firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 22 Sep 2022 20:14:02 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6U3Xe3NcG8Pjhg99yZBUC33TSBCpBjZJrYdJUFTay2otKWk4QEJ2-g==
Age: 368
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4085
Expires: Thu, 22 Sep 2022 21:28:15 GMT
Date: Thu, 22 Sep 2022 20:20:10 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 22 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: M2SrE8P5a2UgUp20D_UKcRrb8zhJ_moF7Heh7ETv8Ojztco0_eFCWA==
age: 56696
X-Firefox-Spdy: h2
publisher.microsoftstart.com/
40.112.243.98301 Moved Permanently 0 B URL HTTP/1.1 publisher.microsoftstart.com/
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET / HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Date: Thu, 22 Sep 2022 20:20:10 GMT
Location: https://publisher.microsoftstart.com/
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 20:20:10 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 22 Sep 2022 20:03:22 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Thu, 22 Sep 2022 20:17:18 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: J49q3RiKHuJCFItIuNVodEwGoJbqAaxDPMHIsZpr6Ychd5TmDD2yQw==
Age: 1009
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 27130d660b6292580ff0e1535ba18927
c3da52bd88c369b8206d25139c98c77f8db35dca
a96750a3a9266ea151d363b90cc2a28f472e10ef8dc4c104ea5657e857ef0306
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 20:20:11 GMT
Server: ECS (amb/6B82)
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 86624f45fb3b7126dbe002f69c94dd86
30bcf274db5037122f989fb25dbf1e72c9ec417b
2cc9600578cf057dc499835773fb495caa60ac154c4945f0fc1f2b31d43f5502
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6141
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 20:20:11 GMT
Last-Modified: Thu, 22 Sep 2022 18:37:50 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.191.251.76101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.251.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IYVJVcqSh2Ku9GAzIYfOyQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 64IQuziawK0yH0/T9jbBhOiIWd4=
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 5e136317c0c71275860fcce48a860311
ea873b454c69b6bed9c6bfb32ca8b3d500c8cf3a
8280ba5f21730cd6cde3d0a3581bbdc319b5d707e268bc50f3b59d2846350830
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3353
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 20:20:12 GMT
Last-Modified: Thu, 22 Sep 2022 19:24:20 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280
www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/1a-bb39e7/ef-a24652?ver=2.0&_cf=02242021_3231
23.38.201.156200 OK 23 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/1a-bb39e7/ef-a24652?ver=2.0&_cf=02242021_3231
IP 23.38.201.156:0
File type Unicode text, UTF-8 text, with very long lines (64241)
Hash bb34fa956cd28133c85f395df38cd9d1
431626d79bb8538a90010651d1afae008bb0afd2
19ea0e7c6aee3590451b4dc1a1ed6b62e611cb478eb889aa7cdfe31968225ea5
GET /onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/1a-bb39e7/ef-a24652?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Aug 2022 21:37:58 GMT
x-activity-id: e769626d-8e0e-4f3f-b04a-85779eb43935
ms-cv: 4MCHWe9odEitRWH1.0
x-appversion: 1.0.8263.42159
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-08-17T07:25:18.0000000Z}
ms-operation-id: 6a1b9303a6c94a409f3b36b55ea07de4
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-08-23T21:37:58
x-s2: 2022-08-23T21:37:58
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 22578
cache-control: public, max-age=28948639
expires: Wed, 23 Aug 2023 21:37:31 GMT
date: Thu, 22 Sep 2022 20:20:12 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
x-rtag: RT
X-Firefox-Spdy: h2
publisher.microsoftstart.com/
40.112.243.98200 OK 30 kB URL HTTP/1.1 publisher.microsoftstart.com/
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10061), with CRLF, LF line terminators
Hash 459fb42b5094eb9038add881bbbaea1e
b8e5e639ae9fb1e4d0f2937be3765544ae90cc3d
b69a9fcfcc103ba993e242c47874914d6b8e40dbc2869bf456598c6362e7104d
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET / HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Content-Length: 29858
Content-Type: text/html; charset=utf-8
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Cache-Control: no-store, no-cache, must-revalidate
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Set-Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.30, ASP.NET
Link: <https://publisher.microsoftstart.com/wp-json/>; rel="https://api.w.org/", <https://publisher.microsoftstart.com/wp-json/wp/v2/pages/115>; rel="alternate"; type="application/json", <https://publisher.microsoftstart.com/>; rel=shortlink
statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css
23.36.76.96200 OK 473 B URL HTTP/1.1 statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css
IP 23.36.76.96:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (342), with CRLF line terminators
Hash a40589609d8e75c109e93abbff0dcf60
76ae9c943d54022e24b90467713a73a431eddd6d
2c959c2618be84448b26de18639db8a66126449c6ebb29f4f6d33e00adb5b069
GET /statics/override.css HTTP/1.1
Host: statics-marketingsites-wcus-ms-com.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 11 Jun 2019 23:22:13 GMT
ETag: 0x8D6EEC3A2D67C35
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0be3c9b2-601e-001b-2ec3-662498000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Vary: Accept-Encoding
Content-Encoding: gzip
Unused62: 8096267
Content-Length: 473
Date: Thu, 22 Sep 2022 20:20:12 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b9893dbb93b5cc3cb8637b496ecd3c1c
007b31caa727ce627f6ba81a3f43326a1538181e
b82608484e9e9dbf009de73986da468fff9833e5d040016b3214b8774ba9f500
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 20:20:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/a0-23c4ba/a7-f7a340/48-6ed936/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/37-8473b9?ver=2.0&_cf=02242021_3231&iife=1
23.38.201.156200 OK 36 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/a0-23c4ba/a7-f7a340/48-6ed936/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/37-8473b9?ver=2.0&_cf=02242021_3231&iife=1
IP 23.38.201.156:0
File type ASCII text, with very long lines (42133)
Hash 457c64e69f73a625fe291fae02c1b927
ab2aa2e7b4e37daaeb60f17698a5a886d501385e
094ea09c58e064dc91cfa128356e975744d1e546948c61ed9852e0fe3e158134
GET /onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/a0-23c4ba/a7-f7a340/48-6ed936/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/37-8473b9?ver=2.0&_cf=02242021_3231&iife=1 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Aug 2022 21:27:42 GMT
x-activity-id: ba1a6d7b-e993-45ae-a14b-260b61045c46
ms-cv: eHE/b/kYDkWjU+WL.0
x-appversion: 1.0.8263.42159
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-08-17T07:25:18.0000000Z}
ms-operation-id: 819762409931f041bf59e7a7daace4b8
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-08-23T21:27:42
x-s2: 2022-08-23T21:27:42
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 35578
cache-control: public, max-age=28948020
expires: Wed, 23 Aug 2023 21:27:12 GMT
date: Thu, 22 Sep 2022 20:20:12 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
x-rtag: RT
X-Firefox-Spdy: h2
mktdplp102cdn.azureedge.net/public/latest/js/ws-tracking.js?v=1.77.1005
152.199.19.161200 OK 2.3 kB URL HTTP/2 mktdplp102cdn.azureedge.net/public/latest/js/ws-tracking.js?v=1.77.1005
IP 152.199.19.161:0
File type ASCII text, with very long lines (5347), with no line terminators
Hash dc605b6ac4974e513a4f08280bad84d4
8cf4827782c6e0bebca7850f9859f7c999a92c1d
ff5637f77aebb3242cbe8f9ca131e63cfe5f4de8e374080c6ec48d3b7c194bdf
GET /public/latest/js/ws-tracking.js?v=1.77.1005 HTTP/1.1
Host: mktdplp102cdn.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 285432
content-md5: FjqakIjSeEkZwkM9tXKB2Q==
content-type: application/x-javascript
date: Thu, 22 Sep 2022 20:20:12 GMT
etag: 0x8DA9A3EDE75C095
last-modified: Mon, 19 Sep 2022 13:00:03 GMT
server: ECAcc (ska/F6EF)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: c492624a-b01e-0067-7a28-cc435f000000
x-ms-version: 2009-09-19
content-length: 2325
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5f68499f2ba3b2c5aa7e979ee9b4d3a8
67a456fe80bd69aa2fbd0331ba343d1789509d0f
394e18527ce3ad7de2274de2e5e6a7f3fb390e7d6c4f7342ab485b7794e169e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 20:20:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js?v=1.77.1005
152.199.19.161200 OK 78 kB URL HTTP/2 mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js?v=1.77.1005
IP 152.199.19.161:0
File type ASCII text, with very long lines (65494)
Hash e069fff2aa03edbc21f45090fc4eb4db
39856fc28a29a4cc24e0e1209da98fd491725bee
666c13dbb7a77b0b96c3d7264974abcc9583b36951d9a40ae9b8bdae0fd6aa07
GET /public/latest/js/form-loader.js?v=1.77.1005 HTTP/1.1
Host: mktdplp102cdn.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 285431
