r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11248
Expires: Tue, 28 Mar 2023 19:01:05 GMT
Date: Tue, 28 Mar 2023 15:53:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7903
Expires: Tue, 28 Mar 2023 18:05:20 GMT
Date: Tue, 28 Mar 2023 15:53:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5ad3eec59bebbf969f175627757507c1
b176af3a70db378c9e1f219bab24d9d446070d6f
704fa284035b4c9aa487331b516f5f11c324e204756ae2503bad2606ed34f25e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "704FA284035B4C9AA487331B516F5F11C324E204756AE2503BAD2606ED34F25E"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5808
Expires: Tue, 28 Mar 2023 17:30:25 GMT
Date: Tue, 28 Mar 2023 15:53:37 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 29fdbcd53b5646cfcdd46510063734c4
85e3ceda5ef130219f4fe8a31e52e2690c8f7d8e
24c27586332c016685e6231fec5836e921048d8aaefbcd4cd6f88969f9d91e18
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 28 Mar 2023 15:15:51 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2266
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: VueAGBunOJgZerZmflUTIX7/aSD7bPT88f9tg2rvvu4R7gp/AkfaZ8XFQVOQp/ZINgT3VwdrrFI=
x-amz-request-id: 368YVZ9XBA42666Q
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 28 Mar 2023 14:56:15 GMT
age: 3442
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
143.198.232.196/tj6/index.php
143.198.232.196200 OK 813 B URL HTTP/1.1 143.198.232.196/tj6/index.php
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash fc5ea794f4e6647a495200c6e5d86061
b3247eff7ee8a08c20fb46e88143f392b4bfe951
29135cd98e2222dde05a6ebda4a55d78570e7876fa2b66888a0a92c7e2c5a660
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/index.php HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:36 GMT
Server: Apache/2.4.52 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 813
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 15:53:37 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
143.198.232.196200 OK 6.7 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (422), with CRLF line terminators
Hash f9537a3b9b29a7962d31bcc11c9d9e72
498fda4a22cfd72fc32ab270c11136f1ca671587
6607a91be6c06f5f1130547174169499d7fc2cb61c2fe69edcd589abed339a5e
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/index.html HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/index.php
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:41 GMT
ETag: "5295-5f7f7b94b0cea-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6724
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7e2d8156baac12231cc9cbfdefedacf1
62384d8842fb5b560ac39636bb519953e22dc664
ee4dbd79fc1569ab6ae0ea7b90b4b7d8dbb846296cf7fc68b24be78b7b95993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 28 Mar 2023 15:53:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Length, Backoff, Content-Type, Last-Modified, Pragma, Alert, ETag, Retry-After, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 28 Mar 2023 15:14:36 GMT
cache-control: public,max-age=3600
age: 2341
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/styles.css
143.198.232.196200 OK 1.8 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/styles.css
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, ASCII text, with CRLF line terminators
Hash 671fb60364cc19bd6fa5eeb5fde90766
a58d30bbedc7fc9759ee760531b33281ad86ad46
2a8bce10db8a8f2ef69b5dbfa03d634628bd851159c63c1ddb78749ed4834bce
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/styles.css HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:41 GMT
ETag: "1938-5f7f7b9557e20-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1842
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
143.198.232.196/tj6/9chrmx0973xu9x08x/chat.css
143.198.232.196200 OK 1.9 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/chat.css
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, ASCII text, with CRLF line terminators
Hash a414a61aa76cf470454c59eb61953e6d
e0532f2bf0344fbf2ee434fdd8f5c123aa33873c
e00dd91658bf458e94a3f9a3673e3b585901e990c6539de11c6e7ebf6a206db1
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/chat.css HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:44 GMT
ETag: "206a-5f7f7b975cbe2-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1873
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
143.198.232.196/tj6/9chrmx0973xu9x08x/scripts.js
143.198.232.196200 OK 873 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/scripts.js
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Hash 0f0a223eb69c7e24a06cfa959e4f603c
618fb94f27a5a089ca107965cba835f3fc75fe12
eff65cbde09165cbc3adf0bb9104ed2bcf08fd41272fdc919b7ddb7635df9472
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/scripts.js HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:43 GMT
ETag: "1cd3-5f7f7b96f9156-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 873
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 76a0aba3ddb470751c690f5a725159f2
8cb789e8e0dfa336270700ef1e607173f2aee6cd
e76de476654125a06994065d66e30c6fb6c354d0f67fd4e31a3f78679e2bfdcb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E76DE476654125A06994065D66E30C6FB6C354D0F67FD4E31A3F78679E2BFDCB"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6178
Expires: Tue, 28 Mar 2023 17:36:35 GMT
Date: Tue, 28 Mar 2023 15:53:37 GMT
Connection: keep-alive
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
104.18.10.207200 OK 17 kB URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
IP 104.18.10.207:0
File type ASCII text, with very long lines (59765)
Hash 4315f0dfa2cf3af0ba85624a3598be72
062305e47d11df95e247db80ec46e12815bb8d21
260a344f2bfcca8326ea32ead7239d5b7f1436d0642a8507a259acf5d5e7460e
GET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://143.198.232.196
Connection: keep-alive
Referer: http://143.198.232.196/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 15:53:37 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"02d223393e00c273efdcb1ade8f4f8b1"
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
cdn-cachedat: 01/05/2023 11:07:49
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-edgestorageid: 1080
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 91c45f582e37356a01d15a3f3404569a
cdn-cache: HIT
cf-cache-status: HIT
age: 254
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7af10c09789fb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
support.microsoft.com/
2.18.172.114301 Moved Permanently 6.2 kB IP 2.18.172.114:0
Hash 9b22d713158410ffea80f62b42269127
3a8152765c9fedd7c861ec64ba5a59ee431b6fb7
8af1fd71833ee70e8f04617b4b158da865b1a4ff887204efdf16569597ad435d
GET / HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.232.196/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-length: 0
server: Kestrel
location: https://support.microsoft.com/en-US
request-context: appId=
x-correlationid: 0HMPF0GD45CFB:0000003B
x-operationid: 0f2445236a19e59a29d830f47b730600
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Tue, 28 Mar 2023 15:53:37 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 28 Mar 2023 15:53:37 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/mic.png
143.198.232.196200 OK 194 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/mic.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash df0a213a8bc598e53c8513b360fc910e
b8cb3eac6254ced5dcf57beecf3758a4a9bc8c26
c6ea65b06c0f199ee8073ae19b9909fa004de0bc3d5c9d6402693e14e0ae979f
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/mic.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:48 GMT
ETag: "c2-5f7f7b9bb9830"
Accept-Ranges: bytes
Content-Length: 194
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/cross.svg
143.198.232.196200 OK 586 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/cross.svg
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , Unicode text, UTF-8 text, with very long lines (584), with no line terminators
Hash bc1f7dd210381c4c10bd93c4bccdc587
76d3599df283231936edf5b2a31d15e8e76c22dd
50dc14b3d1fdd6aeeb9f2ca92062357bacecbf8f05992346ffe4178fd81ff68c
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/cross.svg HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:46 GMT
ETag: "24a-5f7f7b9a136d0"
Accept-Ranges: bytes
Content-Length: 586
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
143.198.232.196/tj6/9chrmx0973xu9x08x/Z5BR-network.png
143.198.232.196200 OK 607 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/Z5BR-network.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 63 x 70, 8-bit colormap, non-interlaced\012- data
Hash 2cd03a547f00cad010f9038619df45de
912f919836a77a514c76b990aceaf5e930a24024
c56a8ae4818963e0d71eda4ebf46b4f2cdd3a238537dc8e99711fb690d272a73
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/Z5BR-network.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:40 GMT
ETag: "25f-5f7f7b9400f02"
Accept-Ranges: bytes
Content-Length: 607
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/kxFy-clip.png
143.198.232.196200 OK 542 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/kxFy-clip.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 66 x 68, 8-bit colormap, non-interlaced\012- data
Hash 0e9558d2d6e8000ce5c6c749c8fc67c2
f7ba9490807ef70bb6195150d6287cd54b7fefd0
91fb42a68a122344fd78cfd5f0cf9d06ff6d307fd4a5c68f40231c5950ece9a1
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/kxFy-clip.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:47 GMT
ETag: "21e-5f7f7b9b02cda"
Accept-Ranges: bytes
Content-Length: 542
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/qsbs-firewall.png
143.198.232.196200 OK 920 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/qsbs-firewall.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 77 x 63, 8-bit colormap, non-interlaced\012- data
Hash b0495ede4c875843fec037c794e9ff9a
c813aefba255a5cc53aea7811f987ccb551c3128
52b762d47c066e16300675d56cc359b504ffd3239438c96eb973864311bb7b79
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/qsbs-firewall.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:42 GMT
ETag: "398-5f7f7b95b2bfa"
Accept-Ranges: bytes
Content-Length: 920
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
support.microsoft.com/en-US
2.18.172.114200 OK 24 kB URL HTTP/2 support.microsoft.com/en-US
IP 2.18.172.114:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1478), with CRLF, LF line terminators
