66cc9e7ef4244
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 814
cache-control: private, max-age=28534716
date: Tue, 28 Mar 2023 15:52:48 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI
2.18.172.114200 OK 1.5 kB URL HTTP/2 support.microsoft.com/css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI
IP 2.18.172.114:0
File type ASCII text, with very long lines (4370), with no line terminators
Hash 99ba2848ba9a06514e6cc579f6995206
632460dae575c7c20a27b5716c236d9debe4b9ed
85455b4dd8114d33bedf87384aa0ee36a67b38183452686a76c2846d11caf3f1
GET /css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd345be2792"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATAF6QE2N:00000007
x-operationid: bcf7a863a55c2f3056da2b8d1ebda881
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1492
cache-control: private, max-age=28535089
date: Tue, 28 Mar 2023 15:52:48 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/sitewide/articleCss-overwrite.css?v=Agp_0EWD3V-aZnCFUrPvHDFynjvCYTVYUcRwnbKUcJc
2.18.172.114200 OK 218 B URL HTTP/2 support.microsoft.com/css/sitewide/articleCss-overwrite.css?v=Agp_0EWD3V-aZnCFUrPvHDFynjvCYTVYUcRwnbKUcJc
IP 2.18.172.114:0
File type ASCII text, with very long lines (592), with no line terminators
Hash ee52039f75c0cc68ae07376cf6c09632
d46f85e21d23f52dc13a0c88482fe5f3988fbbd0
14e18ed1e0a9ea3854480e4ea2275b4390dac10036090f98e105c4d04de51fd1
GET /css/sitewide/articleCss-overwrite.css?v=Agp_0EWD3V-aZnCFUrPvHDFynjvCYTVYUcRwnbKUcJc HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95cecb3a34a50"
last-modified: Wed, 22 Mar 2023 18:32:48 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPB0GDQO40M:00000002
x-operationid: 0fb9083ea8f40b8ea4bea848fbb85ae1
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 218
cache-control: private, max-age=31464691
date: Tue, 28 Mar 2023 15:52:48 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/landingpage/landing-page.min.css?v=yfVEPK33ndcBi43i0hgEJ2wI5J7vdLQ-zQCKIjoHuzQ
2.18.172.114200 OK 7.2 kB URL HTTP/2 support.microsoft.com/css/landingpage/landing-page.min.css?v=yfVEPK33ndcBi43i0hgEJ2wI5J7vdLQ-zQCKIjoHuzQ
IP 2.18.172.114:0
File type Unicode text, UTF-8 text, with very long lines (51715)
Hash f0c069967fa243caf912bf8b1697cfac
99fb0c8d3eeedec53896a0c941b1c81e8dc1e5b0
1f069a146d8726ae08a13e218908b454c3360afbe4ee8f5702918b0096c17e01
GET /css/landingpage/landing-page.min.css?v=yfVEPK33ndcBi43i0hgEJ2wI5J7vdLQ-zQCKIjoHuzQ HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95cec6b84f5ee"
last-modified: Wed, 22 Mar 2023 18:30:47 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPB0F800BJN:00000002
x-operationid: 4f71be67d76080db65952720a2e38293
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 7233
cache-control: private, max-age=31465268
date: Tue, 28 Mar 2023 15:52:48 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
2.18.172.114200 OK 3.1 kB URL HTTP/2 support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
IP 2.18.172.114:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (10532), with no line terminators
Hash 0737acfed55616de4eda800b15cbf1fb
7e896a35974259d41ced3e2b70f564f3c34df4f8
8da6bcf631d27020b2ff6b788648d0f124f69ee5806e37ce415cdf9d4b88b8c9
GET /css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fc6dcc3b"
last-modified: Thu, 09 Feb 2023 22:08:06 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9HC2Q08:00000003
x-operationid: 4052353e8561fa8359cf8f718f5e1cd5
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 3141
cache-control: private, max-age=28534944
date: Tue, 28 Mar 2023 15:52:48 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d09f346e-3b3f-4bbc-b4cd-ad6f9df1ab6e.png
95.101.95.18200 OK 4.2 kB URL HTTP/2 support.content.office.net/en-us/media/d09f346e-3b3f-4bbc-b4cd-ad6f9df1ab6e.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash b93f7321e326ca5c00d52e5df0357efa
5620e44d1318a3fa8c3f3f7685d76706752f4e36
5b00dfd36987ed6f3f48ba6eac2f7d177b9eb6526ef82f2cc786549bad43b5ec
GET /en-us/media/d09f346e-3b3f-4bbc-b4cd-ad6f9df1ab6e.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 4246
content-type: image/png
content-md5: uT9zIeMmylwA1S5d8DV++g==
last-modified: Fri, 04 Mar 2022 07:17:52 GMT
etag: 0x8D9FDAF18FAABFA
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2bd0d184-901e-002d-6e1f-39d613000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png
95.101.95.18200 OK 785 B URL HTTP/2 support.content.office.net/en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 859052ca7e07aca482d0ef74f86b45b6
d680c1c7c84a04ab96bc23adecee5efc4bc71bb4
4c238159bdfd032eb6ef4fefe83f453d3166adeb2331ba61dbdd67dfa6d0ed36
GET /en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 785
content-type: image/png
content-md5: hZBSyn4HrKSC0O90+GtFtg==
last-modified: Wed, 09 Mar 2022 06:23:54 GMT
etag: 0x8DA0195629FEC6D
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b6f56529-201e-0017-52bc-accc6b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png
95.101.95.18200 OK 150 kB URL HTTP/2 support.content.office.net/en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png
IP 95.101.95.18:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size 150 kB (150348 bytes)
Hash 9aea7c1dc69d1cea907c024eab971118
4986a5deab1bb0c9f0a66e5ea996bce6f56683aa
ce4c6516f665d6893fdbe6e537c75e52213793bc2a6c55457fa63ebf1344112f
GET /en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 150348
content-type: image/png
content-md5: mup8HcadHOqQfAJOq5cRGA==
last-modified: Thu, 27 Oct 2022 22:24:37 GMT
etag: 0x8DAB86A08773082
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 37276f0b-d01e-0013-1d80-f2416c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png
95.101.95.18200 OK 4.6 kB URL HTTP/2 support.content.office.net/en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash c59d7f179b1837d03040c0673c5ec15d
e219f3e3a6a01233b84bb27ef7ebe941a792a3af
e83c28f43b70c9d58e8f8758e547b985577f5a38045f1b5a63169913f02a0cc5
GET /en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 4596
content-type: image/png
content-md5: xZ1/F5sYN9AwQMBnPF7BXQ==
last-modified: Fri, 04 Mar 2022 07:17:49 GMT
etag: 0x8D9FDAF172969CD
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 00d2a09e-301e-001b-4110-5a5b63000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png
95.101.95.18200 OK 2.7 kB URL HTTP/2 support.content.office.net/en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 4ef082afe9892d1af2bf56ebbbe43b24
6af8951ab396523fd8339b2df591835838d15c42
664490c5ed805c089f854c1edf01d005f170730a3614d19c60375eb7c3b08fdf
GET /en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 2703
content-type: image/png
content-md5: TvCCr+mJLRryv1bru+Q7JA==
last-modified: Fri, 04 Mar 2022 07:17:28 GMT
etag: 0x8D9FDAF0AA3B079
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 23f6ee29-401e-0011-2262-f9ffd4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png
95.101.95.18200 OK 210 B URL HTTP/2 support.content.office.net/en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 2-bit colormap, non-interlaced\012- data
Hash 5e136d738c93fdb32c08fdb249905c1f
abeaa733ead9d6a3843aae402afe8d8fbf0452bf
5a639ac902dffec0b8174e7a2dda2e18c8038b76ff5c88ec507984e71b7b4a1b
GET /en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 210