content-md5: 1KmUMplSdP7sojHoH8OUuw==
content-type: application/x-javascript
date: Thu, 22 Sep 2022 20:20:12 GMT
etag: 0x8DA9A3EDE6CC0A1
last-modified: Mon, 19 Sep 2022 13:00:03 GMT
server: ECAcc (ska/F762)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3d7aa630-601e-005b-2c28-cc6a98000000
x-ms-version: 2009-09-19
content-length: 78329
X-Firefox-Spdy: h2
publisher.microsoftstart.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
40.112.243.98200 OK 17 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (43771)
Hash 80e77ee88576bf29fce3627b7a68ba93
cad7a80e221262df968ef3cf18edbfc2c6a01388
7629ec786ee7f42bbd14715062a2e8fafe210484570acd4f06aef19191e160d6
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 16612
Content-Type: text/css
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "ac4a7fb86c96d81:0"
Last-Modified: Wed, 13 Jul 2022 03:57:50 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
40.112.243.98200 OK 40 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65447)
Hash 59e233ae35f844463587a189f62aacef
92f46e8f1d1954040e9ff19d7702e5ac3cd1ecd6
3ba6995e7f9d8ad74faf6ca6a812ba743dc8d237ef570151fbd20ee8719e4f63
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 39763
Content-Type: application/x-javascript
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "71dcda5975fd81:0"
Last-Modified: Tue, 03 May 2022 16:03:38 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 1ce36e8a87e030e4260315969e382d36
39f8aab0f85e12fb4b2f035080b77f53b5b66ebc
5fc6a22a285ba944c70306cd3e14d83ecd6cf1c16723fd35aa4e5f07ef87ff3f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 22 Sep 2022 20:20:12 GMT
Last-Modified: Thu, 22 Sep 2022 18:58:30 GMT
Server: ECS (nyb/1D1A)
X-Cache: Miss from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BUt40b9W0AXdhhcQFh9nqxWDZY6I0IyjTF-nGFXB8m7UFFIB9NrDTg==
Age: 4902
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6810
Expires: Thu, 22 Sep 2022 22:13:42 GMT
Date: Thu, 22 Sep 2022 20:20:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6810
Expires: Thu, 22 Sep 2022 22:13:42 GMT
Date: Thu, 22 Sep 2022 20:20:12 GMT
Connection: keep-alive
publisher.microsoftstart.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
40.112.243.98200 OK 5.0 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (11126)
Hash f9aa3aa9fd0743851fe52747dc98ab58
20efd968d25b0f720cc71f97b8522f95120085a1
a6a2336d4bbf7f10472afd72c043f7a3bc4628665efcf53af07f0dd24a7c8483
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 4994
Content-Type: application/x-javascript
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "90abb45975fd81:0"
Last-Modified: Tue, 03 May 2022 16:03:38 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6810
Expires: Thu, 22 Sep 2022 22:13:42 GMT
Date: Thu, 22 Sep 2022 20:20:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6810
Expires: Thu, 22 Sep 2022 22:13:42 GMT
Date: Thu, 22 Sep 2022 20:20:12 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf89a4b3-f586-4870-ab26-efb054f637fd.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf89a4b3-f586-4870-ab26-efb054f637fd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91c56f0b9810bfdd84e10a626b89e389
15d83e44d568938b6c9c87201e898cedb3edec0a
942de9764e1c408f7512759774aab0479db201e6fae15ccc39e653adae4cb86f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf89a4b3-f586-4870-ab26-efb054f637fd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8678
x-amzn-requestid: c671a9ab-c5d0-4743-b13e-cc9a47e3d2fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1F0vEThIAMFSwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b8351-17ed13811d3833ea00a34423;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:34:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2Oem-Kw-aCUa2rA9B9-7CDYcZ-G968tFPnsrL5wJ9Dia43T5u6RDtg==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:34:09 GMT
etag: "15d83e44d568938b6c9c87201e898cedb3edec0a"
content-type: image/jpeg
age: 81963
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd654e30-611f-4c64-b1ad-43ca9fdedc0e.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd654e30-611f-4c64-b1ad-43ca9fdedc0e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c0201d377c57a684452c0d26372e674d
3829f81048cc63b5f0d1e82dfbe3b8e31646e733
efa055dc93267be2dddd94b334c0655c2e1f1682467fd738e013a778aea175b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd654e30-611f-4c64-b1ad-43ca9fdedc0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14397
x-amzn-requestid: 18122f14-4c48-43b3-b312-218f3ae84d93
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yv1B8EVfoAMF3dQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63296872-3d23a04565d70f3c5403007b;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:14:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 9zc5SsL1SB9GtwMkVWcNLJzC-MfOd-5TiQck5s6-MV23RWPqWPAgtA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 18:00:45 GMT
age: 8367
etag: "3829f81048cc63b5f0d1e82dfbe3b8e31646e733"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da8b8819fc21dcfb224ce0e7ecdc6772
e460ad4376cd118a6fe8b6b050af9398117d9531
9d0cf5fe17040e6c494d1596c24f01501babff37c95caa47d048b5e1aefa7697
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9901
x-amzn-requestid: bfdfb11f-7ec5-460b-8759-41033451e2a6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1ueDEUOIAMFq5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632bc459-6f8ebea8143c58f652dc61e8;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 02:11:37 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ln0EYmIyTWExYNLVEv-ZYhdCAYVju_Wu2S-_p5GfD_Kev99yrKwRcg==
via: 1.1 b838ef1ff22a4a994af82d5178c30e1c.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 05:53:43 GMT
age: 51989
etag: "e460ad4376cd118a6fe8b6b050af9398117d9531"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash af5773255351157d72c28a670a355c60
c803e5866edbe6c9baec14e93677f610bdf09bff
3229b4aa1c698647ad96d114174782549ad240f1b2c4ba8c268165a16afc84f0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10754
x-amzn-requestid: 2d03531d-6055-477f-9cb6-9ea9fa27eeb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1F0vHJ4IAMF42Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b8351-692620e80d5b2efe1d0e3a82;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:34:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: eYUP9NfAkmU4A-mZvysejq1228Qfb8vbfdXOaHQvr6mjXhnVoWdqJw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:34:09 GMT
etag: "c803e5866edbe6c9baec14e93677f610bdf09bff"
content-type: image/jpeg
age: 81963
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb0692-30b9-4b69-a748-f7a4474a72e0.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb0692-30b9-4b69-a748-f7a4474a72e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9becda6e892a190dbbc63216ae697506
ba3369e1827d8f01ca10acb8648195847dd02ffd
d71dd28e0ff260326ba0c30748fa11160f4544c2a264d3a3dc361af0de9fd283
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb0692-30b9-4b69-a748-f7a4474a72e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11286
x-amzn-requestid: 7263b60d-fffe-4c0b-8de5-59dc9ac92a47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GwZHOaIAMFSQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b84cf-62e160b156b587cc21c7fda5;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QxgrVMX7xwI6qE3T3-LRS3JWoJauPyvCSb9TacW9-ktw-BIq5PSF-g==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:48:26 GMT
etag: "ba3369e1827d8f01ca10acb8648195847dd02ffd"
content-type: image/jpeg
age: 81106
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 62818de3c50f957b2e5680851a1768c9
80e48c9ae48c89598780736b089c98e22d58df9a
16f2c2d23e8641a3f297a175730343d11120a228c0fe846c0fdf1e39212c522c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8549
x-amzn-requestid: 6d44626b-16c6-4f19-ae52-d5350065b390
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GwPHJJoAMFdfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b84ce-46ebc35612eb7a4473b36189;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:40:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UoQTXSP0LgR4LwELp2Avm27hUekfO9TU9yfvNbIlmUtB-FrU9MGRbg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:48:19 GMT
age: 81113
etag: "80e48c9ae48c89598780736b089c98e22d58df9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
publisher.microsoftstart.com/wp-content/plugins/login-with-azure/css/style_login_widget.css?ver=6.0.2
40.112.243.98200 OK 1.2 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/plugins/login-with-azure/css/style_login_widget.css?ver=6.0.2
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash b0c3a8dd283c4d06d0dd344115d5087a
3a703fc9be34533f5436f95556ad96ec0565c0b7
1e1bd4421f7d0083b58e1a3298fbd93a73381f4c00f958e0afed39b44380f30f
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET /wp-content/plugins/login-with-azure/css/style_login_widget.css?ver=6.0.2 HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 1207