Hash 90f4e871b1eb92fc832948b679ed8198
ba7f873f6b2b3cd9aa44a7fda32434ba96dc2ae9
5a7f061be7a2e1c6fc130c7457dfd22a443450138699dee49dd5cd84f5a4eed9
GET /en-US HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://143.198.232.196/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: Kestrel
request-context: appId=
x-correlationid: 0HMPF0GD45CFB:0000003C
x-operationid: e74701818eea849300039d4159960f08
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-encoding: gzip
expires: Tue, 28 Mar 2023 15:53:37 GMT
cache-control: max-age=0, no-cache, private
pragma: no-cache
date: Tue, 28 Mar 2023 15:53:37 GMT
content-length: 23901
strict-transport-security: max-age=86400 ; includeSubDomains
set-cookie: EXPID=3347d793-727f-43a3-993f-3bcac16363ad; max-age=31536000; path=/; secure; samesite=none
ak_bmsc=C05C5898F59D3649BDC421E35925253A~000000000000000000000000000000~YAAQZQplX3lBqhSHAQAAvcPsKBN19X/+oqNgEMBak66MsWoyGFJPtcU2ylLTqeeBCes8FjTX5oRSBHJlTEAHhXZ8N2quThQyftwqlT9KT9eC0i7/XEvPJfOQe8iMJvfbOe7Z/YkMw6JW8HmXnmMm04ZsuqYpxLcxmhBU2EGQWFWtL9PwtVlAw2I64frihaSKiWwReMjRAiD5p0Q2wnSnqkh9xnB8C8lCRsz86yP/gKMDO0Yp9fOnTDYCEl6f8ulLwKWfZ/huF0mFqUc9UwTj0/zZ10LuZJZCZkOWMnNae4RKiyq1FaWh+/p48zyhHVdYf2mZqlLuKK8AnqWBPmwgWhUrrYxh4DMRBF7BRy+sezCNj6kcTZGDQHKjOFjgwoN1NEVtqeir+yXemMe5; Domain=.microsoft.com; Path=/; Expires=Tue, 28 Mar 2023 17:53:37 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
support.microsoft.com/css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U
2.18.172.114200 OK 1.3 kB URL HTTP/2 support.microsoft.com/css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U
IP 2.18.172.114:0
File type ASCII text, with very long lines (4873), with no line terminators
Hash 980d2f51140df4a6347102960ceb0282
9225687f02246a11e61f9b2e4602e43368ae4839
88658b7776899cac32aae184f9e8ce8707c2fd00827844f1fb24661d4cca1cb8
GET /css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d93cd346ef7089"
last-modified: Thu, 09 Feb 2023 22:10:11 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATABNE1H1:00000002
x-operationid: b6aaf70cde0425da4903e5fb37a673c4
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1277
cache-control: private, max-age=28527582
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
2.18.172.114200 OK 1.1 kB URL HTTP/2 support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
IP 2.18.172.114:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (2867), with no line terminators
Hash 6477e3936b0e197b65cc1ff23763e340
096188c0ef95054d95c5dafe755df0106428c0b1
2056691cd1dcca7ad51f6c386f8c7baa4954a164b9b10d41a668910a8e91b854
GET /css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d946ecac3c4438"
last-modified: Wed, 22 Feb 2023 18:37:10 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOL0GAVE0JM:00000002
x-operationid: a787865460805e45a4ed6a8d8eb3b741
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1096
cache-control: private, max-age=28693337
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=YGV57BU430a7ZsW5KMqnuRyMdbmYgAZw1My61NVoXnI
2.18.172.114200 OK 457 B URL HTTP/2 support.microsoft.com/css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=YGV57BU430a7ZsW5KMqnuRyMdbmYgAZw1My61NVoXnI
IP 2.18.172.114:0
File type ASCII text, with very long lines (1176), with no line terminators
Hash aa795408c331dfaffab3545718661469
135fdb999daec028f2e75b0f8c04903a77312efd
67672916726b635cbb6ef236ca23f4ebf9d457a15c32bdeaf0cf57333d3bfc09
GET /css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=YGV57BU430a7ZsW5KMqnuRyMdbmYgAZw1My61NVoXnI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd3d8f76898"
last-modified: Thu, 09 Feb 2023 22:14:16 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATD2K46LS:00000003
x-operationid: 4e1e65f9a5dcbd438d51ed8ee235d2e6
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 457
cache-control: private, max-age=28534402
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI
2.18.172.114200 OK 219 kB URL HTTP/2 support.microsoft.com/lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI
IP 2.18.172.114:0
File type ASCII text, with very long lines (65460)
Size 219 kB (218885 bytes)
Hash cc521a7256e94d43df24fc6ccf1cabc9
783de4bf06ccd26af4eb56f6d8a7473a551c3135
0e379b6c1a7940b9d0cb6277c2b30e71e228bdc4f80417e785dd1b54ce122662
GET /lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d960ed04e0139f"
last-modified: Mon, 27 Mar 2023 20:45:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPF0HDN66BU:00000002
x-operationid: d540b1c7e70b53a8db1984134d65885c
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 218885
cache-control: private, max-age=50
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM
2.18.172.114200 OK 370 B URL HTTP/2 support.microsoft.com/js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM
IP 2.18.172.114:0
File type ASCII text, with CRLF line terminators
Hash 5590a7dc56b6f43b99568fe62e2d03cf
f2923af0b22bd272acbbcd68958a7df4169ec703
f594937c23c9154cc20ef4522bebb8ac61cae53824ad6e02660c381b396b952d
GET /js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd346ef60aa"
last-modified: Thu, 09 Feb 2023 22:10:11 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATABNE7TR:00000005
x-operationid: 51607aea3d1cb3147dd5e10983c20ef3
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 370
cache-control: private, max-age=28534753
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/Support.Main.min.js?v=W8dFf-_6LsYeYnFrrDAnlly_2cW523R5VJTM1vuKsW4
2.18.172.114200 OK 22 kB URL HTTP/2 support.microsoft.com/js/Support.Main.min.js?v=W8dFf-_6LsYeYnFrrDAnlly_2cW523R5VJTM1vuKsW4
IP 2.18.172.114:0
File type Unicode text, UTF-8 text, with very long lines (58115)
Hash 346042724064663e4703eb878a76f2e8
5be94cfbbba4d5605cf855c2d533f7052c0941ea
31248879913e4176107880394c4a89e17321203e33227f3c46ceeb61e2d63eaf
GET /js/Support.Main.min.js?v=W8dFf-_6LsYeYnFrrDAnlly_2cW523R5VJTM1vuKsW4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d93cd3d990e1b6"
last-modified: Thu, 09 Feb 2023 22:14:17 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATD2K44N1:00000008
x-operationid: db6acdf5015599ddcb8586ddf0df78c4
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 22335
cache-control: private, max-age=28531856
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w
2.18.172.114200 OK 5.7 kB URL HTTP/2 support.microsoft.com/js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w
IP 2.18.172.114:0
File type ASCII text, with CRLF line terminators
Hash 1a5373f3c18d893ea7793c15e7823b4b
dfa62d27a25503bd56b9da0f5b8e4eece4dc4af6
4877b869b10a33d65ec3fb27064a62177222171abdf5c635d709cdc63677202b
GET /js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d93cd42c69ee47"
last-modified: Thu, 09 Feb 2023 22:16:36 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATE6LP715:00000003
x-operationid: b9c892bd5daa72879e796e66ae1f8bb4
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 5700
cache-control: private, max-age=28531767
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4
2.18.172.114200 OK 1.9 kB URL HTTP/2 support.microsoft.com/js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4
IP 2.18.172.114:0
File type ASCII text, with very long lines (6261)
Hash d860a5eba2cb21a350c6b002a30b03de
a4514156fbd14905578dd4441bc6a1c51eb8162d
379799b97d2437e7280a8d952fe80856341c6deb95c2c0fe5f9ce4a453bd57d9
GET /js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd345be2e2a"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATAF6QE2N:00000004
x-operationid: 0c33f4345f817b6f011038a201c6071e
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1876
cache-control: private, max-age=28534889
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/RememberedAccounts.Main.min.js?v=1Mc30Yfs6TsuKFz2OgKMJvnlXrjLh2JDVdhGC713IDI
2.18.172.114200 OK 1.5 kB URL HTTP/2 support.microsoft.com/js/RememberedAccounts.Main.min.js?v=1Mc30Yfs6TsuKFz2OgKMJvnlXrjLh2JDVdhGC713IDI
IP 2.18.172.114:0
File type ASCII text, with very long lines (3210)
Hash abacf605817f7bb1f2245546c860c307
0192c687a50e29983a911f4c1f917b257f73040a
ce3d44e3442ce64875ff8694a31a156fd1f65c0e230223c51a362620b40304f2
GET /js/RememberedAccounts.Main.min.js?v=1Mc30Yfs6TsuKFz2OgKMJvnlXrjLh2JDVdhGC713IDI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95c211af3cac2"
last-modified: Tue, 21 Mar 2023 18:15:24 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPA72L3N5K5:00000004
x-operationid: 73c91fd003c67fabf203dd1a02f11a18
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1507
cache-control: private, max-age=31025589
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/MeControlCallout.Main.min.js?v=z8A9eaXPs1zFIC_swsevu3o3DKi6YuzedODbJugVTXM
2.18.172.114200 OK 1.4 kB URL HTTP/2 support.microsoft.com/js/MeControlCallout.Main.min.js?v=z8A9eaXPs1zFIC_swsevu3o3DKi6YuzedODbJugVTXM
IP 2.18.172.114:0
File type ASCII text, with very long lines (3103)
Hash b07d3f6fdb6a8fb7b089fab2824977dd
0249397d04d129b62e78062ed998ced6a985cf2d
39b9721fc16771b8ce8d75a439b3ff461871a10a612a52752afea1316a8981d9
GET /js/MeControlCallout.Main.min.js?v=z8A9eaXPs1zFIC_swsevu3o3DKi6YuzedODbJugVTXM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fc6deb55"
last-modified: Thu, 09 Feb 2023 22:08:06 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9HC2Q1K:00000005
x-operationid: 76d8dcd77a3516abcc1e065f2e041877
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1364
cache-control: private, max-age=28534936
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM
2.18.172.114200 OK 75 kB URL HTTP/2 support.microsoft.com/js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM
IP 2.18.172.114:0
File type Unicode text, UTF-8 text, with very long lines (65454)
Hash 905e4956b0ee0ce4dacb9d8d6aa748b6
4be710784f7df01c5d86dfb68ede898a82554b06
96be4a840515cb727871c66b3c40195b19b089cb6631040f6829984682af64ae
GET /js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d94c908da8eb8a"
last-modified: Wed, 01 Mar 2023 22:52:52 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOQL02L0OMJ:00000002
x-operationid: 5b8b5494cf9f7a6fc6840973a3afbd03
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 75066
cache-control: private, max-age=29644450
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
95.101.11.74200 OK 4.1 kB URL HTTP/2 img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
IP 95.101.11.74:0
ASN #20940 Akamai International B.V.