content-type: image/png
content-md5: XhNtc4yT/bMsCP2ySZBcHw==
last-modified: Fri, 04 Mar 2022 07:17:30 GMT
etag: 0x8D9FDAF0B81DF68
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b07e7aca-101e-000c-3c0f-9bf268000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d6ba446c-4077-4462-bfc9-7ddf7c07d7bd.png
95.101.95.18200 OK 4.3 kB URL HTTP/2 support.content.office.net/en-us/media/d6ba446c-4077-4462-bfc9-7ddf7c07d7bd.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash dc66df4b133bbbeed776ca86b5ad68da
eab70e67489815ac093d17c1922a5dc5cf8c0ef0
8cbbbe47e52239d7d23ae19946fc2b2e3c6e95dcf7631c807af7a811c89cb78e
GET /en-us/media/d6ba446c-4077-4462-bfc9-7ddf7c07d7bd.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 4280
content-type: image/png
content-md5: 3GbfSxM7u+7XdsqGta1o2g==
last-modified: Fri, 04 Mar 2022 20:23:50 GMT
etag: 0x8D9FE1CE54267E6
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 20c6b4f4-c01e-0042-78b9-93dce0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png
95.101.95.18200 OK 3.4 kB URL HTTP/2 support.content.office.net/en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash b7b315e5398a5177f50394fc16f577a6
23d3cbf6a21d4fc6c275e70cd71e9f276bb4db52
92aa5dec4f2ee690cf1f8230fd67ed58b5918a7d1b0137dee46e6751fb439da6
GET /en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 3425
content-type: image/png
content-md5: t7MV5TmKUXf1A5T8FvV3pg==
last-modified: Fri, 04 Mar 2022 07:17:31 GMT
etag: 0x8D9FDAF0BEDAF8E
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b9b9a6bc-d01e-002c-399e-ba89cf000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/Z5BR-network.png
143.198.232.196200 OK 607 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/Z5BR-network.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 63 x 70, 8-bit colormap, non-interlaced\012- data
Hash 2cd03a547f00cad010f9038619df45de
912f919836a77a514c76b990aceaf5e930a24024
c56a8ae4818963e0d71eda4ebf46b4f2cdd3a238537dc8e99711fb690d272a73
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/Z5BR-network.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:48 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:40 GMT
ETag: "25f-5f7f7b9400f02"
Accept-Ranges: bytes
Content-Length: 607
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
support.content.office.net/en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png
95.101.95.18200 OK 94 kB URL HTTP/2 support.content.office.net/en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png
IP 95.101.95.18:0
File type PNG image data, 2006 x 426, 8-bit colormap, non-interlaced\012- data
Hash f2378ce679cd470615bc0f5fdfb04868
377f63641a07739d73b4b119c927dc43a853d5cf
d66573493a7baebfb1ebf6913e924129bebf36b563d84a7e613a6418a79637fd
GET /en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 94486
content-type: image/png
content-md5: 8jeM5nnNRwYVvA9f37BIaA==
last-modified: Thu, 07 Oct 2021 18:46:47 GMT
etag: 0x8D989C2D12875EB
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: eec53ea8-501e-007f-5450-abaafb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
support.microsoft.com/css/glyphs/SupMDL2_v4_69.woff2
2.18.172.114200 OK 30 kB URL HTTP/2 support.microsoft.com/css/glyphs/SupMDL2_v4_69.woff2
IP 2.18.172.114:0
File type Web Open Font Format (Version 2), TrueType, length 29588, version 0.0\012- data
Hash f04217f47619ac51664e7a65b3f77b48
c32c07c33ba8850f282492b2bd38be170b556541
5975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61
GET /css/glyphs/SupMDL2_v4_69.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 29588
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1d93cd2fd9f6794"
last-modified: Thu, 09 Feb 2023 22:08:08 GMT
request-context: appId=
x-correlationid: 0HMOAT9TTJQ9L:0000000C
x-operationid: 6d6743342ea344f98126edce9edbb2ed
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=28535151
date: Tue, 28 Mar 2023 15:52:48 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d245e220-3337-404c-b0cc-c0684b680f7e.png
95.101.95.18200 OK 9.4 kB URL HTTP/2 support.content.office.net/en-us/media/d245e220-3337-404c-b0cc-c0684b680f7e.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash ebd667c89f68bf45837e47001c909015
c258e7eaa89971ff277d22bad64e71025d3b16f3
b51cbe1af99579551b84a0dd4310f2cc763aba6885f9e302cb164c67c661bc9d
GET /en-us/media/d245e220-3337-404c-b0cc-c0684b680f7e.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 9385
content-type: image/png
content-md5: 69ZnyJ9ov0WDfkcAHJCQFQ==
last-modified: Fri, 04 Mar 2022 07:17:50 GMT
etag: 0x8D9FDAF17BE6653
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e2b523d6-601e-0039-6a9f-e19e7c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156155681401685.ZGVlZDY3NjYtMTZkYi00MGY4LWExODYtODJlZDFiMjE3OWQyM2Q4ZjlhNGEtZTVlYi00YjE3LWIyYzQtOGYwMDVjMjhjMmI3&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-jvUNlPyhomFYOTqJI9YGkH3h-nwJprk0f-5w0YP16FT11r-nJa5TPxSu8WshHGxa3tCz3rS_SitDxphM60ugTX1Y-pt-eAIbIPXJdi7Sv5Cu3bvsSNITkV6owNHDXqDoxLpcq9sU0iVqtRvdmxDliPleq17af0NVpJ4KWer6ici2ZNWcclioaMSdOXoY-x0hlgFseQPvbD-RbtNsRr_wWRIav_Ew7oI8I3ts69X_cZRVn80WSliZujbHAHpiM5bMtMYjSDhjZqN1obSXK1C_pQw3KHEXbyLt8eVphFu1t7wxnpqvqn_Ksu6_IM9kzUh99v5IAqpJiS9yvqWw8Qqq_Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
20.190.159.19200 OK 59 kB URL HTTP/1.1 login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156155681401685.ZGVlZDY3NjYtMTZkYi00MGY4LWExODYtODJlZDFiMjE3OWQyM2Q4ZjlhNGEtZTVlYi00YjE3LWIyYzQtOGYwMDVjMjhjMmI3&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-jvUNlPyhomFYOTqJI9YGkH3h-nwJprk0f-5w0YP16FT11r-nJa5TPxSu8WshHGxa3tCz3rS_SitDxphM60ugTX1Y-pt-eAIbIPXJdi7Sv5Cu3bvsSNITkV6owNHDXqDoxLpcq9sU0iVqtRvdmxDliPleq17af0NVpJ4KWer6ici2ZNWcclioaMSdOXoY-x0hlgFseQPvbD-RbtNsRr_wWRIav_Ew7oI8I3ts69X_cZRVn80WSliZujbHAHpiM5bMtMYjSDhjZqN1obSXK1C_pQw3KHEXbyLt8eVphFu1t7wxnpqvqn_Ksu6_IM9kzUh99v5IAqpJiS9yvqWw8Qqq_Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
IP 20.190.159.19:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (42237), with CRLF, LF line terminators
Hash f9853c61e498832d9f80235d108694fb
a4632fc6dd34fdcef5f66f39b48ab04a9cc050fc
830798ed00940f447fe83ada05423a14852766f2671862cbccd08207c94ff890
GET /common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156155681401685.ZGVlZDY3NjYtMTZkYi00MGY4LWExODYtODJlZDFiMjE3OWQyM2Q4ZjlhNGEtZTVlYi00YjE3LWIyYzQtOGYwMDVjMjhjMmI3&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-jvUNlPyhomFYOTqJI9YGkH3h-nwJprk0f-5w0YP16FT11r-nJa5TPxSu8WshHGxa3tCz3rS_SitDxphM60ugTX1Y-pt-eAIbIPXJdi7Sv5Cu3bvsSNITkV6owNHDXqDoxLpcq9sU0iVqtRvdmxDliPleq17af0NVpJ4KWer6ici2ZNWcclioaMSdOXoY-x0hlgFseQPvbD-RbtNsRr_wWRIav_Ew7oI8I3ts69X_cZRVn80WSliZujbHAHpiM5bMtMYjSDhjZqN1obSXK1C_pQw3KHEXbyLt8eVphFu1t7wxnpqvqn_Ksu6_IM9kzUh99v5IAqpJiS9yvqWw8Qqq_Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/
Connection: keep-alive
Cookie: brcap=0; MSFPC=GUID=27491a5fca0c436896bdbf20a1588da0&HASH=2749&LV=202205&V=4&LU=1652883922743; ESTSSSOTILES=1; AADSSOTILES=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msftauth.net>; rel=dns-prefetch, <https://aadcdn.msauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: eeb8d172-3efc-431e-9ce6-66abd58e2200
x-ms-ests-server: 2.1.14939.4 - NEULR2 ProdSlices
x-ms-clitelem: 1,0,0,,