Content-Type: text/css
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "57832a1975fd81:0"
Last-Modified: Tue, 03 May 2022 16:01:49 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/themes/tailpress-1/css/app.css?ver=3.0.0
40.112.243.98200 OK 8.1 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/themes/tailpress-1/css/app.css?ver=3.0.0
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 9c0c832b9094026dc3c76a7834517c74
24d2c1d1f5aa6dfd2f15854f15415d8a2a7ad09b
dd4af2a13659213f1d7d8dd2ca869d1be756bfcf130bc2aa8f574e9f9dfec6d8
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET /wp-content/themes/tailpress-1/css/app.css?ver=3.0.0 HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 8103
Content-Type: text/css
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "fbc043a75fd81:0"
Last-Modified: Tue, 03 May 2022 16:02:45 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/plugins/login-with-azure/css/login-page.css?ver=6.0.2
40.112.243.98200 OK 581 B URL HTTP/1.1 publisher.microsoftstart.com/wp-content/plugins/login-with-azure/css/login-page.css?ver=6.0.2
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 32a3f1a33c20576e3c3ea1a6e94cdb42
4f43d49c1975861527a7ecf1553e631c364b4865
654900e7461eb2a21517be0dcf1a4d1edc6210e288c9efc67e70cc6543abec3a
GET /wp-content/plugins/login-with-azure/css/login-page.css?ver=6.0.2 HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 581
Content-Type: text/css
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "8cbe251975fd81:0"
Last-Modified: Tue, 03 May 2022 16:01:49 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/plugins/login-with-azure/css/font-awesome.css?ver=6.0.2
40.112.243.98200 OK 8.3 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/plugins/login-with-azure/css/font-awesome.css?ver=6.0.2
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type troff or preprocessor input, ASCII text, with very long lines (372)
Hash 25f5ae557d55c81ace56799736b0c209
636b9f604e9bf2a385ca45b49b26d713f23cb974
317c231ab9d03607e6872437e33f38aeb7dd22bffa2411d76155040c23f29c53
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET /wp-content/plugins/login-with-azure/css/font-awesome.css?ver=6.0.2 HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 8322
Content-Type: text/css
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "e15a231975fd81:0"
Last-Modified: Tue, 03 May 2022 16:01:49 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/plugins/popup-maker/assets/css/pum-site.min.css?ver=1.16.7
40.112.243.98200 OK 2.3 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/plugins/popup-maker/assets/css/pum-site.min.css?ver=1.16.7
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (7444), with no line terminators
Hash 81ed64683011ddca44a25ffb47835283
b3a8155a01dc49a24ea757506c84a98aaad70d42
2793871b2d8fa695ff6c7384fc4d03410ec0d1ed55fbec099c89a416410987c1
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET /wp-content/plugins/popup-maker/assets/css/pum-site.min.css?ver=1.16.7 HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 2286
Content-Type: text/css
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "b122e61f75fd81:0"
Last-Modified: Tue, 03 May 2022 16:02:01 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/themes/tailpress-1/js/app.js?ver=3.0.0
40.112.243.98200 OK 311 B URL HTTP/1.1 publisher.microsoftstart.com/wp-content/themes/tailpress-1/js/app.js?ver=3.0.0
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 4f30e8224e0ec35208a42471d885f1e4
f9e5f2e2af43c9ff7f1a5ff1cd4a1e6a27c3e247
6fd382a047ff7f029e94c85ab3dd9ccfd6eb40f2b29ff7689a5830d1521f6ee6
GET /wp-content/themes/tailpress-1/js/app.js?ver=3.0.0 HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 311
Content-Type: application/x-javascript
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "18fb1e3a75fd81:0"
Last-Modified: Tue, 03 May 2022 16:02:45 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
40.112.243.98200 OK 6.6 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (15660)
Hash 5b49ac9423f60e2bc202fd0f262dcbca
8b8e9dc543c50fa37c93b4813e7b1df0b1e3c6ca
eece78511ada5a18c5969ad63f3458f1f1886adc05d198036c7dbf4f442299ab
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 6568
Content-Type: application/x-javascript
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "fef3282ec6fd81:0"
Last-Modified: Wed, 25 May 2022 04:04:19 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/plugins/microsoft-uhf/assets/microsoft-uhf.js?ver=0.1.1
40.112.243.98200 OK 1.2 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/plugins/microsoft-uhf/assets/microsoft-uhf.js?ver=0.1.1
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 192f497aacae1a97abdd1b6b84fc7737
9ccf73b7c2bc2a04caa02acbe4dbf36dc5e573f6
c3bd18b0b69758cc1c7f26e21e6ae7249081e912a02c888107cf9efa13d9f35a
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET /wp-content/plugins/microsoft-uhf/assets/microsoft-uhf.js?ver=0.1.1 HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 1210
Content-Type: application/x-javascript
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "a3446d1975fd81:0"
Last-Modified: Tue, 03 May 2022 16:01:50 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
40.112.243.98200 OK 6.9 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash 6037144bd15a4ad4bcb7d7a3e75cbbca
a8ee650a48e6ccfccb5db20c2c276f25433027c2
4b75d9f34e5f414379359f6964020cb45d39526931286ced81eac7c154e3fb4b
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 6927
Content-Type: application/x-javascript
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "80f6b880ec6fd81:0"
Last-Modified: Wed, 25 May 2022 04:04:17 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/plugins/popup-maker/assets/js/site.min.js?defer&ver=1.16.7
40.112.243.98200 OK 17 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/plugins/popup-maker/assets/js/site.min.js?defer&ver=1.16.7
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash 0c64c23f0a257f77ae7984107989108e
26d5af6807b5742c38897f682214a194cdc58337
159529b778340e10759a306ff6a920bdc3d60ca532a24372b8299ac3398500b7
Analyzer Verdict Alert openphish Office365
GET /wp-content/plugins/popup-maker/assets/js/site.min.js?defer&ver=1.16.7 HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 17225
Content-Type: application/x-javascript
Date: Thu, 22 Sep 2022 20:20:12 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "0f95f2075fd81:0"
Last-Modified: Tue, 03 May 2022 16:02:02 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
www.socialintents.com/json/jsonGV.jsp?uid=2c9fa0e17fcdc835017fe661086e1ef7&callback=jsonCallback&_=1663878012469
35.83.245.184200 OK 128 B URL HTTP/2 www.socialintents.com/json/jsonGV.jsp?uid=2c9fa0e17fcdc835017fe661086e1ef7&callback=jsonCallback&_=1663878012469
IP 35.83.245.184:0
Hash fd0614c274deceba828b50cd0b9dd1a2
3b150ad13bf09f3fc04ade698efb11f5f21596a6
eaf8c9505e4665fb9e74c4ede987c7d7db33f5843e1eeb020a550f46cf396111
GET /json/jsonGV.jsp?uid=2c9fa0e17fcdc835017fe661086e1ef7&callback=jsonCallback&_=1663878012469 HTTP/1.1
Host: www.socialintents.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: AWSALBCORS=EYFOULIKUUQVwF8mSCLfTfX08WnORpWeqUYNr0RbJXaBIwrZ5oUE0+b4vIkiTKDQqS7ljCKGxhg129I4jOu8xqby7PJnSWjbGd1wg0FsVXltha7OahBlFjQiIo2s
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 20:20:13 GMT
content-type: application/json;charset=UTF-8
content-length: 128
set-cookie: AWSALB=KZuxQ5W5NTMcXFZFZq86rUQkibldhsc07p4z6BxyuKJOthtmyaHWBZq9fu7LcpVDD/DwhGBIScCjJvjc3kWL9+F29FIz40oLXYzB9wtvBFCelNN7F+ihlfsNDClF; Expires=Thu, 29 Sep 2022 20:20:13 GMT; Path=/
AWSALBCORS=KZuxQ5W5NTMcXFZFZq86rUQkibldhsc07p4z6BxyuKJOthtmyaHWBZq9fu7LcpVDD/DwhGBIScCjJvjc3kWL9+F29FIz40oLXYzB9wtvBFCelNN7F+ihlfsNDClF; Expires=Thu, 29 Sep 2022 20:20:13 GMT; Path=/; SameSite=None; Secure
JSESSIONID=C5430CB62843E65F00154E498490B290; Path=/; Secure; SameSite=None; Secure; HttpOnly; SameSite=None
server: nginx/1.20.0
X-Firefox-Spdy: h2
publisher.microsoftstart.com/app.css
40.112.243.98404 Not Found 29 kB URL HTTP/1.1 publisher.microsoftstart.com/app.css
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (10061), with CRLF, LF line terminators
Hash 2c37fcc55251bb57ee8adb6116a20b2d
117e336e25402dc69348822826b3a27ebee8172b
00089e38cd408a28d6e37030b94de34f2c257b75c82695d612fea8980bc5315e
Analyzer Verdict Alert openphish Office365
GET /app.css HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Content-Length: 28848
Content-Type: text/html; charset=utf-8
Date: Thu, 22 Sep 2022 20:20:13 GMT
Server: Microsoft-IIS/10.0
Cache-Control: no-cache, must-revalidate, max-age=0
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Pragma: no-cache
X-Powered-By: PHP/7.4.30, ASP.NET
Link: <https://publisher.microsoftstart.com/wp-json/>; rel="https://api.w.org/"
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
23.36.76.186200 OK 4.1 kB URL HTTP/2 img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
IP 23.36.76.186:0
ASN #20940 Akamai International B.V.