File type PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f14c20150a003d7ce4de57c298f0fba
daa53cf17cc45878a1b153f3c3bf47dc9669d78f
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
GET /cms/api/am/imageFileData/RE1Mu3b?ver=5c31 HTTP/1.1
Host: img-prod-cms-rt-microsoft-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 4054
content-type: image/png
access-control-allow-origin: *
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
last-modified: Tue, 21 Mar 2023 21:28:45 GMT
x-source-length: 4054
x-datacenter: northeu
x-activityid: 60ae8c31-b81c-4a60-a78d-f0f73ed25c40
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
cache-control: public, max-age=236556
expires: Fri, 31 Mar 2023 09:36:14 GMT
date: Tue, 28 Mar 2023 15:53:38 GMT
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/uZbx-si.png
143.198.232.196200 OK 5.4 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/uZbx-si.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 42 x 702, 8-bit grayscale, non-interlaced\012- data
Hash 51147eb9734c3c0caf22aa77a80d96f0
dc33807cd0c0c35bb98d8e23efe2d625137a43f5
92d8510869b3d581401a93130fa72e4b54c5bf28dc8005994c5248d9afbfc37b
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/uZbx-si.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:44 GMT
ETag: "1501-5f7f7b982509c"
Accept-Ranges: bytes
Content-Length: 5377
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/microsoft.png
143.198.232.196200 OK 1.0 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/microsoft.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/microsoft.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:42 GMT
ETag: "415-5f7f7b9600e9a"
Accept-Ranges: bytes
Content-Length: 1045
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/s-S4-acc.png
143.198.232.196200 OK 813 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/s-S4-acc.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 77 x 72, 8-bit colormap, non-interlaced\012- data
Hash d648c1837d01495eccd63e053491f72a
991d8f6c72777239472410d6129fd5f25ed9d134
9edbf56b360080f5d6765dce77353b8130e9f8316ad34c68f6c2792cdc446321
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/s-S4-acc.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:47 GMT
ETag: "32d-5f7f7b9ab88c2"
Accept-Ranges: bytes
Content-Length: 813
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/nOxp-sett.png
143.198.232.196200 OK 463 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/nOxp-sett.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 33 x 31, 8-bit colormap, non-interlaced\012- data
Hash 905d91c276116928fa306ea732723fa9
092604f6a8786e46a7dee06065d29d2896fcf568
9cffd13c2ce05ebe032709a88fa59504e1218a12b175ec40d5aab280c18be51e
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/nOxp-sett.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:43 GMT
ETag: "1cf-5f7f7b966b694"
Accept-Ranges: bytes
Content-Length: 463
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
support.microsoft.com/SocContent/articleCss
2.18.172.114200 OK 18 kB URL HTTP/2 support.microsoft.com/SocContent/articleCss
IP 2.18.172.114:0
File type Unicode text, UTF-8 text, with very long lines (65518), with no line terminators
Hash eb4cf7babe624ca5751ffc0bd0029da7
d9014486ade1ac5c32014c707acc93b0eb51d0b4
3f66a84c6c0db43726cd535a95616bf062cc999f9d872768cfe5cf20e3452657
GET /SocContent/articleCss HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 28 Mar 2023 15:53:38 GMT
x-correlationid: c0a065d1-ec50-44d6-ac78-538b1e20b518
x-usersessionid: c0a065d1-ec50-44d6-ac78-538b1e20b518
x-officefe: OdcSupFrontEnd_IN_0
x-officeversion: 16.0.16322.42701
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=31535943
expires: Wed, 27 Mar 2024 15:52:41 GMT
date: Tue, 28 Mar 2023 15:53:38 GMT
content-length: 17812
set-cookie: EXPID=a81ef1e6-6260-4b44-9353-6e470e192578; expires=Thu, 28-Mar-2024 15:53:38 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231
2.18.173.151200 OK 23 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231
IP 2.18.173.151:0
File type Unicode text, UTF-8 text, with very long lines (64241)
Hash 09800dff9a5770bdc368ae73ec89b229
52864194fec1b7fa70ba6e8bda68f0d8f27b21d1
d981d06eaec00bf7feef2b5dc799c3b50332ee867b8048109d45cb6a97e52557
GET /onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 13 Dec 2022 20:44:18 GMT
x-activity-id: e0ba9742-9e0a-46e2-9ac8-f1af67b30f54
x-appversion: 1.0.8349.33967
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-11-11T02:52:14.0000000Z}
ms-operation-id: de38bdd2a32ec64d9a993e889dba99e3
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-12-13T20:44:18
x-s2: 2022-12-13T20:44:19
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 22729
cache-control: public, max-age=29876793
expires: Fri, 08 Mar 2024 11:00:11 GMT
date: Tue, 28 Mar 2023 15:53:38 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV1788583a.0
ms-cv-esi: CASMicrosoftCV1788583a.0
x-rtag: RT
X-Firefox-Spdy: h2
support.microsoft.com/SocContent/css
2.18.172.114200 OK 23 kB URL HTTP/2 support.microsoft.com/SocContent/css
IP 2.18.172.114:0
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Hash 68f3c668bd3369699a9e554c2294ff29
b06cb70c310a429d5000361e3ab7bb07146b23f6
392a288aaa8044b0344dc11b86a8291ec3ec7094f4efa773666e7048a5f98576
GET /SocContent/css HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 28 Mar 2023 15:53:38 GMT
x-correlationid: 229174b6-5933-4b12-aec6-a8934deecebd
x-usersessionid: 229174b6-5933-4b12-aec6-a8934deecebd
x-officefe: OdcSupFrontEnd_IN_10
x-officeversion: 16.0.16322.42701
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
content-encoding: gzip
content-length: 22921
cache-control: public, max-age=31535996
expires: Wed, 27 Mar 2024 15:53:34 GMT
date: Tue, 28 Mar 2023 15:53:38 GMT
vary: Accept-Encoding
set-cookie: EXPID=78a3e3d6-a27d-4600-9d60-db06bf57c40e; expires=Thu, 28-Mar-2024 15:53:38 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.microsoft.com/videoplayer/js/vxpiframe.js
2.18.173.151200 OK 6.3 kB URL HTTP/2 www.microsoft.com/videoplayer/js/vxpiframe.js
IP 2.18.173.151:0
File type ASCII text, with very long lines (13602)
Hash 009d92e8af9d884776822cbb40471dab
8215ca8a1c6d3c6b68c99aa3bc84df2ad57386f7
7ca4a25996ab5129a87d219a3382b645e266b1e43b6f3052770dc23bf15e7fb6
GET /videoplayer/js/vxpiframe.js HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/en-US
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-transform
content-type: application/x-javascript; charset=utf-8
x-activity-id: c55c2b7a-747c-4ca3-9f43-0e36870c6567
x-appversion: 1.0.8377.8392
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-12-08T12:39:44.0000000Z}
ms-operation-id: d9e1e41a6a314a4e83041b8467a8936f
p3p: CP="CAO CONi OTR OUR DEM ONL"
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 6332
date: Tue, 28 Mar 2023 15:53:38 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV17885856.0
ms-cv-esi: CASMicrosoftCV17885856.0
set-cookie: akacd_OneRF=1687794818~rv=57~id=0a55d5f3c326d20834cf5ffd0a4225f1; path=/; Expires=Mon, 26 Jun 2023 15:53:38 GMT; Secure; SameSite=None
x-rtag: RT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/minimize.jpeg
143.198.232.196200 OK 17 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/minimize.jpeg
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3\012- data
Hash 4bf52eb9b3efce840add1a90d83a40e5
6348a7617dfce3165e07af53a48df7892d62ffe1
a85f1e749a829c5c909837844c6b53ce0a9ae2adb7c8eac0e7b96c372c679a0d
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/minimize.jpeg HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:44 GMT
ETag: "4315-5f7f7b97d4eb8"
Accept-Ranges: bytes
Content-Length: 17173
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
support.microsoft.com/socbundles/article
2.18.172.114200 OK 15 kB URL HTTP/2 support.microsoft.com/socbundles/article
IP 2.18.172.114:0
File type ASCII text, with very long lines (62046), with no line terminators
Hash a7a35095b42d66f97324a02e61aeabbd
fc5b2ce888868bb62b40f2b580c16d0e23b53f4a
138863d8ea2818321a86df2e3f72b28feb8348def4d72d5d29b09d57fe235a83
GET /socbundles/article HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 28 Mar 2023 15:53:38 GMT
x-correlationid: f0639f21-ef7c-455f-813a-ffdf154a547d
x-usersessionid: f0639f21-ef7c-455f-813a-ffdf154a547d
x-officefe: OdcSupFrontEnd_IN_6
x-officeversion: 16.0.16322.42701
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=0
expires: Tue, 28 Mar 2023 15:53:38 GMT
date: Tue, 28 Mar 2023 15:53:38 GMT
content-length: 15150
set-cookie: EXPID=c1891c94-9672-475b-a790-b5b366916af3; expires=Thu, 28-Mar-2024 15:53:38 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1
2.18.173.151200 OK 36 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1
IP 2.18.173.151:0
File type ASCII text, with very long lines (42133)
Hash d95e11ceb03f2345a320093cab78025e
61a86a14316100b63da779f7e173849643e687f5
e51a46060665f507a73982f7aa0a4088fc5b371023c237fefa0a1d806b56f6b0
GET /onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 24 Jan 2023 18:49:01 GMT
x-activity-id: 7acc4066-8c24-4216-b307-e65f0d7adf97
x-appversion: 1.0.8405.38376
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-01-06T05:19:12.0000000Z}
ms-operation-id: 276317a3e7c97a4986744af24c94a19f
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2023-01-24T18:49:01
x-s2: 2023-01-24T18:49:01
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 35900
cache-control: public, max-age=29876521
expires: Fri, 08 Mar 2024 10:55:39 GMT
date: Tue, 28 Mar 2023 15:53:38 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV17885872.0
ms-cv-esi: CASMicrosoftCV17885872.0
x-rtag: RT
X-Firefox-Spdy: h2
ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.1.min.js
152.199.19.160200 OK 31 kB URL HTTP/2 ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.1.min.js
IP 152.199.19.160:0
File type ASCII text, with very long lines (65451)
Hash 01ed540a1edc0b1cae4b91ef5d576be3
0f4aa0ea331348a4c2bca0f3898dd681646455c4
da348028c4b581592016ee99ec4ee38cdaaac87d2c0317962c52c18a9338a101
GET /ajax/jQuery/jquery-3.5.1.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 19775343
cache-control: public,max-age=31536000
content-type: application/javascript
date: Tue, 28 Mar 2023 15:53:38 GMT
etag: "80e72fc8fd6fd61:0"
last-modified: Tue, 11 Aug 2020 16:38:03 GMT
server: ECAcc (ska/F74F)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30976