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: buid=0.AREAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrTNp5Q8BwnUPxUctpdyrm9gLZs-W9y8Hyxp3IxsCzZXsQjzhafzMZAGJhreXNnjGqVdob-JtLkCPZqVHl8Fglj16nTq8KaXtLOdaVC-79H-AgAA; expires=Thu, 27-Apr-2023 15:52:48 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=ApE_bFkOsHVBrduz-QD7jONqwEtIAQAAAFAEtdsOAAAA; expires=Thu, 27-Apr-2023 15:52:48 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABAAEAAAD--DLA3VO7QrddgJg7WevrEMAyKnkuQl2ybtZMbgqYjF0Z1ssBjNGm84ihCbIcYnu8dmjLM870njlrL4r7_RjTd-HJQlIrNxmGY4eW77hg3J4CO9T7GBzLfR9Q-X57hWCviHHGHZgH5qSv-C-X_I0xNQbCf63m9OugMgF7clWgsKkVzdONFblgtoNaX2Aa8uEgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 28 Mar 2023 15:52:47 GMT
Content-Length: 59218
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6904
Expires: Tue, 28 Mar 2023 17:47:52 GMT
Date: Tue, 28 Mar 2023 15:52:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6904
Expires: Tue, 28 Mar 2023 17:47:52 GMT
Date: Tue, 28 Mar 2023 15:52:48 GMT
Connection: keep-alive
143.198.232.196/tj6/9chrmx0973xu9x08x/okPE-vs.png
143.198.232.196200 OK 313 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/okPE-vs.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 37 x 38, 8-bit grayscale, non-interlaced\012- data
Hash f8176054bb2e264452c0d7c3a1a1093c
dd3145e0f95a236e073a780a2529febf409d4f2b
bf8ebf2c2aeb4d8310341694baf1ed935d35c68c1572588af85b4775d5cf500e
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/okPE-vs.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:48 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:43 GMT
ETag: "139-5f7f7b96a50ea"
Accept-Ranges: bytes
Content-Length: 313
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6904
Expires: Tue, 28 Mar 2023 17:47:52 GMT
Date: Tue, 28 Mar 2023 15:52:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6904
Expires: Tue, 28 Mar 2023 17:47:52 GMT
Date: Tue, 28 Mar 2023 15:52:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6904
Expires: Tue, 28 Mar 2023 17:47:52 GMT
Date: Tue, 28 Mar 2023 15:52:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ada29e049501b12a35b0bcc5f68e3e57
5c1ba9bffbcc9007e7f119dbb3197db34a12f8da
b45583b5845129386a456e03fbdba25305c8d6d9fb5a8f01d783816ced080629
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10744
x-amzn-requestid: d693d820-7eed-47a3-9b0b-8f43c141bd3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbogF0poAMFTAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220c9c-22ab350146e8a3a606f74c42;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: uCaEsILUx4u_fBJ7J9CgQanUW-BmV69mFvGRjZ0roFWluE_joVyVrA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:48:21 GMT
age: 65067
etag: "5c1ba9bffbcc9007e7f119dbb3197db34a12f8da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/_Fm7-alert.mp3
143.198.232.196206 Partial Content 47 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/_Fm7-alert.mp3
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural\012- data
Hash 90a6c5eb10b17c8f33f8cf870d3601c7
5e8a6e7cba240817bace18fb831c142f2d353ac3
b675e4c354cd25d1401882c88ff36355e6d549bc81656682b811cf9e0e386177
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/_Fm7-alert.mp3 HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 206 Partial Content
Date: Tue, 28 Mar 2023 15:52:47 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:46 GMT
ETag: "31080-5f7f7b999f282"
Accept-Ranges: bytes
Content-Length: 200832
Content-Range: bytes 0-200831/200832
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: audio/mpeg
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 789f11978a1149984408fbbb9a2b3f81
078bd523107096bab5e26d42b18e316c253f1ca7
7974980290443b64126f512686261150cd27331cb7b32a96d1167a97d046e8a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8961
x-amzn-requestid: 9277e35d-8fe8-482e-b65c-b132dfcbd87e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbqBGl0IAMFy4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca6-7869936b33cbf3633c68e7ac;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: niXBcLXb34cBs5-FqU8flhIK5sZ_ykmhwnozGbLigHI3jwXySoF_xw==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:49:49 GMT
age: 64979
etag: "078bd523107096bab5e26d42b18e316c253f1ca7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fdd8a3f935830ca9e5ffdb5824acebc
39caaddec703fdad962d03fff8687bad2c1df4ad
6fe6301fb3610c3e8a9b62671579db53189bb62ead4cf5ab30a1f1e0b90b8ca2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7537
x-amzn-requestid: 4f7aaf6e-3eca-4033-aa21-27b5e7df6a0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbupFURIAMFlZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cc3-153c4e0b6b9d1b586c985f8d;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:38:11 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 07sU32yK0Sqkqg_YzC_cfw3stDMOa2cViR6IrpHw5cfSEjUOHTITAA==
via: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront), 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:48:37 GMT
age: 65051
etag: "39caaddec703fdad962d03fff8687bad2c1df4ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1da68df9d96e2758e37b9f15daab027b
5ff19ed6dc5752aa4b15fb88da972b736fd55783
ad924425946dbdf309c764e7097e676185516301feb7722b30d95ffd50b4353f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7426
x-amzn-requestid: 85a30298-4613-4a96-bdba-0899fe9f9475
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdcsgGZsoAMFQkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220e4f-10db431e7632048d7b15e0ec;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:44:47 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: VYUarzUegSCD6A4s7tUQ-0O1mjal3BAW7SiiXSpOnFEDd5-HHoA5Cw==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:55:21 GMT
age: 64647
etag: "5ff19ed6dc5752aa4b15fb88da972b736fd55783"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png
34.120.237.76200 OK 20 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e093e7b5c12cfc2aee601f823ea47e
d76b3958471b2ed70a2b52f078ec638748fdb441
de4fc669195611c4ea6fe7d920482987aef077973b4973c01e2f362aeb18c2ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 20349
x-amzn-requestid: 2de7d242-f277-42a6-9dc4-2fc98207a978
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbumFzOIAMF3hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cc3-5f20ad7b2216219138f7b557;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:38:11 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: pnby7LhwZDWxJHtyWBlI7l_AO8l-tjjTVHatiCKG2htZ4RQNQOZkgQ==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 34f8ef0e4c880df0650a814412a26ea6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:48:21 GMT
age: 65067
etag: "d76b3958471b2ed70a2b52f078ec638748fdb441"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=a1dd72f1-b90d-465d-a498-ac6005f38eae&partnerId=smcconvergence&idpflag=proxy
20.190.159.19200 OK 1.3 kB URL HTTP/1.1 login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=a1dd72f1-b90d-465d-a498-ac6005f38eae&partnerId=smcconvergence&idpflag=proxy
IP 20.190.159.19:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 7d366bfa7c9b7951156ee8aba87da979
37591dff2710f5dc1fa49930c6243a64959d85c3
3211675897496be86ecb797bb8a5423f756caec84aef713cd4e794f808b8e2d8