File type PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f14c20150a003d7ce4de57c298f0fba
daa53cf17cc45878a1b153f3c3bf47dc9669d78f
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
GET /cms/api/am/imageFileData/RE1Mu3b?ver=5c31 HTTP/1.1
Host: img-prod-cms-rt-microsoft-com.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
last-modified: Sat, 17 Sep 2022 20:22:04 GMT
x-source-length: 4054
x-datacenter: northeu
x-activityid: bbef4b2b-7038-48db-bee2-5c178f5fa7a2
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 4054
cache-control: public, max-age=388927
expires: Tue, 27 Sep 2022 08:22:20 GMT
date: Thu, 22 Sep 2022 20:20:13 GMT
X-Firefox-Spdy: h2
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
23.38.201.156200 OK 26 kB URL HTTP/2 www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
IP 23.38.201.156:0
File type Web Open Font Format, TrueType, length 26288, version 0.0\012- data
Hash d0263dc03be4c393a90bda733c57d6db
8a032b6deab53a33234c735133b48518f8643b92
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
GET /mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://publisher.microsoftstart.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
last-modified: Tue, 14 Jun 2022 13:23:15 GMT
x-activity-id: 433fff9c-ac1c-4827-bb3b-a2ca5fa6dd83
ms-cv: /0+3RKV7ykuNLoKI.0
x-appversion: 1.0.8167.41521
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-05-13T07:04:02.0000000Z}
ms-operation-id: 2f08fc2d143919438bfe914fdfecfc02
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 26288
cache-control: public, max-age=22870989
expires: Wed, 14 Jun 2023 13:23:22 GMT
date: Thu, 22 Sep 2022 20:20:13 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
x-rtag: RT
X-Firefox-Spdy: h2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
23.38.201.156200 OK 34 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
IP 23.38.201.156:0
File type Web Open Font Format (Version 2), TrueType, length 34052, version 0.0\012- data
Hash 36397a3bc139c6e9f81d383f060f080a
3f4f86c10920d4ed345f4858b6cde9f93e1aeb81
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
GET /static/fonts/segoe-ui/west-european/normal/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://publisher.microsoftstart.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 34052
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "588d483e9c7d51:0"
cache-control: public, max-age=350390
expires: Mon, 26 Sep 2022 21:40:03 GMT
date: Thu, 22 Sep 2022 20:20:13 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
mktdplp102cdn.azureedge.net/public/latest/js/ws-tracking.js?v=1.77.1005
152.199.19.161304 Not Modified 0 B URL HTTP/2 mktdplp102cdn.azureedge.net/public/latest/js/ws-tracking.js?v=1.77.1005
IP 152.199.19.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /public/latest/js/ws-tracking.js?v=1.77.1005 HTTP/1.1
Host: mktdplp102cdn.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 19 Sep 2022 13:00:03 GMT
If-None-Match: 0x8DA9A3EDE75C095
TE: trailers
HTTP/2 304 Not Modified
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 285433
date: Thu, 22 Sep 2022 20:20:13 GMT
etag: 0x8DA9A3EDE75C095
last-modified: Mon, 19 Sep 2022 13:00:03 GMT
server: ECAcc (ska/F6EF)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: c492624a-b01e-0067-7a28-cc435f000000
x-ms-version: 2009-09-19
X-Firefox-Spdy: h2
mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js?v=1.77.1005
152.199.19.161304 Not Modified 0 B URL HTTP/2 mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js?v=1.77.1005
IP 152.199.19.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /public/latest/js/form-loader.js?v=1.77.1005 HTTP/1.1
Host: mktdplp102cdn.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 19 Sep 2022 13:00:03 GMT
If-None-Match: 0x8DA9A3EDE6CC0A1
TE: trailers
HTTP/2 304 Not Modified
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 285432
date: Thu, 22 Sep 2022 20:20:13 GMT
etag: 0x8DA9A3EDE6CC0A1
last-modified: Mon, 19 Sep 2022 13:00:03 GMT
server: ECAcc (ska/F762)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3d7aa630-601e-005b-2c28-cc6a98000000
x-ms-version: 2009-09-19
X-Firefox-Spdy: h2
publisher.microsoftstart.com/wp-content/uploads/2022/03/los-angeles.png
40.112.243.98200 OK 2.0 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/los-angeles.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 194 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash c54ab89f392e64d47ed4ab9b5b2c25a5
6889092028caada6ffb011460ddbc0d85f97388c
ee2db7658ed3f7f0334608b4b59ac4d135ce0dd8c661b2ff078651ecbcb6bb54
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/los-angeles.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 2035
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:13 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "121fad4275fd81:0"
Last-Modified: Tue, 03 May 2022 16:02:59 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/connect.svg
40.112.243.98200 OK 2.1 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/connect.svg
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1010), with CRLF line terminators
Hash eb5dc0e1905f09808aad0b9a4f5615dc
682be40dfc6e28b69b74865f0563d1838ea2dd52
11005bd96e1d108ddc55dacadcbfb3ea50b2f69feea6d6a9e0f6a63f91981903
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET /wp-content/uploads/2022/03/connect.svg HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 2110
Content-Type: image/svg+xml
Date: Thu, 22 Sep 2022 20:20:13 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "869e34275fd81:0"
Last-Modified: Tue, 03 May 2022 16:02:58 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/create.svg
40.112.243.98200 OK 1.6 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/create.svg
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (508), with CRLF line terminators
Hash c064ebf61129e717c0090b27f3cb677d
9bec4ea8cd0cef1b6ddbbcd4a7c876be77031158
3c1e09bc4d171035121d72b0ab7c6d1e71a94b1112cfc9c7142e8b396a01241e
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET /wp-content/uploads/2022/03/create.svg HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 1588
Content-Type: image/svg+xml
Date: Thu, 22 Sep 2022 20:20:13 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "763ed4275fd81:0"
Last-Modified: Tue, 03 May 2022 16:02:58 GMT
X-Powered-By: ASP.NET
mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js?v=1.77.1005
152.199.19.161304 Not Modified 0 B URL HTTP/2 mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js?v=1.77.1005
IP 152.199.19.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /public/latest/js/form-loader.js?v=1.77.1005 HTTP/1.1
Host: mktdplp102cdn.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 19 Sep 2022 13:00:03 GMT
If-None-Match: 0x8DA9A3EDE6CC0A1
TE: trailers
HTTP/2 304 Not Modified
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 285433
date: Thu, 22 Sep 2022 20:20:14 GMT
etag: 0x8DA9A3EDE6CC0A1
last-modified: Mon, 19 Sep 2022 13:00:03 GMT
server: ECAcc (ska/F762)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3d7aa630-601e-005b-2c28-cc6a98000000
x-ms-version: 2009-09-19
X-Firefox-Spdy: h2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
23.38.201.156200 OK 29 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
IP 23.38.201.156:0
File type Web Open Font Format (Version 2), TrueType, length 29388, version 0.0\012- data
Hash 6e75a94d5f7170a1ab532d32c2a35755
9c1b6fff544089941bbeddbcf529c3f0b46d853a
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
GET /static/fonts/segoe-ui/west-european/Semibold/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://publisher.microsoftstart.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 29388
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "5b68d583e9c7d51:0"
cache-control: public, max-age=339645
expires: Mon, 26 Sep 2022 18:40:59 GMT
date: Thu, 22 Sep 2022 20:20:14 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
mktdplp102cdn.azureedge.net/public/latest/js/ws-tracking.js?v=1.77.1005
152.199.19.161304 Not Modified 0 B URL HTTP/2 mktdplp102cdn.azureedge.net/public/latest/js/ws-tracking.js?v=1.77.1005
IP 152.199.19.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /public/latest/js/ws-tracking.js?v=1.77.1005 HTTP/1.1