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.215.11.44101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.215.11.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ijeh2TV/NZThMhL82nljpw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: JzrGL+BOVk1uCp1jNDPMyn3CAWM=
statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css
95.101.11.49200 OK 473 B URL HTTP/1.1 statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css
IP 95.101.11.49:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (342), with CRLF line terminators
Hash a40589609d8e75c109e93abbff0dcf60
76ae9c943d54022e24b90467713a73a431eddd6d
2c959c2618be84448b26de18639db8a66126449c6ebb29f4f6d33e00adb5b069
GET /statics/override.css HTTP/1.1
Host: statics-marketingsites-neu-ms-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 11 Jun 2019 23:22:13 GMT
ETag: 0x8D6EEC3A2D67C35
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 794b2968-c01e-0059-40d6-660f8c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 473
Unused62: 8096267
Date: Tue, 28 Mar 2023 15:53:38 GMT
Connection: keep-alive
wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
13.107.237.53200 OK 82 kB URL HTTP/2 wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (63888), with no line terminators
Hash e51f388b62281af5b4a9193cce419941
364f3d737462b7fd063107fe2c580fdb9781a45a
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
GET /mscc/lib/v2/wcp-consent.js HTTP/1.1
Host: wcpstatic.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: max-age=43200
content-length: 81726
content-type: application/javascript
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
age: 9178
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2f3ba352-001e-003f-6578-619f7d000000
x-ms-version: 2009-09-19
x-azure-ref: 0gg0jZAAAAABf+pESmoDtSpuc1DE0pldRU1ZHMjBFREdFMDYyMgAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
date: Tue, 28 Mar 2023 15:53:37 GMT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/def.png
143.198.232.196200 OK 3.8 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/def.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 77a2ffc5545f87551d74781201de9b3b
c9c3798afd2ae95aa3bba3c428335d49c8255b06
316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/def.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:38 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:41 GMT
ETag: "efa-5f7f7b9552ff6"
Accept-Ranges: bytes
Content-Length: 3834
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/okPE-vs.png
143.198.232.196200 OK 313 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/okPE-vs.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 37 x 38, 8-bit grayscale, non-interlaced\012- data
Hash f8176054bb2e264452c0d7c3a1a1093c
dd3145e0f95a236e073a780a2529febf409d4f2b
bf8ebf2c2aeb4d8310341694baf1ed935d35c68c1572588af85b4775d5cf500e
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/okPE-vs.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:38 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:43 GMT
ETag: "139-5f7f7b96a50ea"
Accept-Ranges: bytes
Content-Length: 313
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/-EBq-current.png
143.198.232.196200 OK 1.2 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/-EBq-current.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 27 x 28, 8-bit colormap, non-interlaced\012- data
Hash 35629cc2adc804353a548305f1217206
cda6e89c5f6a644683aea6999a5d11e00dc64275
c1d52e31f7fc13cbb3efca8b0ec937ddd97a5ec545c4dad26193429db10d8662
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/-EBq-current.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:38 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:42 GMT
ETag: "48a-5f7f7b95fef56"
Accept-Ranges: bytes
Content-Length: 1162
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/arrow.svg
143.198.232.196200 OK 193 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/arrow.svg
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 1b49457044fe0f969a601eade5b861ee
bb0139e4c98ac050717094b636612ce758a42062
65e5c584d029650c691506517be54c0046cb94f48b8522d7c78d3a550220691f
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/arrow.svg HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:38 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:41 GMT
ETag: "c1-5f7f7b94ace62"
Accept-Ranges: bytes
Content-Length: 193
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
2.18.173.151200 OK 34 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
IP 2.18.173.151:0
File type Web Open Font Format (Version 2), TrueType, length 34052, version 0.0\012- data
Hash 36397a3bc139c6e9f81d383f060f080a
3f4f86c10920d4ed345f4858b6cde9f93e1aeb81
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
GET /static/fonts/segoe-ui/west-european/normal/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 34052
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "588d483e9c7d51:0"
cache-control: public, max-age=451292
expires: Sun, 02 Apr 2023 21:15:10 GMT
date: Tue, 28 Mar 2023 15:53:38 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
2.18.173.151200 OK 29 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
IP 2.18.173.151:0
File type Web Open Font Format (Version 2), TrueType, length 29388, version 0.0\012- data
Hash 6e75a94d5f7170a1ab532d32c2a35755
9c1b6fff544089941bbeddbcf529c3f0b46d853a
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
GET /static/fonts/segoe-ui/west-european/Semibold/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 29388
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "5b68d583e9c7d51:0"
cache-control: public, max-age=155911
expires: Thu, 30 Mar 2023 11:12:09 GMT
date: Tue, 28 Mar 2023 15:53:38 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
support.microsoft.com/socfonts/DevCMDL2.2.50.woff
2.18.172.114200 OK 18 kB URL HTTP/2 support.microsoft.com/socfonts/DevCMDL2.2.50.woff
IP 2.18.172.114:0
File type Web Open Font Format, TrueType, length 18316, version 0.0\012- data
Hash 0cedbb5e7888349e4705a66ede3dd01c
bff3c70dbd94c866bdefc48e7bba1d8f359577ac
12d95d8d400eeafa0258e9d29d6ea5ef0ec9cfc1410b75e47976fcb3f92082b0
GET /socfonts/DevCMDL2.2.50.woff HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/SocContent/css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: font/x-woff
last-modified: Wed, 08 Feb 2023 13:22:44 GMT
accept-ranges: bytes
etag: "0aa706dc03bd91:0"
x-correlationid: 70065751-9c2c-4c50-88be-f28ea4c1b02e
x-usersessionid: 70065751-9c2c-4c50-88be-f28ea4c1b02e
x-officefe: OdcSupFrontEnd_IN_13
x-officeversion: 16.0.16208.42700
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
content-length: 18316
cache-control: public, max-age=7776000
date: Tue, 28 Mar 2023 15:53:38 GMT
access-control-allow-origin:
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/Glyphs/SupMDL2_v4_69.woff2
2.18.172.114200 OK 30 kB URL HTTP/2 support.microsoft.com/css/Glyphs/SupMDL2_v4_69.woff2
IP 2.18.172.114:0
File type Web Open Font Format (Version 2), TrueType, length 29588, version 0.0\012- data
Hash f04217f47619ac51664e7a65b3f77b48
c32c07c33ba8850f282492b2bd38be170b556541
5975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61
GET /css/Glyphs/SupMDL2_v4_69.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 29588
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1d93cd345be4514"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
request-context: appId=
x-correlationid: 0HMOATAF6QE2N:0000000C
x-operationid: ba8b01cde138b4c70a8fa265737a057d
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=28535006
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
2.18.173.151200 OK 26 kB URL HTTP/2 www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
IP 2.18.173.151:0
File type Web Open Font Format, TrueType, length 26288, version 0.0\012- data
Hash d0263dc03be4c393a90bda733c57d6db
8a032b6deab53a33234c735133b48518f8643b92
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
GET /mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
last-modified: Mon, 16 May 2022 14:07:29 GMT
x-activity-id: 3cb43f33-5942-4f33-ae4e-7b00cfb95638
x-appversion: 1.0.8153.36695
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-29T04:23:10.0000000Z}
ms-operation-id: e99e7389d77ceb41a5c2222175beffa7
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 26288
cache-control: public, max-age=29876974
expires: Fri, 08 Mar 2024 11:03:12 GMT
date: Tue, 28 Mar 2023 15:53:38 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV17885ade.0
ms-cv-esi: CASMicrosoftCV17885ade.0
x-rtag: RT
X-Firefox-Spdy: h2
support.microsoft.com/en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler
2.18.172.114302 Found 0 B URL HTTP/2 support.microsoft.com/en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler
IP 2.18.172.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
content-length: 0
server: Kestrel
location: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156156184141938.YTRmZjYwNDQtZDBhNS00MDQ1LTgyYWMtNzI4MjEwZTZkMGUwYWI5MDlhNTgtNzhkMi00YmIwLWI0NjItZjY2MmFjYzE0ODc0&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-jbdmxh57bdGydZFidJhVnlc4bDmqsg67Cw5NcWFPcxLQRpWlvEVccpOGtlIrXaabrOUVYURbOFDgCf7aFil1DmXtBtwV1HsEteXXAhaxNzEScFGRf6qOeAofrzt2KMCzKSR5FVJ00trMiPPjp8mhZPf8MAHiZjboSsMFUpaBFJ-fjT_H2j88-1rb6E1JdGo4NygvFwoxUtv3305Ndb8nbotbdQPmyJUxR1xRz--4Cy8atv9aQnE0-JaZPuj8fx_CG4fi8FNpQvoddvAgPssf0FpJXOvULGgMWuDVIi9M-ub-749KvEz9AChX3JwtgQnQHL7xnzETr0UwOZ_6erQOXl&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
request-context: appId=
x-correlationid: 0HMPF0JQUBJMJ:000001F2
x-operationid: a3fa5e617893b562a82b390a0b1a9b91
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Tue, 28 Mar 2023 15:53:38 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 28 Mar 2023 15:53:38 GMT
set-cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8PY55fRSQr1CrcRGN2fDm-jmDvHxZj1xMipFkz6ZEt1A_yQ_1PXrikOLw9l-7MXF4lOakkcMrX-AVNugjbIMNZabJV8hclbwWJrmvL3BIogiGM7xyVQirDo0AzOlzg3s5mczBlyow5oRUeGoyx79XTQi-h_ccxbXfpiam_0cnvfBmZxlOL6Ju4OSujRcuJtO0JU1-FVLkah6r_o1Kfd8ahPmMo6N4xphAgY0zhaAX-LFkc4S8qQdKpKnwHChT3knFawBxKghDDcffMVteHDuB4g=N; expires=Tue, 28 Mar 2023 16:08:38 GMT; path=/signin-oidc; secure; samesite=none; httponly
.AspNetCore.Correlation.8zu6RDw-uzD7eHWe9e427yJDbnSkL3FaKcSB9fbcPTY=N; expires=Tue, 28 Mar 2023 16:08:38 GMT; path=/signin-oidc; secure; samesite=none; httponly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d09f346e-3b3f-4bbc-b4cd-ad6f9df1ab6e.png
95.101.95.18200 OK 4.2 kB URL HTTP/2 support.content.office.net/en-us/media/d09f346e-3b3f-4bbc-b4cd-ad6f9df1ab6e.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash b93f7321e326ca5c00d52e5df0357efa