GET /savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=a1dd72f1-b90d-465d-a498-ac6005f38eae&partnerId=smcconvergence&idpflag=proxy HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Cookie: brcap=0; MSFPC=GUID=27491a5fca0c436896bdbf20a1588da0&HASH=2749&LV=202205&V=4&LU=1652883922743; ESTSSSOTILES=1; AADSSOTILES=1; buid=0.AREAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrTNp5Q8BwnUPxUctpdyrm9gLZs-W9y8Hyxp3IxsCzZXsQjzhafzMZAGJhreXNnjGqVdob-JtLkCPZqVHl8Fglj16nTq8KaXtLOdaVC-79H-AgAA; fpc=ApE_bFkOsHVBrduz-QD7jONqwEtIAQAAAFAEtdsOAAAA; esctx=PAQABAAEAAAD--DLA3VO7QrddgJg7WevrEMAyKnkuQl2ybtZMbgqYjF0Z1ssBjNGm84ihCbIcYnu8dmjLM870njlrL4r7_RjTd-HJQlIrNxmGY4eW77hg3J4CO9T7GBzLfR9Q-X57hWCviHHGHZgH5qSv-C-X_I0xNQbCf63m9OugMgF7clWgsKkVzdONFblgtoNaX2Aa8uEgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 86ef2f10-e005-4a09-8eea-692efb551f00
x-ms-ests-server: 2.1.14939.4 - WEULR2 ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: fpc=ApE_bFkOsHVBrduz-QD7jONqwEtIAQAAAFAEtdsOAAAA; expires=Thu, 27-Apr-2023 15:52:48 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 28 Mar 2023 15:52:47 GMT
Content-Length: 1305
143.198.232.196/tj6/9chrmx0973xu9x08x/kxFy-clip.png
143.198.232.196200 OK 542 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/kxFy-clip.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 66 x 68, 8-bit colormap, non-interlaced\012- data
Hash 0e9558d2d6e8000ce5c6c749c8fc67c2
f7ba9490807ef70bb6195150d6287cd54b7fefd0
91fb42a68a122344fd78cfd5f0cf9d06ff6d307fd4a5c68f40231c5950ece9a1
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/kxFy-clip.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:47 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:47 GMT
ETag: "21e-5f7f7b9b02cda"
Accept-Ranges: bytes
Content-Length: 542
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/nOxp-sett.png
143.198.232.196200 OK 463 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/nOxp-sett.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 33 x 31, 8-bit colormap, non-interlaced\012- data
Hash 905d91c276116928fa306ea732723fa9
092604f6a8786e46a7dee06065d29d2896fcf568
9cffd13c2ce05ebe032709a88fa59504e1218a12b175ec40d5aab280c18be51e
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/nOxp-sett.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:48 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:43 GMT
ETag: "1cf-5f7f7b966b694"
Accept-Ranges: bytes
Content-Length: 463
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
2.18.173.151200 OK 28 kB URL HTTP/2 www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
IP 2.18.173.151:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16813), with CRLF, LF line terminators
Hash 716f5f4b76e7157e93d32a3e5c097df0
7b569e7153378038f4a4f5c484076f0d1340b42a
eac9298acbbee06c3ca90b2e564722ecb199e41aba273720b89f74ecc8661081
GET /en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/en-US
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-transform
content-type: text/html; charset=utf-8
x-activity-id: d5932ef2-1eae-4669-9128-50d779a11302
x-appversion: 1.0.8468.43152
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
ms-operation-id: 935e1844cc7ed2439b3dd9182aff5cbe
p3p: CP="CAO CONi OTR OUR DEM ONL"
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 28 Mar 2023 15:52:48 GMT
content-length: 28054
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV178690f2.0
ms-cv-esi: CASMicrosoftCV178690f2.0
set-cookie: akacd_OneRF=1687794768~rv=69~id=371f8afd0cf8c001e034b3a36ee98a34; path=/; Expires=Mon, 26 Jun 2023 15:52:48 GMT; Secure; SameSite=None
x-rtag: RT
X-Firefox-Spdy: h2
login.live.com/Me.htm?v=3
40.126.32.67200 OK 1.1 kB URL HTTP/1.1 login.live.com/Me.htm?v=3
IP 40.126.32.67:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
Hash 9c08f0f5b411918572bb176b56d4b747
12814f1ffd1c414337cfc57da7561f4386ec8b67
d9f196403747ff4bbf6c3d61c7319f51e33be05825ac3b5200665e6e5ee26c0e
GET /Me.htm?v=3 HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=315360000
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Fri, 25 Mar 2033 15:52:48 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: R3_BL2
x-ms-request-id: 82930a1a-d0a3-45b6-8872-59a050da29e6
PPServer: PPV: 30 H: BL02PF57B661F0F V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=831e535b825a4e289b9b72bd12bf60f5; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=N<=1680018768&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Tue, 28 Mar 2023 15:52:47 GMT
Content-Length: 1132
143.198.232.196/tj6/9chrmx0973xu9x08x/uZbx-si.png
143.198.232.196200 OK 5.4 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/uZbx-si.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 42 x 702, 8-bit grayscale, non-interlaced\012- data
Hash 51147eb9734c3c0caf22aa77a80d96f0
dc33807cd0c0c35bb98d8e23efe2d625137a43f5
92d8510869b3d581401a93130fa72e4b54c5bf28dc8005994c5248d9afbfc37b
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/uZbx-si.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:48 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:44 GMT
ETag: "1501-5f7f7b982509c"
Accept-Ranges: bytes
Content-Length: 5377
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2
2.18.173.151200 OK 23 kB URL HTTP/2 www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2
IP 2.18.173.151:0
File type Web Open Font Format (Version 2), TrueType, length 22904, version 0.0\012- data
Hash c654a623ad90bb3dcd769dbbac34d863
8719de38f17d8e4d73e2a5e4e867d63dd3965baa
deec787cca1b9436e080478742a0299e0db1a9712543a72d2cdc8373fc45a432
GET /mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Mon, 16 May 2022 07:01:55 GMT
x-activity-id: d139116e-f4eb-4cbe-a338-6b673450f768
x-appversion: 1.0.8153.36695
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-29T04:23:10.0000000Z}
ms-operation-id: 53b63aa96349ba49869d30dbd37260f2
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 22904
cache-control: public, max-age=29876896
expires: Fri, 08 Mar 2024 11:01:04 GMT
date: Tue, 28 Mar 2023 15:52:48 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV17869410.0
ms-cv-esi: CASMicrosoftCV17869410.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/mwf/css/MWF_20230313_66247431/west-european/default/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0&include_base=true
2.18.173.151200 OK 22 kB URL HTTP/2 www.microsoft.com/mwf/css/MWF_20230313_66247431/west-european/default/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0&include_base=true
IP 2.18.173.151:0
File type Unicode text, UTF-8 text, with very long lines (64174)
Hash c525127a72097b4f3ff72f20cbb16f10
e4026ae6b0987efafa99631574a80b92d701155d
286a6ec3d34691c0b980e09a03306c1ee822ff0ef0592ff030deeb71187d495c
GET /mwf/css/MWF_20230313_66247431/west-european/default/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0&include_base=true HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Mon, 27 Mar 2023 18:42:10 GMT
x-activity-id: b1113592-a596-4897-bce6-ee0ee39047c4
x-appversion: 1.0.8468.43152
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
ms-operation-id: 420fce3260126443ae1ef5007838f77c
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-s1: 2023-03-27T18:42:11
x-s2: 2023-03-27T18:42:11