Host: mktdplp102cdn.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 19 Sep 2022 13:00:03 GMT
If-None-Match: 0x8DA9A3EDE75C095
TE: trailers
HTTP/2 304 Not Modified
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 285434
date: Thu, 22 Sep 2022 20:20:14 GMT
etag: 0x8DA9A3EDE75C095
last-modified: Mon, 19 Sep 2022 13:00:03 GMT
server: ECAcc (ska/F6EF)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: c492624a-b01e-0067-7a28-cc435f000000
x-ms-version: 2009-09-19
X-Firefox-Spdy: h2
publisher.microsoftstart.com/wp-content/uploads/2022/03/story-background.svg
40.112.243.98200 OK 852 B URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/story-background.svg
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (492), with CRLF line terminators
Hash 5a536937285b2d1ab10617fbd4174878
07b2c4621df05bb33d16f47ddc6133d3b47f485a
412bae5ce0f1717032f7ab2706b1a99f0aedc40cbfb967c0fd860fa7dec66614
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET /wp-content/uploads/2022/03/story-background.svg HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 852
Content-Type: image/svg+xml
Date: Thu, 22 Sep 2022 20:20:13 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "556bf94275fd81:0"
Last-Modified: Tue, 03 May 2022 16:03:00 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/widget.png
40.112.243.98200 OK 268 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/widget.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 1180 x 660, 8-bit colormap, non-interlaced\012- data
Size 268 kB (268105 bytes)
Hash 9f619afc0185cf5c10242b82f81f2977
2d9e446262dafbb0cf0b2f31b486a19580d7c03b
ad3bdda423eb8ed56307d0de294d2c73a451800ee14cab4838e1e5932eecdaa7
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/widget.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 268105
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:13 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "b253624375fd81:0"
Last-Modified: Tue, 03 May 2022 16:03:00 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/cash.svg
40.112.243.98200 OK 2.4 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/cash.svg
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1337), with CRLF line terminators
Hash 4a487df08185f0b7c699e1d4dc5f4fc1
4c6ee04056780cd6d7d0cc48bfa295fa842929f5
28e530b34e424d16913a64a097d31e5c30d59fa65b2635f0c7c2595d33e302ad
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET /wp-content/uploads/2022/03/cash.svg HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 2436
Content-Type: image/svg+xml
Date: Thu, 22 Sep 2022 20:20:13 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "5ad9fe4175fd81:0"
Last-Modified: Tue, 03 May 2022 16:02:58 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/mobile.png
40.112.243.98200 OK 137 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/mobile.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 1180 x 660, 8-bit colormap, non-interlaced\012- data
Size 137 kB (137372 bytes)
Hash d96597c5a9698e2a3e783d7d4ad92f37
6f41c4c5665b892dff585697d06d344ac6e549aa
da9bb7c6952e5d5a8d0952b5494538f3c3906a6910b2036f9c923010b5c33d49
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/mobile.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 137372
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:13 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "2580ce4275fd81:0"
Last-Modified: Tue, 03 May 2022 16:02:59 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/edge.png
40.112.243.98200 OK 247 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/edge.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 1180 x 660, 8-bit colormap, non-interlaced\012- data
Size 247 kB (246987 bytes)
Hash 7922dc45abf6f6bebf350629e6ebb8ed
6d12fc33e8ed79edfb7946b25b366cbf416afffb
f79d82c0a50950d392b79f3d5d620e666a3fd093381a530da4f3fd239d924d02
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/edge.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 246987
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:13 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "825314275fd81:0"
Last-Modified: Tue, 03 May 2022 16:02:58 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/usa-today.png
40.112.243.98200 OK 2.1 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/usa-today.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 121 x 44, 8-bit/color RGBA, non-interlaced\012- data
Hash 7e6c75f43447416a5fff9ddff06f0ce1
abd8284784abbec80b84b703112905580a27d258
68789000567b30903d14da6f207c2c0960ae9b31d5644895c75a26e33dc5c957
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/usa-today.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 2052
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:13 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "cf69184375fd81:0"
Last-Modified: Tue, 03 May 2022 16:03:00 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/univision.png
40.112.243.98200 OK 2.2 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/univision.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 159 x 31, 8-bit/color RGBA, non-interlaced\012- data
Hash 6cf75a2dc00c4aaa672849df41f901cd
f1dc2962a32d220364923ce6ee7855a9d21a20aa
0d15ffc033dcc15878265026608a21591cc82d1de1f4fe3c6fc0e07e243bd930
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/univision.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 2220
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:14 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "7e43114375fd81:0"
Last-Modified: Tue, 03 May 2022 16:03:00 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/bloomberg.png
40.112.243.98200 OK 2.2 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/bloomberg.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 133 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash 3eacfa7d66abcc577ef245511358cd69
a1e08be805b13f2f95fc8a391449357cafa75516
7e28c4ab0b9e48d9821fdc26f15d32e508ee3321be203739ef351e4fd5c7153c
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/bloomberg.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 2174
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:14 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "8adbc04175fd81:0"
Last-Modified: Tue, 03 May 2022 16:02:57 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/car-driver.png
40.112.243.98200 OK 1.6 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/car-driver.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 151 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash f10597351b9c5218acd7ca6fbd2bdf93
5c43a0a0beb58eed33e377af8cff629084f99032
c07729bdb7bcaf8ebe669b58d10cb80c2fe9fba5f56471606796410645cb0741
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/car-driver.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 1638
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:14 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "6b15fa4175fd81:0"
Last-Modified: Tue, 03 May 2022 16:02:58 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/05/GettyImages-1287618155-scaled-e1652293380567.jpg
40.112.243.98200 OK 543 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/05/GettyImages-1287618155-scaled-e1652293380567.jpg
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 82", baseline, precision 8, 2560x1920, components 3\012- data
Size 543 kB (542975 bytes)
Hash 7afa905df2c2f1b6b778e915facdb098
dc094e7dbb39d543dc5e915ce01f9f6ec69d0d1f
0dab41117224da7ce11772d497c908911efc945e75cf4c7c3a8ae1d6dac1e008
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/05/GettyImages-1287618155-scaled-e1652293380567.jpg HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 542975
Content-Type: image/jpeg
Date: Thu, 22 Sep 2022 20:20:13 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "533b93256465d81:0"
Last-Modified: Wed, 11 May 2022 18:23:00 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/traveler.png
40.112.243.98200 OK 2.6 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/traveler.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 107 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash 0e56ab46b01dc0b9615f23d750eb7c76