5620e44d1318a3fa8c3f3f7685d76706752f4e36
5b00dfd36987ed6f3f48ba6eac2f7d177b9eb6526ef82f2cc786549bad43b5ec
GET /en-us/media/d09f346e-3b3f-4bbc-b4cd-ad6f9df1ab6e.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 4246
content-type: image/png
content-md5: uT9zIeMmylwA1S5d8DV++g==
last-modified: Fri, 04 Mar 2022 07:17:52 GMT
etag: 0x8D9FDAF18FAABFA
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2bd0d184-901e-002d-6e1f-39d613000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:53:38 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png
95.101.95.18200 OK 785 B URL HTTP/2 support.content.office.net/en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 859052ca7e07aca482d0ef74f86b45b6
d680c1c7c84a04ab96bc23adecee5efc4bc71bb4
4c238159bdfd032eb6ef4fefe83f453d3166adeb2331ba61dbdd67dfa6d0ed36
GET /en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 785
content-type: image/png
content-md5: hZBSyn4HrKSC0O90+GtFtg==
last-modified: Wed, 09 Mar 2022 06:23:54 GMT
etag: 0x8DA0195629FEC6D
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b6f56529-201e-0017-52bc-accc6b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:53:38 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png
95.101.95.18200 OK 150 kB URL HTTP/2 support.content.office.net/en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png
IP 95.101.95.18:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size 150 kB (150348 bytes)
Hash 9aea7c1dc69d1cea907c024eab971118
4986a5deab1bb0c9f0a66e5ea996bce6f56683aa
ce4c6516f665d6893fdbe6e537c75e52213793bc2a6c55457fa63ebf1344112f
GET /en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 150348
content-type: image/png
content-md5: mup8HcadHOqQfAJOq5cRGA==
last-modified: Thu, 27 Oct 2022 22:24:37 GMT
etag: 0x8DAB86A08773082
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 37276f0b-d01e-0013-1d80-f2416c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:53:38 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png
95.101.95.18200 OK 4.6 kB URL HTTP/2 support.content.office.net/en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash c59d7f179b1837d03040c0673c5ec15d
e219f3e3a6a01233b84bb27ef7ebe941a792a3af
e83c28f43b70c9d58e8f8758e547b985577f5a38045f1b5a63169913f02a0cc5
GET /en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 4596
content-type: image/png
content-md5: xZ1/F5sYN9AwQMBnPF7BXQ==
last-modified: Fri, 04 Mar 2022 07:17:49 GMT
etag: 0x8D9FDAF172969CD
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 00d2a09e-301e-001b-4110-5a5b63000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:53:38 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png
95.101.95.18200 OK 2.7 kB URL HTTP/2 support.content.office.net/en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 4ef082afe9892d1af2bf56ebbbe43b24
6af8951ab396523fd8339b2df591835838d15c42
664490c5ed805c089f854c1edf01d005f170730a3614d19c60375eb7c3b08fdf
GET /en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 2703
content-type: image/png
content-md5: TvCCr+mJLRryv1bru+Q7JA==
last-modified: Fri, 04 Mar 2022 07:17:28 GMT
etag: 0x8D9FDAF0AA3B079
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 23f6ee29-401e-0011-2262-f9ffd4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:53:38 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png
95.101.95.18200 OK 210 B URL HTTP/2 support.content.office.net/en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 2-bit colormap, non-interlaced\012- data
Hash 5e136d738c93fdb32c08fdb249905c1f
abeaa733ead9d6a3843aae402afe8d8fbf0452bf
5a639ac902dffec0b8174e7a2dda2e18c8038b76ff5c88ec507984e71b7b4a1b
GET /en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 210
content-type: image/png
content-md5: XhNtc4yT/bMsCP2ySZBcHw==
last-modified: Fri, 04 Mar 2022 07:17:30 GMT
etag: 0x8D9FDAF0B81DF68
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b07e7aca-101e-000c-3c0f-9bf268000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:53:38 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d6ba446c-4077-4462-bfc9-7ddf7c07d7bd.png
95.101.95.18200 OK 4.3 kB URL HTTP/2 support.content.office.net/en-us/media/d6ba446c-4077-4462-bfc9-7ddf7c07d7bd.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash dc66df4b133bbbeed776ca86b5ad68da
eab70e67489815ac093d17c1922a5dc5cf8c0ef0
8cbbbe47e52239d7d23ae19946fc2b2e3c6e95dcf7631c807af7a811c89cb78e
GET /en-us/media/d6ba446c-4077-4462-bfc9-7ddf7c07d7bd.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 4280
content-type: image/png
content-md5: 3GbfSxM7u+7XdsqGta1o2g==
last-modified: Fri, 04 Mar 2022 20:23:50 GMT
etag: 0x8D9FE1CE54267E6
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 20c6b4f4-c01e-0042-78b9-93dce0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:53:38 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png
95.101.95.18200 OK 3.4 kB URL HTTP/2 support.content.office.net/en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash b7b315e5398a5177f50394fc16f577a6
23d3cbf6a21d4fc6c275e70cd71e9f276bb4db52
92aa5dec4f2ee690cf1f8230fd67ed58b5918a7d1b0137dee46e6751fb439da6
GET /en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 3425
content-type: image/png
content-md5: t7MV5TmKUXf1A5T8FvV3pg==
last-modified: Fri, 04 Mar 2022 07:17:31 GMT
etag: 0x8D9FDAF0BEDAF8E
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b9b9a6bc-d01e-002c-399e-ba89cf000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:53:38 GMT
X-Firefox-Spdy: h2
mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meBoot.min.js
13.107.237.53200 OK 41 kB URL HTTP/2 mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meBoot.min.js
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Hash 16472d4ea26c5e96e9cd20052074a8f2
0b00e561364e26b989cbbeee99fe5e3555e6c796
4f33ec47a8f66a1bf89460c3e4537d5cbc63b6b281a5c8431ac101453e366e21
GET /scripts/me/MeControl/10.23038.5/en-US/meBoot.min.js HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
last-modified: Fri, 24 Mar 2023 01:15:24 GMT
etag: "1d95e28c88634a3"
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0TC4iZAAAAAAjIag5uUM0Qq6JWNO1FPa+QU1TMDRFREdFMTkxMgBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0gg0jZAAAAAAmz+xne+7JQbmGIvx4eV+MU1ZHMjBFREdFMDYyMABlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 28 Mar 2023 15:53:38 GMT
X-Firefox-Spdy: h2
support.microsoft.com/css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI
2.18.172.114200 OK 654 B URL HTTP/2 support.microsoft.com/css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI
IP 2.18.172.114:0
File type ASCII text, with very long lines (1877), with no line terminators
Hash 0d5d7ed2a6b811caffa8f525e3f71610
553802ca3a157bfd1fd028f494b792c201eb1ef7
8af71052a0ee40641e37dc7ec367a380e1d88cdc057a71b460f397085c011fcc
GET /css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd3903fb455"
last-modified: Thu, 09 Feb 2023 22:12:14 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATD1USELT:00000004
x-operationid: 1a5945489342e777d3ba9f9b3ebabcaf
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 654
cache-control: private, max-age=28534568
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/sitewide/articleCss-overwrite.css?v=Agp_0EWD3V-aZnCFUrPvHDFynjvCYTVYUcRwnbKUcJc
2.18.172.114200 OK 218 B URL HTTP/2 support.microsoft.com/css/sitewide/articleCss-overwrite.css?v=Agp_0EWD3V-aZnCFUrPvHDFynjvCYTVYUcRwnbKUcJc
IP 2.18.172.114:0
File type ASCII text, with very long lines (592), with no line terminators
Hash ee52039f75c0cc68ae07376cf6c09632
d46f85e21d23f52dc13a0c88482fe5f3988fbbd0
14e18ed1e0a9ea3854480e4ea2275b4390dac10036090f98e105c4d04de51fd1
GET /css/sitewide/articleCss-overwrite.css?v=Agp_0EWD3V-aZnCFUrPvHDFynjvCYTVYUcRwnbKUcJc HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95cecb3a34a50"
last-modified: Wed, 22 Mar 2023 18:32:48 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPB0GDQO40M:00000002
x-operationid: 0fb9083ea8f40b8ea4bea848fbb85ae1
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 218
cache-control: private, max-age=31464641
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
2.18.172.114200 OK 3.1 kB URL HTTP/2 support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
IP 2.18.172.114:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (10532), with no line terminators
Hash 0737acfed55616de4eda800b15cbf1fb
7e896a35974259d41ced3e2b70f564f3c34df4f8
8da6bcf631d27020b2ff6b788648d0f124f69ee5806e37ce415cdf9d4b88b8c9
GET /css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fc6dcc3b"
last-modified: Thu, 09 Feb 2023 22:08:06 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9HC2Q08:00000003
x-operationid: 4052353e8561fa8359cf8f718f5e1cd5
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 3141
cache-control: private, max-age=28534894
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI
2.18.172.114200 OK 1.5 kB URL HTTP/2 support.microsoft.com/css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI
IP 2.18.172.114:0
File type ASCII text, with very long lines (4370), with no line terminators
Hash 99ba2848ba9a06514e6cc579f6995206
632460dae575c7c20a27b5716c236d9debe4b9ed
85455b4dd8114d33bedf87384aa0ee36a67b38183452686a76c2846d11caf3f1
GET /css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd345be2792"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATAF6QE2N:00000007
x-operationid: bcf7a863a55c2f3056da2b8d1ebda881
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1492
cache-control: private, max-age=28535039
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4
2.18.172.114200 OK 814 B URL HTTP/2 support.microsoft.com/css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4
IP 2.18.172.114:0
File type ASCII text, with very long lines (2230), with no line terminators
Hash e22f91333200d597a00d4e98527400e1
76659fa749d8848ace64e464941316325b07bb42
831d28e62fbfbb7488dc3471184f9116ebc453bed3464870815e22c9e2240233
GET /css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fd9f1cb6"
last-modified: Thu, 09 Feb 2023 22:08:08 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9TTJPSF:00000007
x-operationid: a8c1176152eae790e1c66cc9e7ef4244
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 814
cache-control: private, max-age=28534666
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/seo.png
143.198.232.196200 OK 21 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/seo.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash d6a6abff8300306298b9839210a01272