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 21782
cache-control: public, max-age=31459785
expires: Tue, 26 Mar 2024 18:42:33 GMT
date: Tue, 28 Mar 2023 15:52:48 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV17869415.0
ms-cv-esi: CASMicrosoftCV17869415.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/mscomhp/_scrf/css/themes=default.device=uplevel_web_pc_moz/76-fd2264/19-19fa02/cb-ddc7e5?ver=2.0&_cf=02242021_3231
2.18.173.151200 OK 4.4 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/mscomhp/_scrf/css/themes=default.device=uplevel_web_pc_moz/76-fd2264/19-19fa02/cb-ddc7e5?ver=2.0&_cf=02242021_3231
IP 2.18.173.151:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (30540)
Hash 8d9b94114ca442a693b4b42f9b3e5e6d
0c83e8bca6400fec5f9e8a5f00c638581f8f8964
df92c807f4ab492ac914712d40440ee2f3bbcb8479f3f7c7ae9cc2004ee9e0a3
GET /onerfstatics/marketingsites-neu-prod/west-european/mscomhp/_scrf/css/themes=default.device=uplevel_web_pc_moz/76-fd2264/19-19fa02/cb-ddc7e5?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 01 Feb 2022 23:29:21 GMT
x-activity-id: 73b609d7-461f-42f0-8b11-b96f5f26ae13
x-appversion: 1.0.8061.4385
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-01-26T10:26:10.0000000Z}
ms-operation-id: e10933a303aa964b83eda21bcb981948
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-02-01T23:29:21
x-s2: 2022-02-01T23:29:21
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
unused62: 8096267
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=28977570
expires: Tue, 27 Feb 2024 01:12:18 GMT
date: Tue, 28 Mar 2023 15:52:48 GMT
content-length: 4369
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV17869417.0
ms-cv-esi: CASMicrosoftCV17869417.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/88-3d3ba4/8b-cbe548?ver=2.0&_cf=02242021_3231
2.18.173.151200 OK 70 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/88-3d3ba4/8b-cbe548?ver=2.0&_cf=02242021_3231
IP 2.18.173.151:0
File type ASCII text, with very long lines (46360)
Hash 620762cb0f74cd82f56b55174b950079
b470f2a1fc95dd855001d3c9dcd2506806337060
05cedc9e1dfdb6c1d9e7f6fb305b54019917f0066d19e3d755fcd45cd9958c46
GET /onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/88-3d3ba4/8b-cbe548?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 28 Feb 2023 18:25:17 GMT
x-activity-id: eff7ddc3-e1a7-4847-9ce7-31615bdb571e
x-appversion: 1.0.8433.39987
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-02-03T06:12:54.0000000Z}
ms-operation-id: c722c4c270c1a041919665eab5f01370
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2023-02-28T18:25:17
x-s2: 2023-02-28T18:25:17
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 69603
cache-control: public, max-age=29126027
expires: Wed, 28 Feb 2024 18:26:35 GMT
date: Tue, 28 Mar 2023 15:52:48 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV17869437.0
ms-cv-esi: CASMicrosoftCV17869437.0
x-rtag: RT
X-Firefox-Spdy: h2
mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meBoot.min.js
13.107.237.53200 OK 114 kB URL HTTP/2 mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meBoot.min.js
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Size 114 kB (113452 bytes)
Hash ba54b7b4032fa263f4eb1f98d290a196
fa79c7e0783ebee25f9a2f99dffbd270ffed803c
86c877a44717884e792b350b200f0c7114036cdce0a93f06e35182d127cfef13
GET /scripts/me/MeControl/10.23038.5/en-US/meBoot.min.js HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
last-modified: Fri, 24 Mar 2023 01:15:24 GMT
etag: "1d95e28c88634a3"
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0TC4iZAAAAAAjIag5uUM0Qq6JWNO1FPa+QU1TMDRFREdFMTkxMgBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0UA0jZAAAAADQ6gPpcM5CQ56w1YeV5TKRU1ZHMjBFREdFMDUxNABlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
www.microsoft.com/mwf/js/MWF_20230313_66247431/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0
2.18.173.151200 OK 16 kB URL HTTP/2 www.microsoft.com/mwf/js/MWF_20230313_66247431/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0
IP 2.18.173.151:0
File type ASCII text, with very long lines (32913)
Hash 0bbdd019a5883814c9b3066e14d32040
6c8bf2b2ca295f63da3dd00177e0f92eb6dff5a7
d7baf348469dc40ecc20a3ad3bd9bd91fac0e2730aca7da3e5a5435f29c44b7e
GET /mwf/js/MWF_20230313_66247431/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
last-modified: Mon, 27 Mar 2023 18:41:46 GMT
x-activity-id: 4d31b880-0c9e-4cc9-961b-8b8cb48f5626
x-appversion: 1.0.8468.43152
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
ms-operation-id: 97551b1fda7f17459dd96c0f3d697714
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-s1: 2023-03-27T18:41:47
x-s2: 2023-03-27T18:41:47
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 15548
cache-control: public, max-age=31459673
expires: Tue, 26 Mar 2024 18:40:41 GMT
date: Tue, 28 Mar 2023 15:52:48 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV1786943f.0
ms-cv-esi: CASMicrosoftCV1786943f.0
x-rtag: RT
X-Firefox-Spdy: h2
login.live.com/Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc
40.126.32.67200 OK 4.9 kB URL HTTP/1.1 login.live.com/Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc
IP 40.126.32.67:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (10755)
Hash b99afe524fccbddc2ef31a82b14fabd4
aa058225a5afc7b66146988fc477d7943d992795
5cf5cd9f005f9d350c0321bbc2fca4656d664990d404e9644269043a5edba5f1
GET /Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Tue, 28 Mar 2023 15:51:48 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-DNS-Prefetch-Control: on
Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: R3_BL2
x-ms-request-id: 5ee8ff40-670b-4b4d-ab5e-2ff4c97d5711
PPServer: PPV: 30 H: BL02PF833F76696 V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=8718f8f57c4848bbb06fa4f290e8a41c; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=12<=1680018768&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
OParams=11O.DcPUPpODztaIVG0P*4VtrViVquwQA9oSdX5n4K6EHwuvMtlrd7*2Bu1*4KKJYEeV5rsYWBNTNNYqhO!6rsxwWnQf8GOVQNK!ixuecixhb56JL9RYdA2!EKjvtoEe3ryKmV2xoKjVAJ0Cp841stJt73I8EuU18HiyrrCxQqn4tireUqPCxbgXEP7TW74ktoXFtbx3H19U!DpEksrkI0a*kQdpkJcMpcsXcUFOOXGMMDpQd*ZakCCrFnyTXURG4QdnOpVCuG3kssMs8FD!ZbARY!s$; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Tue, 28 Mar 2023 15:52:48 GMT
Content-Length: 4863
wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
13.107.238.53200 OK 82 kB URL HTTP/2 wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (63888), with no line terminators
Hash e51f388b62281af5b4a9193cce419941
364f3d737462b7fd063107fe2c580fdb9781a45a
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
GET /mscc/lib/v2/wcp-consent.js HTTP/1.1
Host: wcpstatic.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: max-age=43200
content-length: 81726
content-type: application/javascript
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
age: 9128
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2f3ba352-001e-003f-6578-619f7d000000
x-ms-version: 2009-09-19
x-azure-ref: 0UA0jZAAAAADGl7FBcgtBS6xZOv/UHB6UU1ZHMjBFREdFMDUwNgAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/minimize.jpeg
143.198.232.196200 OK 17 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/minimize.jpeg