65674c87cb02af6ca74dcf3bac68bd6803a82ddf
2a622b2278b184518c0f600dad5eae7864c23443e732d75476e7d8c0baacdc74
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/traveler.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 2625
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:14 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "ae2ffe4275fd81:0"
Last-Modified: Tue, 03 May 2022 16:03:00 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/wall-stereet.png
40.112.243.98200 OK 5.2 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/wall-stereet.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 229 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash cfa5af933b4fa67a359357269f1041d2
94da71d0625379ca3badd1c1529271f708d73ed6
c42590b65a036fc8f282d590521e7c7dcbb3498e4c3e9ebab0a5cc3fbcc63fb0
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/wall-stereet.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 5195
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:14 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "58f3214375fd81:0"
Last-Modified: Tue, 03 May 2022 16:03:00 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/reuters.png
40.112.243.98200 OK 3.2 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/reuters.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 146 x 36, 8-bit/color RGBA, non-interlaced\012- data
Hash 62102294aa1b0579b2c6a3c5add52b53
92f40c07130228c7419a512fc0e08f53a615024f
5151c7945712723b6ac224d010f1fa52d37bd1e8a48a14221a726e6525caaefb
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/reuters.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 3235
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:14 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "76a6f44275fd81:0"
Last-Modified: Tue, 03 May 2022 16:03:00 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/05/GettyImages-951266314-1-scaled.jpg
40.112.243.98200 OK 420 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/05/GettyImages-951266314-1-scaled.jpg
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 82", baseline, precision 8, 2560x1715, components 3\012- data
Size 420 kB (419599 bytes)
Hash 5e7d7105754a94eea933a3487848ef78
47b2dcc58d283389604800afed2cbe694873da67
a070287a18de45a24b56a65ed14b04ade6ba236a182d5efb70dd00fc3ad9c78a
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/05/GettyImages-951266314-1-scaled.jpg HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 419599
Content-Type: image/jpeg
Date: Thu, 22 Sep 2022 20:20:13 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "a991de37da5fd81:0"
Last-Modified: Wed, 04 May 2022 17:13:05 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/msn.png
40.112.243.98200 OK 214 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/msn.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 1180 x 660, 8-bit colormap, non-interlaced\012- data
Size 214 kB (213560 bytes)
Hash 1c150c89d0a4a78006d507fbd646116d
81d1548d953390d06869af017538e498e5660a53
ba1012daa04a936f14b6ac8d3ba5f34b017bd9acfbff84bb5df7db74f5c272ec
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/msn.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 213560
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:13 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "b2e1ef4275fd81:0"
Last-Modified: Tue, 03 May 2022 16:02:59 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/08/WP-com-logo.png
40.112.243.98200 OK 22 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/08/WP-com-logo.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 520 x 98, 8-bit/color RGBA, non-interlaced\012- data
Hash e3efc26624e6ca19cea3fcd2ff5a88b8
992f2751cec14d2e1dde8e40476960253d6f184a
64c1aff4b321ffd30515195459afee6dfbe4beed33ba5dd7240d679985ec7242
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/08/WP-com-logo.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 21451
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:14 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "ae2229588caed81:0"
Last-Modified: Fri, 12 Aug 2022 20:44:40 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/ugc.png
40.112.243.98200 OK 4.9 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/ugc.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 476 x 72, 8-bit/color RGBA, non-interlaced\012- data
Hash f5b6f4b8ad7e1df289c83dd4015f9346
0e9a048e3c348c1a6d1db5458dd4e0a0bd65cbdc
db72a946daec1766460be9d25fe0ecfb0fcf814f6378ae6de70025156e188a8a
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/ugc.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 4921
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:14 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "9c1ba4375fd81:0"
Last-Modified: Tue, 03 May 2022 16:03:00 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/03/wordpress.png
40.112.243.98200 OK 9.5 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/03/wordpress.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 232 x 53, 8-bit/color RGBA, non-interlaced\012- data
Hash a52012cb47b36f2c610afbf0481c089c
f0ff1f3feef7c6347d767e019396549ec6805882
edbf851a2253eeb712d35ee7aef31e6a6eb4218d06c7c5a66d23e6804abfc530
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/03/wordpress.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 9533
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:14 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "4c2c7a4375fd81:0"
Last-Modified: Tue, 03 May 2022 16:03:00 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/09/Microsoft-logo_rgb_c-gray.png
40.112.243.98200 OK 22 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/09/Microsoft-logo_rgb_c-gray.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 2008 x 900, 8-bit/color RGBA, non-interlaced\012- data
Hash 1082454804b77c07815c46d87d3215a8
80ae1e78a852be8c470c6b137ca54778c8a866a7
1a20b42d93191a70e774c5cc106a4a43a22865a5ccbd79f149b18c945c996696
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/09/Microsoft-logo_rgb_c-gray.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 21641
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:14 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "da99c24867ccd81:0"
Last-Modified: Mon, 19 Sep 2022 20:34:58 GMT
X-Powered-By: ASP.NET
unpkg.com/alpinejs@3.7.1/dist/cdn.min.js
104.16.123.175200 OK 44 kB URL HTTP/2 unpkg.com/alpinejs@3.7.1/dist/cdn.min.js
IP 104.16.123.175:0
File type ASCII text, with very long lines (32524)
Hash 13cde1b263cf6a8bd28bc9766c4ee4f6
3bb56d6f14741fd8db443dd114cc9ed296a8a821
4a240be4335a0c47410b2beac67068b4d4f86564c41cb3af90a0c2a82a7cfa8b
GET /alpinejs@3.7.1/dist/cdn.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 20:20:12 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"91b0-4rQh4geG7pykXp4ge/uD1c4uE6k"
via: 1.1 fly.io
fly-request-id: 01G4XF127DR67PH99Z1T9RWFXY-fra
cf-cache-status: HIT
age: 9326863
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74edbd68eb0f0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
publisher.microsoftstart.com/wp-content/uploads/2022/09/LinkedIn-Blue-21-%E2%95%ACoa%E2%95%A0eo%E2%95%A0u@2x.png
40.112.243.98200 OK 3.4 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/09/LinkedIn-Blue-21-%E2%95%ACoa%E2%95%A0eo%E2%95%A0u@2x.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 188 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash af7efbb7e6255bdce05ce27f32507be3
5bb8641c717625369c952d8a0a897e85bc5918eb
01995cd5cf94123c0c756d82405ebc3b01a121f394d7c6df89d76c51ee9209a3
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/09/LinkedIn-Blue-21-%E2%95%ACoa%E2%95%A0eo%E2%95%A0u@2x.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 3365
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:14 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "d44206962ccd81:0"
Last-Modified: Mon, 19 Sep 2022 20:00:04 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/05/GettyImages-1082460824-1-scaled.jpg
40.112.243.98200 OK 572 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/05/GettyImages-1082460824-1-scaled.jpg
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 82", baseline, precision 8, 2560x1707, components 3\012- data
Size 572 kB (571640 bytes)