5d816e96fe022415f817bc580273bb6e3c58fb33
8d3a47bb7fede0db929ed92f8ebaee71fc12e3b4cc4f43362f3fc304d6fd130b
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/seo.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:38 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:42 GMT
ETag: "5095-5f7f7b9652fc2"
Accept-Ranges: bytes
Content-Length: 20629
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/virus-images.png
143.198.232.196200 OK 33 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/virus-images.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 200 x 191, 8-bit/color RGBA, non-interlaced\012- data
Hash 68c7d1836cf921e767b980e8ce6d845b
395fc474214809b1282fc589e4a8f0be81b16adc
870e9d768ba46521935ced4cee560acfbb4f12370e5476dc6a2a45f0141a8392
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/virus-images.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:38 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:40 GMT
ETag: "8256-5f7f7b9459d98"
Accept-Ranges: bytes
Content-Length: 33366
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
support.microsoft.com/css/glyphs/SupMDL2_v4_69.woff2
2.18.172.114200 OK 30 kB URL HTTP/2 support.microsoft.com/css/glyphs/SupMDL2_v4_69.woff2
IP 2.18.172.114:0
File type Web Open Font Format (Version 2), TrueType, length 29588, version 0.0\012- data
Hash f04217f47619ac51664e7a65b3f77b48
c32c07c33ba8850f282492b2bd38be170b556541
5975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61
GET /css/glyphs/SupMDL2_v4_69.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 29588
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1d93cd2fd9f6794"
last-modified: Thu, 09 Feb 2023 22:08:08 GMT
request-context: appId=
x-correlationid: 0HMOAT9TTJQ9L:0000000C
x-operationid: 6d6743342ea344f98126edce9edbb2ed
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=28535101
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png
95.101.95.18200 OK 94 kB URL HTTP/2 support.content.office.net/en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png
IP 95.101.95.18:0
File type PNG image data, 2006 x 426, 8-bit colormap, non-interlaced\012- data
Hash f2378ce679cd470615bc0f5fdfb04868
377f63641a07739d73b4b119c927dc43a853d5cf
d66573493a7baebfb1ebf6913e924129bebf36b563d84a7e613a6418a79637fd
GET /en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 94486
content-type: image/png
content-md5: 8jeM5nnNRwYVvA9f37BIaA==
last-modified: Thu, 07 Oct 2021 18:46:47 GMT
etag: 0x8D989C2D12875EB
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: eec53ea8-501e-007f-5450-abaafb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:53:38 GMT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/antivirus.png
143.198.232.196200 OK 17 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/antivirus.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash f6e5701a264992107acc4583ed4ae622
a6df615fcb3a05bf4aefa62221127970956e5de6
45eb621e5fa1258a63f8e53d8032a1acd8805366bf0ea4c5f48cb2adbeaaa28f
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/antivirus.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:38 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:47 GMT
ETag: "427d-5f7f7b9aa30d6"
Accept-Ranges: bytes
Content-Length: 17021
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156156184141938.YTRmZjYwNDQtZDBhNS00MDQ1LTgyYWMtNzI4MjEwZTZkMGUwYWI5MDlhNTgtNzhkMi00YmIwLWI0NjItZjY2MmFjYzE0ODc0&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-jbdmxh57bdGydZFidJhVnlc4bDmqsg67Cw5NcWFPcxLQRpWlvEVccpOGtlIrXaabrOUVYURbOFDgCf7aFil1DmXtBtwV1HsEteXXAhaxNzEScFGRf6qOeAofrzt2KMCzKSR5FVJ00trMiPPjp8mhZPf8MAHiZjboSsMFUpaBFJ-fjT_H2j88-1rb6E1JdGo4NygvFwoxUtv3305Ndb8nbotbdQPmyJUxR1xRz--4Cy8atv9aQnE0-JaZPuj8fx_CG4fi8FNpQvoddvAgPssf0FpJXOvULGgMWuDVIi9M-ub-749KvEz9AChX3JwtgQnQHL7xnzETr0UwOZ_6erQOXl&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
20.190.160.12200 OK 59 kB URL HTTP/1.1 login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156156184141938.YTRmZjYwNDQtZDBhNS00MDQ1LTgyYWMtNzI4MjEwZTZkMGUwYWI5MDlhNTgtNzhkMi00YmIwLWI0NjItZjY2MmFjYzE0ODc0&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-jbdmxh57bdGydZFidJhVnlc4bDmqsg67Cw5NcWFPcxLQRpWlvEVccpOGtlIrXaabrOUVYURbOFDgCf7aFil1DmXtBtwV1HsEteXXAhaxNzEScFGRf6qOeAofrzt2KMCzKSR5FVJ00trMiPPjp8mhZPf8MAHiZjboSsMFUpaBFJ-fjT_H2j88-1rb6E1JdGo4NygvFwoxUtv3305Ndb8nbotbdQPmyJUxR1xRz--4Cy8atv9aQnE0-JaZPuj8fx_CG4fi8FNpQvoddvAgPssf0FpJXOvULGgMWuDVIi9M-ub-749KvEz9AChX3JwtgQnQHL7xnzETr0UwOZ_6erQOXl&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
IP 20.190.160.12:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (42249), with CRLF, LF line terminators
Hash 8c99adb59cc17da35dd631b0908b2124
4cd57fcb2120252926ae77ce0576f6b33b4078f6
d23f27b5b273ebb53e197974cd2191de1e8c74f7019c7bcdf5c7cdeb0b0967a7
GET /common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156156184141938.YTRmZjYwNDQtZDBhNS00MDQ1LTgyYWMtNzI4MjEwZTZkMGUwYWI5MDlhNTgtNzhkMi00YmIwLWI0NjItZjY2MmFjYzE0ODc0&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-jbdmxh57bdGydZFidJhVnlc4bDmqsg67Cw5NcWFPcxLQRpWlvEVccpOGtlIrXaabrOUVYURbOFDgCf7aFil1DmXtBtwV1HsEteXXAhaxNzEScFGRf6qOeAofrzt2KMCzKSR5FVJ00trMiPPjp8mhZPf8MAHiZjboSsMFUpaBFJ-fjT_H2j88-1rb6E1JdGo4NygvFwoxUtv3305Ndb8nbotbdQPmyJUxR1xRz--4Cy8atv9aQnE0-JaZPuj8fx_CG4fi8FNpQvoddvAgPssf0FpJXOvULGgMWuDVIi9M-ub-749KvEz9AChX3JwtgQnQHL7xnzETr0UwOZ_6erQOXl&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/
Connection: keep-alive
Cookie: brcap=0; MSFPC=GUID=27491a5fca0c436896bdbf20a1588da0&HASH=2749&LV=202205&V=4&LU=1652883922743; ESTSSSOTILES=1; AADSSOTILES=1; buid=0.AREAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrTNp5Q8BwnUPxUctpdyrm9gLZs-W9y8Hyxp3IxsCzZXsQjzhafzMZAGJhreXNnjGqVdob-JtLkCPZqVHl8Fglj16nTq8KaXtLOdaVC-79H-AgAA; fpc=ApE_bFkOsHVBrduz-QD7jONqwEtIAQAAAFAEtdsOAAAA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msftauth.net>; rel=dns-prefetch, <https://aadcdn.msauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 098918b7-9ad6-426a-8ba1-41764d363000
x-ms-ests-server: 2.1.14939.4 - NEULR2 ProdSlices
x-ms-clitelem: 1,0,0,,
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: buid=0.AREAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7Wevracvor5CuSqAAYiBgixBSPxW0tq-WF3tdINiV_dCrOcfrslDF8dZsFc_zX6WDcAEgPEhrmCNGefBoL4UeMror05R9iEJA9EJkvYLAOgdXHTggAA; expires=Thu, 27-Apr-2023 15:53:38 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=ApE_bFkOsHVBrduz-QD7jONqwEtIAgAAAFAEtdsOAAAA; expires=Thu, 27-Apr-2023 15:53:38 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABAAEAAAD--DLA3VO7QrddgJg7WevrZV2BfFE6-P4tW6laytDnwrVmb72g6XeRWC0KXAwPtQ6GIhpHxdR5qo8uXJ9eBcknESH1gO8fNBuzoYxgsHRZ0uP0nThyvsvhC9iONvbzolLqF3DR3n6QNpxZ4JuIflDUbHCssdtUGbxvtzzq_JwgZmPFlrWhJLrx3JFvJEQTfF0gAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 28 Mar 2023 15:53:38 GMT
Content-Length: 59213
login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=3050d8b9-7137-4b63-cf09-ac93fcd07e25&partnerId=smcconvergence&idpflag=proxy
20.190.160.12200 OK 1.3 kB URL HTTP/1.1 login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=3050d8b9-7137-4b63-cf09-ac93fcd07e25&partnerId=smcconvergence&idpflag=proxy
IP 20.190.160.12:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 7d366bfa7c9b7951156ee8aba87da979
37591dff2710f5dc1fa49930c6243a64959d85c3
3211675897496be86ecb797bb8a5423f756caec84aef713cd4e794f808b8e2d8
GET /savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=3050d8b9-7137-4b63-cf09-ac93fcd07e25&partnerId=smcconvergence&idpflag=proxy HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Cookie: brcap=0; MSFPC=GUID=27491a5fca0c436896bdbf20a1588da0&HASH=2749&LV=202205&V=4&LU=1652883922743; ESTSSSOTILES=1; AADSSOTILES=1; buid=0.AREAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7Wevracvor5CuSqAAYiBgixBSPxW0tq-WF3tdINiV_dCrOcfrslDF8dZsFc_zX6WDcAEgPEhrmCNGefBoL4UeMror05R9iEJA9EJkvYLAOgdXHTggAA; fpc=ApE_bFkOsHVBrduz-QD7jONqwEtIAgAAAFAEtdsOAAAA; esctx=PAQABAAEAAAD--DLA3VO7QrddgJg7WevrZV2BfFE6-P4tW6laytDnwrVmb72g6XeRWC0KXAwPtQ6GIhpHxdR5qo8uXJ9eBcknESH1gO8fNBuzoYxgsHRZ0uP0nThyvsvhC9iONvbzolLqF3DR3n6QNpxZ4JuIflDUbHCssdtUGbxvtzzq_JwgZmPFlrWhJLrx3JFvJEQTfF0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 1f3cd45a-d9f0-41de-ae98-f05e0caa4800
x-ms-ests-server: 2.1.14939.4 - WEULR2 ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: fpc=ApE_bFkOsHVBrduz-QD7jONqwEtIAgAAAFAEtdsOAAAA; expires=Thu, 27-Apr-2023 15:53:38 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 28 Mar 2023 15:53:38 GMT
Content-Length: 1305
mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meCore.min.js
13.107.237.53200 OK 16 kB URL HTTP/2 mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meCore.min.js
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (34235), with CRLF, LF line terminators
Hash 8b331c6dc779f355bbbbf3d3cafd5c30
4ff5233c22795af0a97495eba1ef40d2e349b18c
fe9556f7f839b14354305bf99f8ef4a934b639c87f6727ea7bb6e6a30dfb86dd
GET /scripts/me/MeControl/10.23038.5/en-US/meCore.min.js HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
last-modified: Thu, 16 Feb 2023 20:57:48 GMT
etag: "1d9428c615427a1"
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0mFIiZAAAAACuGL56CXX/TIucxU+vJUIxQU1TMDRFREdFMTgxNgBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0gg0jZAAAAABwUaMSe0LYQJ+OOwMtLbT9U1ZHMjBFREdFMDYyMABlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 28 Mar 2023 15:53:38 GMT
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.232.196/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 28 Mar 2023 14:05:11 GMT
expires: Tue, 28 Mar 2023 16:05:11 GMT
cache-control: public, max-age=7200
age: 6507
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
2.18.173.151200 OK 28 kB URL HTTP/2 www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
IP 2.18.173.151:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16813), with CRLF, LF line terminators
Hash d772cd1769533ff54eedddb221a5d4e2
e0103f37319e53b66cb408598e1b8103ff16ac28
b9f3c8ef0003ca97044483b14f98ae44ce92ee81d7ffa0569eed6c6d898f9130
GET /en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/en-US
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-transform
content-type: text/html; charset=utf-8
x-activity-id: 84ba8a59-2856-4d9d-aed2-ee2b76f55f5b
x-appversion: 1.0.8468.43152
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
ms-operation-id: 9aa0e536d96a1c41b3e9edfd2f7c0e43
p3p: CP="CAO CONi OTR OUR DEM ONL"
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 28 Mar 2023 15:53:39 GMT
content-length: 28057