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3\012- data
Hash 4bf52eb9b3efce840add1a90d83a40e5
6348a7617dfce3165e07af53a48df7892d62ffe1
a85f1e749a829c5c909837844c6b53ce0a9ae2adb7c8eac0e7b96c372c679a0d
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/minimize.jpeg HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:47 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:44 GMT
ETag: "4315-5f7f7b97d4eb8"
Accept-Ranges: bytes
Content-Length: 17173
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/jpeg
143.198.232.196/tj6/9chrmx0973xu9x08x/qsbs-firewall.png
143.198.232.196200 OK 920 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/qsbs-firewall.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 77 x 63, 8-bit colormap, non-interlaced\012- data
Hash b0495ede4c875843fec037c794e9ff9a
c813aefba255a5cc53aea7811f987ccb551c3128
52b762d47c066e16300675d56cc359b504ffd3239438c96eb973864311bb7b79
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/qsbs-firewall.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:47 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:42 GMT
ETag: "398-5f7f7b95b2bfa"
Accept-Ranges: bytes
Content-Length: 920
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/dfa0b592/coreui.statics/externalscripts/jquery/jquery-3.5.1.min.js
2.18.173.151200 OK 31 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/dfa0b592/coreui.statics/externalscripts/jquery/jquery-3.5.1.min.js
IP 2.18.173.151:0
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash 7800d0ad4e07822dcdcd087c3841ee3b
3279b7f56b6c431dcbfa907549f599c629e93233
927473bbef3c67ecbb4afb89ecd548efcb0493c581c4e3542ef8e1dd03f302fc
GET /onerfstatics/marketingsites-neu-prod/_h/dfa0b592/coreui.statics/externalscripts/jquery/jquery-3.5.1.min.js HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 16 May 2022 01:39:31 GMT
x-activity-id: 52567f75-2b74-4933-bc2e-23da3be8bd72
x-appversion: 1.0.8153.36695
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-29T04:23:10.0000000Z}
ms-operation-id: 959dfa5efaf72d4f80baa5831af3210f
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 30958
cache-control: public, max-age=28189373
expires: Sat, 17 Feb 2024 22:15:41 GMT
date: Tue, 28 Mar 2023 15:52:48 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV1786967c.0
ms-cv-esi: CASMicrosoftCV1786967c.0
x-rtag: RT
X-Firefox-Spdy: h2
prod-video-cms-rt-microsoft-com.akamaized.net/vhs/api/videos/RE4t1lL
95.101.11.57200 OK 1.1 kB URL HTTP/1.1 prod-video-cms-rt-microsoft-com.akamaized.net/vhs/api/videos/RE4t1lL
IP 95.101.11.57:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , ASCII text, with very long lines (4888), with no line terminators
Hash 4f18f251cf6ed63b9184eaa798c9a0dc
b7124e9e245ea8a6a0b1dd499ba0d61e912fd1fd
761b182fb3d95666e05ccb8fa05b11c2798fa96f72d82249ccb82f4e45f8dba1
GET /vhs/api/videos/RE4t1lL HTTP/1.1
Host: prod-video-cms-rt-microsoft-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
Access-Control-Allow-Origin: *
Content-Encoding: gzip
VideoShimDatacenter: westcenus
VideoShimActivityId: 71b29dd2-1b58-4395-ab3c-2a1d9f191f3f
X-Powered-By: ASP.NET
Content-Length: 1127
Cache-Control: public, max-age=300
Expires: Tue, 28 Mar 2023 15:57:49 GMT
Date: Tue, 28 Mar 2023 15:52:49 GMT
Connection: keep-alive
Vary: Accept-Encoding
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
support.microsoft.com/signin-oidc
2.18.172.114302 Found 0 B URL HTTP/2 support.microsoft.com/signin-oidc
IP 2.18.172.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /signin-oidc HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 477
Origin: https://login.microsoftonline.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
server: Kestrel
location: /en-us/silentsigninhandler
request-context: appId=
x-correlationid: 0HMPF0JQUBJMJ:000001B3
x-operationid: f40632cdf15e95d76b81edd815301d8c
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Tue, 28 Mar 2023 15:52:49 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 28 Mar 2023 15:52:49 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/en-us/silentsigninhandler
2.18.172.114200 OK 424 B URL HTTP/2 support.microsoft.com/en-us/silentsigninhandler
IP 2.18.172.114:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 9fe1678ac20768638cb473f5ef4484a3
df4cd66c7f8f1686f5454f1175ab07f61272f9e0
4463a4ecd35b7b4eea43d8c13095c2dd281721f59d1905da80e4fe7fa42de4ce
GET /en-us/silentsigninhandler HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: Kestrel
request-context: appId=
x-correlationid: 0HMPF0JQUBJMJ:000001B4
x-operationid: fd1a56f2de64a38b85331983f824b9b4
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
vary: Accept-Encoding
content-encoding: gzip
expires: Tue, 28 Mar 2023 15:52:49 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 28 Mar 2023 15:52:49 GMT
content-length: 424
strict-transport-security: max-age=86400 ; includeSubDomains
set-cookie: EXPID=e5e6e097-4b7e-4fea-8782-bdcba4f637ee; max-age=31536000; path=/; secure; samesite=none
ak_bmsc=9E4E113D8668610A613F0B4C075EC0A3~000000000000000000000000000000~YAAQZQplX8c9qhSHAQAAQAXsKBNY00Vym49e1lETodYeQ0vAXTT59hnj5IN3ltNqbrV0HPt/7Vb4NSNeUj/d4CsXC1JOgDYiKECI6SKPbwJoLiQOWnaAxyqcTlSYiZms4ql3YQCSM/vUNXVRTG7+6TbFU15nXRdOGiOpcBzYk8E1XdKrLc0twUBeetIu2Bi0Glvogz6cwrWaHS+7AHUqzT9+38ZdII8ewIAoDtp8lLFE3bvubZ2cPddmE9GeyLXzYStKKWi9ZTmHBReWRXkjPlOX/MgvEZ5mISP3Sf7kdZuVvvnnLC8Ees5oUQrmmmySrpEsMJ/cJPTmKxWZx5ZVu47TgLPB57+ecDWT5q9Oj4CkO/7oMvUT3YxnL6swAr4GQNxEAuohVSkoYcJf; Domain=.microsoft.com; Path=/; Expires=Tue, 28 Mar 2023 17:52:49 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/arrow.svg
143.198.232.196200 OK 193 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/arrow.svg
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 1b49457044fe0f969a601eade5b861ee
bb0139e4c98ac050717094b636612ce758a42062
65e5c584d029650c691506517be54c0046cb94f48b8522d7c78d3a550220691f
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/arrow.svg HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:48 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:41 GMT
ETag: "c1-5f7f7b94ace62"
Accept-Ranges: bytes
Content-Length: 193
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
143.198.232.196/tj6/9chrmx0973xu9x08x/def.png
143.198.232.196200 OK 3.8 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/def.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 77a2ffc5545f87551d74781201de9b3b
c9c3798afd2ae95aa3bba3c428335d49c8255b06
316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/def.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:48 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:41 GMT
ETag: "efa-5f7f7b9552ff6"
Accept-Ranges: bytes
Content-Length: 3834
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
20.50.201.200200 OK 153 B URL HTTP/1.1 browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP 20.50.201.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with no line terminators
Hash b133a3315216c1c3541b90e6dc173ac1
cc6200f33137b0297a1af1985a75ea83536b3846
db745d7079ea0650d86929be3a92650d528b6afed1ea49330535dcf6ca51293b
POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Client-Id: NO_AUTH
client-version: 1DS-Web-JS-3.2.7
apikey: 83328b3c5ab7488692991e7d63483cff-e640bd11-2392-49b1-b739-ed8e62bcb870-7240