Hash a4e925468e3a7bfcc8bc926c9098d6af
f488da572ae0dc302e9016fd9327fed5388a21e3
464652d92dc22ed682ff5b5746c98a88f27530469d0e94e57c162dccd8f69f59
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/05/GettyImages-1082460824-1-scaled.jpg HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 571640
Content-Type: image/jpeg
Date: Thu, 22 Sep 2022 20:20:14 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "6a171740da5fd81:0"
Last-Modified: Wed, 04 May 2022 17:13:19 GMT
X-Powered-By: ASP.NET
publisher.microsoftstart.com/wp-content/uploads/2022/05/cropped-cropped-ms-start-logo-192x192.png
40.112.243.98200 OK 34 kB URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/05/cropped-cropped-ms-start-logo-192x192.png
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash e7ecfb63d6579629fb4f08d81b23e519
a23bbccb8fd364cfde33af923e77ea26f4a98b13
813611dbc49da9f1991ae55491c8c69d2993cced366afc2220f575811433ac79
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/05/cropped-cropped-ms-start-logo-192x192.png HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p; msd365mkttr=JrgmjPSYjf4XkuBbFaWHiDUIbUeFsbKtlwiRIUGX; msd365mkttrs=CmcHg2XJ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 33980
Content-Type: image/png
Date: Thu, 22 Sep 2022 20:20:15 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "758d1e15d75fd81:0"
Last-Modified: Wed, 04 May 2022 16:50:38 GMT
X-Powered-By: ASP.NET
www.socialintents.com/api/chat/jsonGetVarsContext.jsp?wid=2c9fa0e17fcdc835017fe66108711ef8&callback=jsonCallbackchat&_=1663878012470
35.83.245.184200 OK 2.5 kB URL HTTP/2 www.socialintents.com/api/chat/jsonGetVarsContext.jsp?wid=2c9fa0e17fcdc835017fe66108711ef8&callback=jsonCallbackchat&_=1663878012470
IP 35.83.245.184:0
Hash 98a006e65e11dfe4c6c356063b835395
e00d7a0b5684d50982ec73ab764aa767d115eee9
707acd3753338bd1f642514818e667c4487aca559d4c322b8409045a4e77cbe1
GET /api/chat/jsonGetVarsContext.jsp?wid=2c9fa0e17fcdc835017fe66108711ef8&callback=jsonCallbackchat&_=1663878012470 HTTP/1.1
Host: www.socialintents.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: AWSALBCORS=o2A+6onfRVAi/4LRI90FpZcSh7mbaFZ23uZlfYBcQcNYyRrIZZaT2EcHDto5RwnBwc2GTO0spYPbAgUdsLjfze/xN03x4rZCDD+N89JAIxhRjSRbDPj5sbkqCnzA; JSESSIONID=C5430CB62843E65F00154E498490B290
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 20:20:14 GMT
content-type: text/javascript;charset=UTF-8
set-cookie: AWSALB=I2dkOtLZOLYBXPHPTsSwWX7jnUcnwpeR+9E1o+J42PfU3qoLSEMMmhMeW9K0kOyw4JDviGZI704wKeaE1gjWFD6eMwKYZAQHPMdvScIv44hd5RUS2qW1Wgj1XXb9; Expires=Thu, 29 Sep 2022 20:20:14 GMT; Path=/
AWSALBCORS=I2dkOtLZOLYBXPHPTsSwWX7jnUcnwpeR+9E1o+J42PfU3qoLSEMMmhMeW9K0kOyw4JDviGZI704wKeaE1gjWFD6eMwKYZAQHPMdvScIv44hd5RUS2qW1Wgj1XXb9; Expires=Thu, 29 Sep 2022 20:20:14 GMT; Path=/; SameSite=None; Secure
server: nginx/1.20.0
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
8b5b80ac1ce14aba811b14ed1abf8a26.svc.dynamics.com/t/c/U4FqLtRnr3B3hJ7W4kt9Wjt0ZBFDVNMF4DoYm0V5PN4/JrgmjPSYjf4XkuBbFaWHiDUIbUeFsbKtlwiRIUGX/CmcHg2XJ?trackwebsitevisited=true&ad=https%3A%2F%2Fpublisher.microsoftstart.com%2F&rf=&id=235150269&formPageIds=79b6e099-09d3-ec11-a7b6-000d3a32168a
52.159.151.194200 OK 448 kB URL HTTP/2 8b5b80ac1ce14aba811b14ed1abf8a26.svc.dynamics.com/t/c/U4FqLtRnr3B3hJ7W4kt9Wjt0ZBFDVNMF4DoYm0V5PN4/JrgmjPSYjf4XkuBbFaWHiDUIbUeFsbKtlwiRIUGX/CmcHg2XJ?trackwebsitevisited=true&ad=https%3A%2F%2Fpublisher.microsoftstart.com%2F&rf=&id=235150269&formPageIds=79b6e099-09d3-ec11-a7b6-000d3a32168a
IP 52.159.151.194:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Size 448 kB (448026 bytes)
Hash d7418cdea3cca66e206fbed937d0ce62
51e3c5c61a062d52161af3d51bac161fb2e2223e
471324fde363cc2715735e043411b46a95f43f61a9cb6a384dce92ddb2fb8cd5
GET /t/c/U4FqLtRnr3B3hJ7W4kt9Wjt0ZBFDVNMF4DoYm0V5PN4/JrgmjPSYjf4XkuBbFaWHiDUIbUeFsbKtlwiRIUGX/CmcHg2XJ?trackwebsitevisited=true&ad=https%3A%2F%2Fpublisher.microsoftstart.com%2F&rf=&id=235150269&formPageIds=79b6e099-09d3-ec11-a7b6-000d3a32168a HTTP/1.1
Host: 8b5b80ac1ce14aba811b14ed1abf8a26.svc.dynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-encoding: gzip
server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
set-cookie: 79f08280-5c63-4331-b04d-fb6f39afda51=FCWkYiruFThf1mvMR4Gw-LNPiXJ9fpYhUxg0aXqDVFg; expires=Sat, 21 Sep 2024 20:20:15 GMT; path=/; secure; httponly; SameSite=None
319af4c0-e197-4de9-8a9b-fe98c8a2ca04=FCWkYiruFThf1mvMR4Gw-LNPiXJ9fpYhUxg0aXqDVFg; path=/; secure; httponly; SameSite=None
x-activity-id: 72f7d506-7a54-4f8d-9f8e-b5963edf4da5
x-servicefabricrequestid: 2e1f75ba-c821-4214-867e-3c7170a5de16, b8d25737-17de-48b2-a00a-abda80149d97
x-ms-activity-id: 72f7d506-7a54-4f8d-9f8e-b5963edf4da5
api-deprecated: False
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 22 Sep 2022 20:20:15 GMT
X-Firefox-Spdy: h2
8b5b80ac1ce14aba811b14ed1abf8a26.svc.dynamics.com/t/lookup/52a502df-fcbf-ec11-983e-000d3a3399c6
52.159.151.194200 OK 0 B URL HTTP/2 8b5b80ac1ce14aba811b14ed1abf8a26.svc.dynamics.com/t/lookup/52a502df-fcbf-ec11-983e-000d3a3399c6
IP 52.159.151.194:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /t/lookup/52a502df-fcbf-ec11-983e-000d3a3399c6 HTTP/1.1
Host: 8b5b80ac1ce14aba811b14ed1abf8a26.svc.dynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://publisher.microsoftstart.com/
Origin: https://publisher.microsoftstart.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
x-servicefabricrequestid: b5d13182-474c-4df1-9cb7-acba54375780, 467e3588-07cd-4ce9-83a2-029be39462fe
x-ms-activity-id: d5964064-516f-414a-a649-2ce3bd9e3fcb
api-deprecated: False
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 22 Sep 2022 20:20:16 GMT
X-Firefox-Spdy: h2
8b5b80ac1ce14aba811b14ed1abf8a26.svc.dynamics.com/f/m/79b6e099-09d3-ec11-a7b6-000d3a32168a/id/72f7d506-7a54-4f8d-9f8e-b5963edf4da5
52.159.151.194200 OK 0 B URL HTTP/2 8b5b80ac1ce14aba811b14ed1abf8a26.svc.dynamics.com/f/m/79b6e099-09d3-ec11-a7b6-000d3a32168a/id/72f7d506-7a54-4f8d-9f8e-b5963edf4da5
IP 52.159.151.194:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /f/m/79b6e099-09d3-ec11-a7b6-000d3a32168a/id/72f7d506-7a54-4f8d-9f8e-b5963edf4da5 HTTP/1.1
Host: 8b5b80ac1ce14aba811b14ed1abf8a26.svc.dynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 3832
Origin: https://publisher.microsoftstart.com
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
vary: Origin
server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
access-control-allow-origin: https://publisher.microsoftstart.com
x-activity-id: 250b49bf-edce-469c-97d1-75f1ccbb0400
x-servicefabricrequestid: 5806cf0d-0281-4376-b04b-83bbab0d21a2, 417bb1ce-adfb-4b3a-b5ab-fa758c56f6cd
x-ms-activity-id: 250b49bf-edce-469c-97d1-75f1ccbb0400
api-deprecated: False
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 22 Sep 2022 20:20:16 GMT
X-Firefox-Spdy: h2
8b5b80ac1ce14aba811b14ed1abf8a26.svc.dynamics.com/t/lookup/52a502df-fcbf-ec11-983e-000d3a3399c6
52.159.151.194200 OK 1.1 kB URL HTTP/2 8b5b80ac1ce14aba811b14ed1abf8a26.svc.dynamics.com/t/lookup/52a502df-fcbf-ec11-983e-000d3a3399c6
IP 52.159.151.194:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (1102), with no line terminators
Hash 42f58d63db36f959758370fdeab26fa9
c3f5853f1e252b0aca3f4681a03262cfa074910b
a46e88a5e99f414c1c4d6e481c85527e7528a4a14a04074596b62da1e6ba3c10
POST /t/lookup/52a502df-fcbf-ec11-983e-000d3a3399c6 HTTP/1.1
Host: 8b5b80ac1ce14aba811b14ed1abf8a26.svc.dynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Content-Length: 45
Origin: https://publisher.microsoftstart.com
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 1102
content-type: application/json; charset=utf-8
server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
access-control-allow-origin: *
x-activity-id: fc7cea13-4a6a-40a5-8cf6-95add13c3900
x-servicefabricrequestid: 5938daca-1ec0-4165-b2c5-d71893ae3a90, 35e569a6-54a3-4d94-9061-efb2d867bc8d
x-ms-activity-id: fc7cea13-4a6a-40a5-8cf6-95add13c3900
api-deprecated: False
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 22 Sep 2022 20:20:16 GMT
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2f739db-1c27-4929-8aff-997c0f66b2ed.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2f739db-1c27-4929-8aff-997c0f66b2ed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a5edcd9aee78a6cacc9241b47cbce598