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV17885fcf.0
ms-cv-esi: CASMicrosoftCV17885fcf.0
set-cookie: akacd_OneRF=1687794818~rv=78~id=c1e451f879b58431cd240159e28773b3; path=/; Expires=Mon, 26 Jun 2023 15:53:38 GMT; Secure; SameSite=None
x-rtag: RT
X-Firefox-Spdy: h2
login.live.com/Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc
20.190.160.23200 OK 4.9 kB URL HTTP/1.1 login.live.com/Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc
IP 20.190.160.23:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (10755)
Hash c9453c6eb0f2e59a9a7bead5a8fed2ad
08e9fe39501268e59feb969f4cd44c8adb8e0770
6b8c456e45526fcc65e135fa36b0a59d44642f86fb85832bcaa406d8805de821
GET /Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Tue, 28 Mar 2023 15:52:39 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-DNS-Prefetch-Control: on
Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: R3_BL2
x-ms-request-id: 6e88ff08-a440-4fe8-afb2-32fff12ee52a
PPServer: PPV: 30 H: BL02PF25D8E5A9E V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=740d8de1a9c44d658dfe5a2aeb2f4034; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=12<=1680018819&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
OParams=11O.DRvlKj9l4gaOiH5prP2fp9*EpmzDnQMi*L9D6cFxwcn5oNOEmK9NGEU6oaovqqjsl13J5h*Ji7ni7Fv9bwGTBNlFWunb*1G3lHBFowXHDZBIikwwDlDr8F3Kp5EQ7z76MAbgOhWYR6VZf!Svy*p9d4rL3e9N3u3QCUFa1nedNOIBph4dLOJFnztIiwI5cfujEPkbYDnc2RREbdXcZE!a4IDxEvzK6sDsk2K1bG!O9yKpLnZms7iN*rUzPdUC4kMgtLKVFUw72HEj5ostxFKcRm8$; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Tue, 28 Mar 2023 15:53:38 GMT
Content-Length: 4862
login.live.com/Me.htm?v=3
20.190.160.23200 OK 1.1 kB URL HTTP/1.1 login.live.com/Me.htm?v=3
IP 20.190.160.23:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
Hash 9c08f0f5b411918572bb176b56d4b747
12814f1ffd1c414337cfc57da7561f4386ec8b67
d9f196403747ff4bbf6c3d61c7319f51e33be05825ac3b5200665e6e5ee26c0e
GET /Me.htm?v=3 HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=315360000
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Fri, 25 Mar 2033 15:53:39 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: R3_BL2
x-ms-request-id: e9e5bfd5-759f-4385-8ac5-c4ba908fc678
PPServer: PPV: 30 H: BL6PPFC627C2903 V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=a49608aa10f4478fbf726a76ecfc846b; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=N<=1680018819&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Tue, 28 Mar 2023 15:53:38 GMT
Content-Length: 1132
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2
2.18.173.151200 OK 23 kB URL HTTP/2 www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2
IP 2.18.173.151:0
File type Web Open Font Format (Version 2), TrueType, length 22904, version 0.0\012- data
Hash c654a623ad90bb3dcd769dbbac34d863
8719de38f17d8e4d73e2a5e4e867d63dd3965baa
deec787cca1b9436e080478742a0299e0db1a9712543a72d2cdc8373fc45a432
GET /mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Mon, 16 May 2022 07:01:55 GMT
x-activity-id: d139116e-f4eb-4cbe-a338-6b673450f768
x-appversion: 1.0.8153.36695
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-29T04:23:10.0000000Z}
ms-operation-id: 53b63aa96349ba49869d30dbd37260f2
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 22904
cache-control: public, max-age=29876845
expires: Fri, 08 Mar 2024 11:01:04 GMT
date: Tue, 28 Mar 2023 15:53:39 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV178863a8.0
ms-cv-esi: CASMicrosoftCV178863a8.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/mwf/js/MWF_20230313_66247431/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0
2.18.173.151200 OK 16 kB URL HTTP/2 www.microsoft.com/mwf/js/MWF_20230313_66247431/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0
IP 2.18.173.151:0
File type ASCII text, with very long lines (32913)
Hash 0bbdd019a5883814c9b3066e14d32040
6c8bf2b2ca295f63da3dd00177e0f92eb6dff5a7
d7baf348469dc40ecc20a3ad3bd9bd91fac0e2730aca7da3e5a5435f29c44b7e
GET /mwf/js/MWF_20230313_66247431/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
last-modified: Mon, 27 Mar 2023 18:41:46 GMT
x-activity-id: 4d31b880-0c9e-4cc9-961b-8b8cb48f5626
x-appversion: 1.0.8468.43152
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
ms-operation-id: 97551b1fda7f17459dd96c0f3d697714
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-s1: 2023-03-27T18:41:47
x-s2: 2023-03-27T18:41:47
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 15548
cache-control: public, max-age=31459622
expires: Tue, 26 Mar 2024 18:40:41 GMT
date: Tue, 28 Mar 2023 15:53:39 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV178863c1.0
ms-cv-esi: CASMicrosoftCV178863c1.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/mwf/css/MWF_20230313_66247431/west-european/default/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0&include_base=true
2.18.173.151200 OK 22 kB URL HTTP/2 www.microsoft.com/mwf/css/MWF_20230313_66247431/west-european/default/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0&include_base=true
IP 2.18.173.151:0
File type Unicode text, UTF-8 text, with very long lines (64174)
Hash c525127a72097b4f3ff72f20cbb16f10
e4026ae6b0987efafa99631574a80b92d701155d
286a6ec3d34691c0b980e09a03306c1ee822ff0ef0592ff030deeb71187d495c
GET /mwf/css/MWF_20230313_66247431/west-european/default/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0&include_base=true HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Mon, 27 Mar 2023 18:42:10 GMT
x-activity-id: b1113592-a596-4897-bce6-ee0ee39047c4
x-appversion: 1.0.8468.43152
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
ms-operation-id: 420fce3260126443ae1ef5007838f77c
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-s1: 2023-03-27T18:42:11
x-s2: 2023-03-27T18:42:11
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 21782
cache-control: public, max-age=31459734
expires: Tue, 26 Mar 2024 18:42:33 GMT
date: Tue, 28 Mar 2023 15:53:39 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV178863ac.0
ms-cv-esi: CASMicrosoftCV178863ac.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/mscomhp/_scrf/css/themes=default.device=uplevel_web_pc_moz/76-fd2264/19-19fa02/cb-ddc7e5?ver=2.0&_cf=02242021_3231
2.18.173.151200 OK 4.4 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/mscomhp/_scrf/css/themes=default.device=uplevel_web_pc_moz/76-fd2264/19-19fa02/cb-ddc7e5?ver=2.0&_cf=02242021_3231
IP 2.18.173.151:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (30540)
Hash 8d9b94114ca442a693b4b42f9b3e5e6d
0c83e8bca6400fec5f9e8a5f00c638581f8f8964
df92c807f4ab492ac914712d40440ee2f3bbcb8479f3f7c7ae9cc2004ee9e0a3
GET /onerfstatics/marketingsites-neu-prod/west-european/mscomhp/_scrf/css/themes=default.device=uplevel_web_pc_moz/76-fd2264/19-19fa02/cb-ddc7e5?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 01 Feb 2022 23:29:21 GMT
x-activity-id: 73b609d7-461f-42f0-8b11-b96f5f26ae13
x-appversion: 1.0.8061.4385
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-01-26T10:26:10.0000000Z}
ms-operation-id: e10933a303aa964b83eda21bcb981948
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-02-01T23:29:21
x-s2: 2022-02-01T23:29:21
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
unused62: 8096267
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=28977519
expires: Tue, 27 Feb 2024 01:12:18 GMT
date: Tue, 28 Mar 2023 15:53:39 GMT
content-length: 4369
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV178863b2.0
ms-cv-esi: CASMicrosoftCV178863b2.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/88-3d3ba4/8b-cbe548?ver=2.0&_cf=02242021_3231
2.18.173.151200 OK 70 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/88-3d3ba4/8b-cbe548?ver=2.0&_cf=02242021_3231
IP 2.18.173.151:0
File type ASCII text, with very long lines (46360)
Hash 620762cb0f74cd82f56b55174b950079
b470f2a1fc95dd855001d3c9dcd2506806337060
05cedc9e1dfdb6c1d9e7f6fb305b54019917f0066d19e3d755fcd45cd9958c46
GET /onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/88-3d3ba4/8b-cbe548?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 28 Feb 2023 18:25:17 GMT
x-activity-id: eff7ddc3-e1a7-4847-9ce7-31615bdb571e
x-appversion: 1.0.8433.39987
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-02-03T06:12:54.0000000Z}
ms-operation-id: c722c4c270c1a041919665eab5f01370
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2023-02-28T18:25:17
x-s2: 2023-02-28T18:25:17
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 69603
cache-control: public, max-age=29125976
expires: Wed, 28 Feb 2024 18:26:35 GMT
date: Tue, 28 Mar 2023 15:53:39 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV178863bc.0
ms-cv-esi: CASMicrosoftCV178863bc.0
x-rtag: RT
X-Firefox-Spdy: h2
js.monitor.azure.com/scripts/c/ms.analytics-web-3.2.7.min.js
13.107.238.53200 OK 130 kB URL HTTP/2 js.monitor.azure.com/scripts/c/ms.analytics-web-3.2.7.min.js
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65398)
Size 130 kB (130283 bytes)
Hash 61f7afa674b1a31fc254bd82774b488b
ffc88b1e2341d8a2b4f7f9cc6eb55dbaa6688197
db864e77c245c9e67e59b12b9827f0b28eaf9cf79bf2f728c4717446488b0198
GET /scripts/c/ms.analytics-web-3.2.7.min.js HTTP/1.1
Host: js.monitor.azure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: Sb/q47QLN6j5URAwRjCa2Q==
last-modified: Wed, 05 Oct 2022 16:53:02 GMT
etag: 0x8DAA6F2110CCD22
x-cache: TCP_HIT
x-ms-request-id: b9bbd555-b01e-00cd-407e-5ec3d4000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.7
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0gzMeZAAAAAB+WDJ8hC4xTJvF6RFQRTY5QU1TMDRFREdFMTkxOQBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
x-azure-ref: 0gg0jZAAAAABzio2c0gUFQoDcn1xQsFRPU1ZHMjBFREdFMDUxNwBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Tue, 28 Mar 2023 15:53:37 GMT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/en07.php
143.198.232.196401 Unauthorized 84 B URL HTTP/1.0 143.198.232.196/tj6/9chrmx0973xu9x08x/en07.php
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 52bf3ccddb64ba07d5d6d79fdfba4765
f369871f7f1efa470a92ebb8ab98ad26b6754965
11359d75d1ccf8ead98ba93030fb3e9050157c154ac53255f9dda71f1465c3d7
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/en07.php HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
Upgrade-Insecure-Requests: 1
HTTP/1.0 401 Unauthorized
Date: Tue, 28 Mar 2023 15:53:39 GMT
Server: Apache/2.4.52 (Ubuntu)
Set-Cookie: PHPSESSID=kh7fcks1suilbpgv69496fneuo; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
WWW-Authenticate: Basic realm="Call Microsoft Security Helpline immediately. "