upload-time: 1680018790001
time-delta-to-apply-millis: use-collector-delta
cache-control: no-cache, no-store
content-type: application/x-json-stream
Content-Length: 15625
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Length: 153
Content-Type: application/json
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: MC1=GUID=4b0aba75b97042eaae7bbf9228dde985&HASH=4b0a&LV=202303&V=4&LU=1680018769355; Domain=.microsoft.com; Expires=Wed, 27 Mar 2024 15:52:49 GMT; Path=/;Secure; SameSite=None
MS0=bb9aced16c824d8fbb2bc58c365e94c0; Domain=.microsoft.com; Expires=Tue, 28 Mar 2023 16:22:49 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -20646
Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
Access-Control-Allow-Methods: POST
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://support.microsoft.com
Access-Control-Expose-Headers: time-delta-millis
Date: Tue, 28 Mar 2023 15:52:48 GMT
143.198.232.196/tj6/9chrmx0973xu9x08x/cross.png
143.198.232.196200 OK 386 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/cross.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced\012- data
Size 386 kB (386359 bytes)
Hash be42ad7752720327d28bf52dbdbb64c2
f4cce31b9236319aa9c87fee038638d1de12c07d
c3ad6aa1c03fd108854f008cfec2753ba623e1470a4d61798b5d8c050e474868
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/cross.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:48 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:44 GMT
ETag: "5e537-5f7f7b97be72a"
Accept-Ranges: bytes
Content-Length: 386359
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/-EBq-current.png
143.198.232.196200 OK 1.2 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/-EBq-current.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 27 x 28, 8-bit colormap, non-interlaced\012- data
Hash 35629cc2adc804353a548305f1217206
cda6e89c5f6a644683aea6999a5d11e00dc64275
c1d52e31f7fc13cbb3efca8b0ec937ddd97a5ec545c4dad26193429db10d8662
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/-EBq-current.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:48 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:42 GMT
ETag: "48a-5f7f7b95fef56"
Accept-Ranges: bytes
Content-Length: 1162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
www.microsoft.com/onerfstatics/marketingsites-neu-prod/en-us/videoplayer/resources/66047599Platform_20230309_66047599
2.18.173.151200 OK 1.4 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/en-us/videoplayer/resources/66047599Platform_20230309_66047599
IP 2.18.173.151:0
File type JSON data\012- , ASCII text, with very long lines (3902), with no line terminators
Hash d89379a0b1c9511a8b909bd3157bc242
e2f839686b34b3518b4c765149f3b9942a3c33ba
dd95ef7983f9bef1eace9673d63e41f3683e5777a9a37d7809e47c4002f6f700
GET /onerfstatics/marketingsites-neu-prod/en-us/videoplayer/resources/66047599Platform_20230309_66047599 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
x-activity-id: e2a1730d-6346-4808-aff4-d4e5ba65926f
x-appversion: 1.0.8468.43152
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
ms-operation-id: 7780044e1577ed4bb5c97c41e957dc90
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 1435
cache-control: public, max-age=30340988
expires: Wed, 13 Mar 2024 19:55:57 GMT
date: Tue, 28 Mar 2023 15:52:49 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV17869fd4.0
ms-cv-esi: CASMicrosoftCV17869fd4.0
set-cookie: akacd_OneRF=1687794769~rv=99~id=8a1ad32f423cf1b8a17ff1babdfbf9b9; path=/; Expires=Mon, 26 Jun 2023 15:52:49 GMT; Secure; SameSite=None
x-rtag: RT
X-Firefox-Spdy: h2
mem.gfx.ms/me/mecache?partner=smcconvergence&wreply=https%3A%2F%2Fsupport.microsoft.com
13.107.237.53200 OK 21 kB URL HTTP/2 mem.gfx.ms/me/mecache?partner=smcconvergence&wreply=https%3A%2F%2Fsupport.microsoft.com
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 314b2109e9065e17ad12e1d52f4b1e98
aab600135719a14103982f94c8e01ef7d7468221
6944ce23ffa5394bddc0cc0e0d0e9d58038b99f6022fbae2c3fa1b58a8e18818
GET /me/mecache?partner=smcconvergence&wreply=https%3A%2F%2Fsupport.microsoft.com HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, no-transform, max-age=43200
content-type: text/html; charset=utf-8
content-encoding: br
expires: Tue, 28 Mar 2023 20:31:28 GMT
x-cache: TCP_HIT
x-content-type-options: nosniff
content-security-policy: frame-ancestors https://support.microsoft.com;
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 04KUiZAAAAABzyY/kYjqdT5MSVOnlvHseQU1TMDRFREdFMTkyMQBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0UQ0jZAAAAADxAZFmm5PKT7fmpjaonOQLU1ZHMjBFREdFMDUwNwBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=1710575674&t=pageview&_s=1&dl=http%3A%2F%2F143.198.232.196%2Ftj6%2F9chrmx0973xu9x08x%2Findex.html&ul=en-us&de=UTF-8&dt=Microsoft%20Support%20Assistance%20codexx23&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=691241890&gjid=1740366404&cid=879211314.1680018791&tid=UA-86788540-2&_gid=1844023829.1680018791&_r=1>m=457e33r0&jsscut=1&z=162620570
142.250.74.110200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=1710575674&t=pageview&_s=1&dl=http%3A%2F%2F143.198.232.196%2Ftj6%2F9chrmx0973xu9x08x%2Findex.html&ul=en-us&de=UTF-8&dt=Microsoft%20Support%20Assistance%20codexx23&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=691241890&gjid=1740366404&cid=879211314.1680018791&tid=UA-86788540-2&_gid=1844023829.1680018791&_r=1>m=457e33r0&jsscut=1&z=162620570
IP 142.250.74.110:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j99&a=1710575674&t=pageview&_s=1&dl=http%3A%2F%2F143.198.232.196%2Ftj6%2F9chrmx0973xu9x08x%2Findex.html&ul=en-us&de=UTF-8&dt=Microsoft%20Support%20Assistance%20codexx23&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=691241890&gjid=1740366404&cid=879211314.1680018791&tid=UA-86788540-2&_gid=1844023829.1680018791&_r=1>m=457e33r0&jsscut=1&z=162620570 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://143.198.232.196
Connection: keep-alive
Referer: http://143.198.232.196/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: http://143.198.232.196
date: Tue, 28 Mar 2023 15:52:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/en07.php
143.198.232.196401 Unauthorized 84 B URL HTTP/1.0 143.198.232.196/tj6/9chrmx0973xu9x08x/en07.php
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 52bf3ccddb64ba07d5d6d79fdfba4765
f369871f7f1efa470a92ebb8ab98ad26b6754965
11359d75d1ccf8ead98ba93030fb3e9050157c154ac53255f9dda71f1465c3d7
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/en07.php HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Upgrade-Insecure-Requests: 1
HTTP/1.0 401 Unauthorized
Date: Tue, 28 Mar 2023 15:52:48 GMT
Server: Apache/2.4.52 (Ubuntu)
Set-Cookie: PHPSESSID=866vim7ljrnaceo38qhnmg64e6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
WWW-Authenticate: Basic realm="Call Microsoft Security Helpline immediately. "
Refresh: 0; url=/tj6/9chrmx0973xu9x08x/en07.php
Content-Length: 84
Connection: close
Content-Type: text/html; charset=UTF-8
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4sOli?ver=58f2
95.101.11.74200 OK 77 kB URL HTTP/2 img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4sOli?ver=58f2
IP 95.101.11.74:0
ASN #20940 Akamai International B.V.