f95b843029e84dbb188427a8c2ff8c9f32740465
6a56c3d0eb1d641e565d3d7d31b42be03bdad30beb20b994ffc9a6f2aaceee1e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2f739db-1c27-4929-8aff-997c0f66b2ed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5650
x-amzn-requestid: 6badb939-afe6-4432-a0ad-3a2b7f85a7e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1G-rFbuIAMFTeA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b852a-3e9ac3331503b41d5e734a01;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:42:02 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: PeFdtN-ow0NE39XAV9pCHX9VSno5L9z56rg-T6Bd1fks7f1ESDDzWA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:48:27 GMT
etag: "f95b843029e84dbb188427a8c2ff8c9f32740465"
content-type: image/jpeg
age: 81112
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.socialintents.com/api/socialintents.1.3.js
35.83.245.184200 OK 0 B URL HTTP/2 www.socialintents.com/api/socialintents.1.3.js
IP 35.83.245.184:0
GET /api/socialintents.1.3.js HTTP/1.1
Host: www.socialintents.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 20:20:12 GMT
content-type: application/javascript
set-cookie: AWSALB=EYFOULIKUUQVwF8mSCLfTfX08WnORpWeqUYNr0RbJXaBIwrZ5oUE0+b4vIkiTKDQqS7ljCKGxhg129I4jOu8xqby7PJnSWjbGd1wg0FsVXltha7OahBlFjQiIo2s; Expires=Thu, 29 Sep 2022 20:20:12 GMT; Path=/
AWSALBCORS=EYFOULIKUUQVwF8mSCLfTfX08WnORpWeqUYNr0RbJXaBIwrZ5oUE0+b4vIkiTKDQqS7ljCKGxhg129I4jOu8xqby7PJnSWjbGd1wg0FsVXltha7OahBlFjQiIo2s; Expires=Thu, 29 Sep 2022 20:20:12 GMT; Path=/; SameSite=None; Secure
server: nginx/1.20.0
access-control-allow-origin: *
etag: W/"5483-1663171380000"
last-modified: Wed, 14 Sep 2022 16:03:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
www.socialintents.com/api/chat/socialintents.1.3.js
35.83.245.184200 OK 0 B URL HTTP/2 www.socialintents.com/api/chat/socialintents.1.3.js
IP 35.83.245.184:0
GET /api/chat/socialintents.1.3.js HTTP/1.1
Host: www.socialintents.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: AWSALBCORS=KZuxQ5W5NTMcXFZFZq86rUQkibldhsc07p4z6BxyuKJOthtmyaHWBZq9fu7LcpVDD/DwhGBIScCjJvjc3kWL9+F29FIz40oLXYzB9wtvBFCelNN7F+ihlfsNDClF; JSESSIONID=C5430CB62843E65F00154E498490B290
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 20:20:13 GMT
content-type: application/javascript
set-cookie: AWSALB=GKbCZbchsHsxK1/2zd1NoG7BeUppjQ38V8fUQjdIHhwlajEqsNpL32U61WaXYac0yLsTO6nrw2QsIkyWnTIOh81e8RI0U+K8u1feSqtZs5lKJcKg6qNNTZvN3eMC; Expires=Thu, 29 Sep 2022 20:20:13 GMT; Path=/
AWSALBCORS=GKbCZbchsHsxK1/2zd1NoG7BeUppjQ38V8fUQjdIHhwlajEqsNpL32U61WaXYac0yLsTO6nrw2QsIkyWnTIOh81e8RI0U+K8u1feSqtZs5lKJcKg6qNNTZvN3eMC; Expires=Thu, 29 Sep 2022 20:20:13 GMT; Path=/; SameSite=None; Secure
server: nginx/1.20.0
access-control-allow-origin: *
etag: W/"8854-1663171380000"
last-modified: Wed, 14 Sep 2022 16:03:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
www.socialintents.com/api/chat/ping.jsp?wid=2c9fa0e17fcdc835017fe66108711ef8&p=https%3A%2F%2Fpublisher.microsoftstart.com%2F&t=1663878014815&cvid=null&uid=1663878014815&callback=jsonCallbackchat&_=1663878012471
35.83.245.184200 OK 0 B URL HTTP/2 www.socialintents.com/api/chat/ping.jsp?wid=2c9fa0e17fcdc835017fe66108711ef8&p=https%3A%2F%2Fpublisher.microsoftstart.com%2F&t=1663878014815&cvid=null&uid=1663878014815&callback=jsonCallbackchat&_=1663878012471
IP 35.83.245.184:0
GET /api/chat/ping.jsp?wid=2c9fa0e17fcdc835017fe66108711ef8&p=https%3A%2F%2Fpublisher.microsoftstart.com%2F&t=1663878014815&cvid=null&uid=1663878014815&callback=jsonCallbackchat&_=1663878012471 HTTP/1.1
Host: www.socialintents.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: AWSALBCORS=lxdP5L9NIwqLtdc6UCI7sVJtlF56tZd4hTUwWaaqIC9Gzj6U2+JAp075JYUIlqiuGOi1P6VtYd3u1RGbLdvVn/6Jh2sEgr0jTamT2oWdsO/vn8VXvi5jMGVIANja; JSESSIONID=C5430CB62843E65F00154E498490B290
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 20:20:15 GMT
content-type: text/javascript;charset=UTF-8
set-cookie: AWSALB=MCXFduBm9sjX/MXjyc79S0d8gywD8U07ECqSApriiRtICiYGUqc4uBV4RugeRGFmWj0/YNLPjc2mVzY1XU8LaS91MMKgMmQEgPFsN2OXMP4TnnxONELsqI7AHVF9; Expires=Thu, 29 Sep 2022 20:20:15 GMT; Path=/
AWSALBCORS=MCXFduBm9sjX/MXjyc79S0d8gywD8U07ECqSApriiRtICiYGUqc4uBV4RugeRGFmWj0/YNLPjc2mVzY1XU8LaS91MMKgMmQEgPFsN2OXMP4TnnxONELsqI7AHVF9; Expires=Thu, 29 Sep 2022 20:20:15 GMT; Path=/; SameSite=None; Secure
server: nginx/1.20.0
content-encoding: gzip
X-Firefox-Spdy: h2
publisher.microsoftstart.com/wp-content/uploads/2022/05/GettyImages-86373959-scaled.jpg
40.112.243.98200 OK 0 B URL HTTP/1.1 publisher.microsoftstart.com/wp-content/uploads/2022/05/GettyImages-86373959-scaled.jpg
IP 40.112.243.98:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Analyzer Verdict Alert openphish Office365
GET /wp-content/uploads/2022/05/GettyImages-86373959-scaled.jpg HTTP/1.1
Host: publisher.microsoftstart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: PHPSESSID=r8g6a4o916fp1jgi4tr9p53r4p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 431883
Content-Type: image/jpeg
Date: Thu, 22 Sep 2022 20:20:14 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "ec3bfa25f5fd81:0"
Last-Modified: Wed, 04 May 2022 02:35:35 GMT
X-Powered-By: ASP.NET
www.socialintents.com/api/chat/siwidget.1.3.js
35.83.245.184200 OK 0 B URL HTTP/2 www.socialintents.com/api/chat/siwidget.1.3.js
IP 35.83.245.184:0
GET /api/chat/siwidget.1.3.js HTTP/1.1
Host: www.socialintents.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: AWSALBCORS=I2dkOtLZOLYBXPHPTsSwWX7jnUcnwpeR+9E1o+J42PfU3qoLSEMMmhMeW9K0kOyw4JDviGZI704wKeaE1gjWFD6eMwKYZAQHPMdvScIv44hd5RUS2qW1Wgj1XXb9; JSESSIONID=C5430CB62843E65F00154E498490B290
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 20:20:15 GMT
content-type: application/javascript
set-cookie: AWSALB=lxdP5L9NIwqLtdc6UCI7sVJtlF56tZd4hTUwWaaqIC9Gzj6U2+JAp075JYUIlqiuGOi1P6VtYd3u1RGbLdvVn/6Jh2sEgr0jTamT2oWdsO/vn8VXvi5jMGVIANja; Expires=Thu, 29 Sep 2022 20:20:15 GMT; Path=/
AWSALBCORS=lxdP5L9NIwqLtdc6UCI7sVJtlF56tZd4hTUwWaaqIC9Gzj6U2+JAp075JYUIlqiuGOi1P6VtYd3u1RGbLdvVn/6Jh2sEgr0jTamT2oWdsO/vn8VXvi5jMGVIANja; Expires=Thu, 29 Sep 2022 20:20:15 GMT; Path=/; SameSite=None; Secure
server: nginx/1.20.0
access-control-allow-origin: *
etag: W/"63635-1663171380000"
last-modified: Wed, 14 Sep 2022 16:03:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:100
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:100
IP 142.250.74.10:0
GET /css?family=Montserrat:100 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 22 Sep 2022 20:20:12 GMT
date: Thu, 22 Sep 2022 20:20:12 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.socialintents.com/api/chat/ping.jsp?wid=2c9fa0e17fcdc835017fe66108711ef8&p=https%3A%2F%2Fpublisher.microsoftstart.com%2F&t=1663878014830&cvid=null&uid=1663878014815&callback=jsonCallbackchat&_=1663878012472
35.83.245.184200 OK 0 B URL HTTP/2 www.socialintents.com/api/chat/ping.jsp?wid=2c9fa0e17fcdc835017fe66108711ef8&p=https%3A%2F%2Fpublisher.microsoftstart.com%2F&t=1663878014830&cvid=null&uid=1663878014815&callback=jsonCallbackchat&_=1663878012472
IP 35.83.245.184:0
GET /api/chat/ping.jsp?wid=2c9fa0e17fcdc835017fe66108711ef8&p=https%3A%2F%2Fpublisher.microsoftstart.com%2F&t=1663878014830&cvid=null&uid=1663878014815&callback=jsonCallbackchat&_=1663878012472 HTTP/1.1
Host: www.socialintents.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publisher.microsoftstart.com/
Cookie: AWSALBCORS=lxdP5L9NIwqLtdc6UCI7sVJtlF56tZd4hTUwWaaqIC9Gzj6U2+JAp075JYUIlqiuGOi1P6VtYd3u1RGbLdvVn/6Jh2sEgr0jTamT2oWdsO/vn8VXvi5jMGVIANja; JSESSIONID=C5430CB62843E65F00154E498490B290
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 20:20:15 GMT
content-type: text/javascript;charset=UTF-8
set-cookie: AWSALB=3BQY/SDQAPHQEOkm08Uf9Kp1UGsF21N6RPWx2TnBWRqYw2F7NcfuC3o/C8Wk1fr+VjrTFYIHyiJsZW0vvQo14dOQFuQiGR4Uue+6LXMsCUZrezxA/wItimVM0x3z; Expires=Thu, 29 Sep 2022 20:20:15 GMT; Path=/
AWSALBCORS=3BQY/SDQAPHQEOkm08Uf9Kp1UGsF21N6RPWx2TnBWRqYw2F7NcfuC3o/C8Wk1fr+VjrTFYIHyiJsZW0vvQo14dOQFuQiGR4Uue+6LXMsCUZrezxA/wItimVM0x3z; Expires=Thu, 29 Sep 2022 20:20:15 GMT; Path=/; SameSite=None; Secure
server: nginx/1.20.0
content-encoding: gzip
X-Firefox-Spdy: h2