Refresh: 0; url=/tj6/9chrmx0973xu9x08x/en07.php
Content-Length: 84
Connection: close
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6425
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 15:53:39 GMT
Connection: keep-alive
logincdn.msauth.net/16.000/content/js/MeControl_y7hQ8zvzxipQwKkN4y1uWg2.js
192.229.221.185200 OK 6.1 kB URL HTTP/2 logincdn.msauth.net/16.000/content/js/MeControl_y7hQ8zvzxipQwKkN4y1uWg2.js
IP 192.229.221.185:0
File type ASCII text, with very long lines (17286), with no line terminators
Hash cd96cd9fa056539f3f233cadee462c3d
08fb721d663673885713c9252b03e05cc3d00938
d714cf6f5d9610c9fab9e0b725701a71bd5f73587ff505a8c86a209e6a6ede30
GET /16.000/content/js/MeControl_y7hQ8zvzxipQwKkN4y1uWg2.js HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com/
Origin: https://login.live.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1703057
cache-control: public, max-age=31536000
content-md5: zZbNn6BWU58/Izyt7kYsPQ==
content-type: application/x-javascript
date: Tue, 28 Mar 2023 15:53:39 GMT
etag: 0x8DB1952FEA1D8AD
last-modified: Tue, 28 Feb 2023 06:14:05 GMT
server: ECAcc (ska/F756)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: d773bd4d-a01e-003d-1310-522d72000000
x-ms-version: 2009-09-19
content-length: 6055
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6425
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 15:53:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6425
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 15:53:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6425
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 15:53:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6425
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 15:53:39 GMT
Connection: keep-alive
wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
13.107.237.53200 OK 82 kB URL HTTP/2 wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (63888), with no line terminators
Hash e51f388b62281af5b4a9193cce419941
364f3d737462b7fd063107fe2c580fdb9781a45a
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
GET /mscc/lib/v2/wcp-consent.js HTTP/1.1
Host: wcpstatic.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: max-age=43200
content-length: 81726
content-type: application/javascript
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
age: 9179
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2f3ba352-001e-003f-6578-619f7d000000
x-ms-version: 2009-09-19
x-azure-ref: 0gw0jZAAAAADkN5r+wgywT6ZSXbIG571XU1ZHMjBFREdFMDYwNwAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
date: Tue, 28 Mar 2023 15:53:38 GMT
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: I3GuoZ4ZxAtz0sKe3wrW67aitLlCAbaZkiPw23fl0F3FoumJDEnXiQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 07:55:07 GMT
age: 28712
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ada29e049501b12a35b0bcc5f68e3e57
5c1ba9bffbcc9007e7f119dbb3197db34a12f8da
b45583b5845129386a456e03fbdba25305c8d6d9fb5a8f01d783816ced080629
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10744
x-amzn-requestid: d693d820-7eed-47a3-9b0b-8f43c141bd3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbogF0poAMFTAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220c9c-22ab350146e8a3a606f74c42;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: uCaEsILUx4u_fBJ7J9CgQanUW-BmV69mFvGRjZ0roFWluE_joVyVrA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:48:21 GMT
age: 65118
etag: "5c1ba9bffbcc9007e7f119dbb3197db34a12f8da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1da68df9d96e2758e37b9f15daab027b
5ff19ed6dc5752aa4b15fb88da972b736fd55783
ad924425946dbdf309c764e7097e676185516301feb7722b30d95ffd50b4353f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7426
x-amzn-requestid: 85a30298-4613-4a96-bdba-0899fe9f9475
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdcsgGZsoAMFQkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220e4f-10db431e7632048d7b15e0ec;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:44:47 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: VYUarzUegSCD6A4s7tUQ-0O1mjal3BAW7SiiXSpOnFEDd5-HHoA5Cw==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:55:21 GMT
age: 64698
etag: "5ff19ed6dc5752aa4b15fb88da972b736fd55783"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fdd8a3f935830ca9e5ffdb5824acebc
39caaddec703fdad962d03fff8687bad2c1df4ad
6fe6301fb3610c3e8a9b62671579db53189bb62ead4cf5ab30a1f1e0b90b8ca2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7537
x-amzn-requestid: 4f7aaf6e-3eca-4033-aa21-27b5e7df6a0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbupFURIAMFlZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cc3-153c4e0b6b9d1b586c985f8d;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:38:11 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 07sU32yK0Sqkqg_YzC_cfw3stDMOa2cViR6IrpHw5cfSEjUOHTITAA==
via: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront), 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:48:37 GMT
age: 65102
etag: "39caaddec703fdad962d03fff8687bad2c1df4ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png
34.120.237.76200 OK 20 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e093e7b5c12cfc2aee601f823ea47e
d76b3958471b2ed70a2b52f078ec638748fdb441
de4fc669195611c4ea6fe7d920482987aef077973b4973c01e2f362aeb18c2ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 20349
x-amzn-requestid: 2de7d242-f277-42a6-9dc4-2fc98207a978
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbumFzOIAMF3hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cc3-5f20ad7b2216219138f7b557;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:38:11 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: pnby7LhwZDWxJHtyWBlI7l_AO8l-tjjTVHatiCKG2htZ4RQNQOZkgQ==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 34f8ef0e4c880df0650a814412a26ea6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:48:21 GMT
age: 65118
etag: "d76b3958471b2ed70a2b52f078ec638748fdb441"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/cross.png
143.198.232.196200 OK 386 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/cross.png
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced\012- data
Size 386 kB (386359 bytes)
Hash be42ad7752720327d28bf52dbdbb64c2
f4cce31b9236319aa9c87fee038638d1de12c07d
c3ad6aa1c03fd108854f008cfec2753ba623e1470a4d61798b5d8c050e474868
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/cross.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:53:38 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:44 GMT
ETag: "5e537-5f7f7b97be72a"
Accept-Ranges: bytes
Content-Length: 386359
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/dfa0b592/coreui.statics/externalscripts/jquery/jquery-3.5.1.min.js
2.18.173.151200 OK 31 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/dfa0b592/coreui.statics/externalscripts/jquery/jquery-3.5.1.min.js
IP 2.18.173.151:0
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash 7800d0ad4e07822dcdcd087c3841ee3b
3279b7f56b6c431dcbfa907549f599c629e93233
927473bbef3c67ecbb4afb89ecd548efcb0493c581c4e3542ef8e1dd03f302fc
GET /onerfstatics/marketingsites-neu-prod/_h/dfa0b592/coreui.statics/externalscripts/jquery/jquery-3.5.1.min.js HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 16 May 2022 01:39:31 GMT
x-activity-id: 52567f75-2b74-4933-bc2e-23da3be8bd72
x-appversion: 1.0.8153.36695
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-29T04:23:10.0000000Z}
ms-operation-id: 959dfa5efaf72d4f80baa5831af3210f
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 30958
cache-control: public, max-age=28189322
expires: Sat, 17 Feb 2024 22:15:41 GMT
date: Tue, 28 Mar 2023 15:53:39 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV17886c4d.0
ms-cv-esi: CASMicrosoftCV17886c4d.0
x-rtag: RT
X-Firefox-Spdy: h2
js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js
13.107.238.53200 OK 0 B URL HTTP/2 js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js HTTP/1.1
Host: js.monitor.azure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: RlzwH95FOkmm6gksZWAC+w==
last-modified: Thu, 18 Aug 2022 21:40:45 GMT
etag: 0x8DA81624EF9033C
x-cache: TCP_HIT
x-ms-request-id: 88b32127-101e-002b-72a3-5d2caf000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.6
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0e7IhZAAAAADE/pe/NIVMSI19XgqJl4l2QU1TMDRFREdFMTgxOQBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
x-azure-ref: 0gg0jZAAAAAAmGPHrOAJgRZ44N0+56Q3NU1ZHMjBFREdFMDUwOQBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Tue, 28 Mar 2023 15:53:38 GMT
X-Firefox-Spdy: h2
support.microsoft.com/js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo
2.18.172.114200 OK 0 B URL HTTP/2 support.microsoft.com/js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo
IP 2.18.172.114:0
GET /js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95b63110b87a7"
last-modified: Mon, 20 Mar 2023 19:35:03 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMP9F9QRNTIA:00000002
x-operationid: 339e5f86b50090f398deab88aaa43966
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 847
cache-control: private, max-age=30858229
date: Tue, 28 Mar 2023 15:53:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/_Fm7-alert.mp3
143.198.232.196206 Partial Content 0 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/_Fm7-alert.mp3
IP 143.198.232.196:0
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/_Fm7-alert.mp3 HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
Cookie: _ga=GA1.1.879211314.1680018791; _gid=GA1.1.1844023829.1680018791; _gat_gtag_UA_86788540_2=1
HTTP/1.1 206 Partial Content
Date: Tue, 28 Mar 2023 15:53:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:46 GMT
ETag: "31080-5f7f7b999f282"
Accept-Ranges: bytes
Content-Length: 200832
Content-Range: bytes 0-200831/200832
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: audio/mpeg
mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1
13.107.237.53200 OK 0 B URL HTTP/2 mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, no-transform, max-age=43200
content-type: application/javascript
content-encoding: br
expires: Wed, 29 Mar 2023 01:50:10 GMT
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0HAojZAAAAAC/076l5Qf/QpiOQ+5rnxe8QU1TMDRFREdFMTgyMgBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0gg0jZAAAAAAZupD8DhoBQ4qRrxd5/OuyU1ZHMjBFREdFMDUxNABlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 28 Mar 2023 15:53:37 GMT
X-Firefox-Spdy: h2