File type PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c64e9110da51b44349fc51380f8c3d3
c82f54ce25a8271876cf013f3ac8082ecc1f3ce3
427d8f3ce7151681b16b8a9233b35bd3ebb679bce1b43a896a78344f26764dfe
GET /cms/api/am/imageFileData/RE4sOli?ver=58f2 HTTP/1.1
Host: img-prod-cms-rt-microsoft-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE4sOli?ver=58f2
last-modified: Tue, 21 Mar 2023 12:28:59 GMT
x-source-length: 77155
x-datacenter: eastus
x-activityid: 614b5da0-6a74-4dfe-bac7-44ed3ea93cb5
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 77155
cache-control: public, max-age=204487
expires: Fri, 31 Mar 2023 00:40:56 GMT
date: Tue, 28 Mar 2023 15:52:49 GMT
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
X-Firefox-Spdy: h2
amp.azure.net/libs/amp/2.3.9/azuremediaplayer.min.js
152.199.19.160200 OK 380 kB URL HTTP/2 amp.azure.net/libs/amp/2.3.9/azuremediaplayer.min.js
IP 152.199.19.160:0
File type ASCII text, with very long lines (32019), with CRLF, LF line terminators
Size 380 kB (380311 bytes)
Hash 75fc423feff3f3c30f097ee47640f802
541958fd441b8ab96b940f22fd5f0640ae78198d
1288f9e0ffb99c82c7423a242140058f4acec141c04cd8d64a74a499d7fcb189
GET /libs/amp/2.3.9/azuremediaplayer.min.js HTTP/1.1
Host: amp.azure.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 406608
content-type: application/x-javascript
date: Tue, 28 Mar 2023 15:52:49 GMT
etag: "d3609a4dee7d71:0"
last-modified: Fri, 03 Dec 2021 00:42:25 GMT
server: ECAcc (ska/F758)
vary: Accept-Encoding
x-cache: HIT
x-powered-by: ASP.NET
content-length: 380311
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/antivirus.png
143.198.232.196200 OK 17 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/antivirus.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash f6e5701a264992107acc4583ed4ae622
a6df615fcb3a05bf4aefa62221127970956e5de6
45eb621e5fa1258a63f8e53d8032a1acd8805366bf0ea4c5f48cb2adbeaaa28f
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/antivirus.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:52:48 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:47 GMT
ETag: "427d-5f7f7b9aa30d6"
Accept-Ranges: bytes
Content-Length: 17021
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1
2.18.173.151200 OK 0 B URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1
IP 2.18.173.151:0
GET /onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 24 Jan 2023 18:49:01 GMT
x-activity-id: 7acc4066-8c24-4216-b307-e65f0d7adf97
x-appversion: 1.0.8405.38376
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-01-06T05:19:12.0000000Z}
ms-operation-id: 276317a3e7c97a4986744af24c94a19f
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2023-01-24T18:49:01
x-s2: 2023-01-24T18:49:01
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 35900
cache-control: public, max-age=29876572
expires: Fri, 08 Mar 2024 10:55:39 GMT
date: Tue, 28 Mar 2023 15:52:47 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV178687d9.0
ms-cv-esi: CASMicrosoftCV178687d9.0
x-rtag: RT
X-Firefox-Spdy: h2
js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js
13.107.237.53200 OK 0 B URL HTTP/2 js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js HTTP/1.1
Host: js.monitor.azure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: RlzwH95FOkmm6gksZWAC+w==
last-modified: Thu, 18 Aug 2022 21:40:45 GMT
etag: 0x8DA81624EF9033C
x-cache: TCP_HIT
x-ms-request-id: 88b32127-101e-002b-72a3-5d2caf000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.6
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0e7IhZAAAAADE/pe/NIVMSI19XgqJl4l2QU1TMDRFREdFMTgxOQBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
x-azure-ref: 0UA0jZAAAAABzZlcuz5eWS7hYiqb8pmRZU1ZHMjBFREdFMDUxNABmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meCore.min.js
13.107.237.53200 OK 0 B URL HTTP/2 mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meCore.min.js
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /scripts/me/MeControl/10.23038.5/en-US/meCore.min.js HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
last-modified: Thu, 16 Feb 2023 20:57:48 GMT
etag: "1d9428c615427a1"
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0mFIiZAAAAACuGL56CXX/TIucxU+vJUIxQU1TMDRFREdFMTgxNgBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0UA0jZAAAAAATV/LuntKfSboEitj+dsbuU1ZHMjBFREdFMDUxNABlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 28 Mar 2023 15:52:48 GMT
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
188.114.99.234200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP 188.114.99.234:0
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.232.196/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 15:52:47 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 25463015
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7af10acdbe69b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js.monitor.azure.com/scripts/c/ms.analytics-web-3.2.7.min.js
13.107.237.53200 OK 0 B URL HTTP/2 js.monitor.azure.com/scripts/c/ms.analytics-web-3.2.7.min.js
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /scripts/c/ms.analytics-web-3.2.7.min.js HTTP/1.1
Host: js.monitor.azure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: Sb/q47QLN6j5URAwRjCa2Q==
last-modified: Wed, 05 Oct 2022 16:53:02 GMT
etag: 0x8DAA6F2110CCD22
x-cache: TCP_HIT
x-ms-request-id: b9bbd555-b01e-00cd-407e-5ec3d4000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.7
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0gzMeZAAAAAB+WDJ8hC4xTJvF6RFQRTY5QU1TMDRFREdFMTkxOQBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
x-azure-ref: 0Tw0jZAAAAADZOFR271WASrlXj32y/PgpU1ZHMjBFREdFMDYxMgBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Tue, 28 Mar 2023 15:52:47 GMT
X-Firefox-Spdy: h2
mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1
13.107.237.53200 OK 0 B URL HTTP/2 mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, no-transform, max-age=43200
content-type: application/javascript
content-encoding: br
expires: Wed, 29 Mar 2023 01:50:10 GMT
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0HAojZAAAAAC/076l5Qf/QpiOQ+5rnxe8QU1TMDRFREdFMTgyMgBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0Tw0jZAAAAACctx57dHonSK8X67z4ybu3U1ZHMjBFREdFMDUwNwBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 28 Mar 2023 15:52:47 GMT
X-Firefox-Spdy: h2