{"report_id":"3f4be341-5501-4f36-8c2e-1ac80a0e18f7","version":6,"status":"done","tags":["phishing","microsoft","outlook"],"date":"2023-11-21T06:37:41Z","url":{"schema":"http","addr":"octopusmarine.in/new/auth/192.168.247.187/aGVsZW4ubWF0dGhld3NAdHJhaWxpZ2h0LmNvLnVr?referrer=singular_click_id=5c248db2-e9fd-4f0d-9e2e-3bd020d42f1b","fqdn":"octopusmarine.in","domain":"octopusmarine.in","tld":"in"},"ip":{"addr":"103.76.231.42","port":0,"asn":394695,"as":"PUBLIC-DOMAIN-REGISTRY","country":"India","country_code":"IN"},"final":{"url":{"schema":"https","addr":"pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html#helen.matthews@trailight.co.uk","fqdn":"pub-331069acac904c9490fbab889f44375d.r2.dev","domain":"pub-331069acac904c9490fbab889f44375d.r2.dev","tld":"r2.dev"},"title":"Sign in to your account"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T12:15:40Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"aadcdn.msftauth.net","ip":{"addr":"152.199.23.37","port":443,"asn":15133,"as":"EDGECAST","country":"United States","country_code":"US"},"domain_registered":"2018-10-25","domain_rank":1455,"first_seen":"2018-11-19 11:50:32","last_seen":"2023-11-19 18:14:17","alert_count":0,"request_count":2,"received_data":3561,"sent_data":1071,"comment":"","tags":null,"fingerprints":null},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":634,"first_seen":"2012-05-21 19:28:02","last_seen":"2023-11-19 18:17:44","alert_count":0,"request_count":1,"received_data":30657,"sent_data":439,"comment":"","tags":null,"fingerprints":null},{"fqdn":"aadcdn.msauth.net","ip":{"addr":"13.107.213.53","port":443,"asn":8068,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"domain_registered":"2018-10-25","domain_rank":1421,"first_seen":"2018-11-19 11:50:03","last_seen":"2023-11-19 18:13:31","alert_count":0,"request_count":2,"received_data":2783,"sent_data":1064,"comment":"","tags":null,"fingerprints":null},{"fqdn":"crina.sa.com","ip":{"addr":"185.250.243.86","port":443,"asn":211804,"as":"Sistemdc webhosting and server services","country":"Turkey","country_code":"TR"},"domain_registered":"2023-11-10","domain_rank":0,"first_seen":"2023-11-18 19:03:02","last_seen":"2023-11-21 01:05:48","alert_count":0,"request_count":1,"received_data":732,"sent_data":519,"comment":"","tags":null,"fingerprints":null},{"fqdn":"aadcdn.msauthimages.net","ip":{"addr":"152.199.23.72","port":443,"asn":15133,"as":"EDGECAST","country":"United States","country_code":"US"},"domain_registered":"2018-11-12","domain_rank":4795,"first_seen":"2019-08-14 20:34:06","last_seen":"2023-11-19 18:15:33","alert_count":0,"request_count":2,"received_data":49285,"sent_data":1114,"comment":"","tags":null,"fingerprints":null},{"fqdn":"octopusmarine.in","ip":{"addr":"103.76.231.42","port":0,"asn":394695,"as":"PUBLIC-DOMAIN-REGISTRY","country":"India","country_code":"IN"},"domain_registered":"2010-03-19","domain_rank":0,"first_seen":"2017-12-12 05:30:10","last_seen":"2023-10-07 13:56:34","alert_count":1,"request_count":1,"received_data":254,"sent_data":602,"comment":"","tags":null,"fingerprints":null},{"fqdn":"pub-331069acac904c9490fbab889f44375d.r2.dev","ip":{"addr":"104.18.3.35","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":3,"received_data":143384,"sent_data":1504,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.1.1.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e071abda8fe61194711cfc2ab99fe104","sha1":"f647a6d37dc4ca055ced3cf64bbc1f490070acba","sha256":"85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf","sha512":"53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65","ssdeep":"1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5","tlshash":"3183d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f058c5d57eb8a8e507bf2c","size":86709,"data":"","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-05-05T09:55:48.998759Z","times_seen":140623,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html#helen.matthews@trailight.co.uk","fqdn":"pub-331069acac904c9490fbab889f44375d.r2.dev","domain":"pub-331069acac904c9490fbab889f44375d.r2.dev","tld":"r2.dev"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"e9092a69fbc611d242896dc891b21c3d","sha1":"68a28920fc5b78b9bba8f35142e54b903e68fa6a","sha256":"36e1d42c2f5e5519de50315150b88a8c5d6cd17077219d5b69928f2f7dca9751","sha512":"d9f8924a54b223c91ed10b3296ffac90e9391378e3489d8e1b53f408d3bc1b9aed4ddcebd74b30619739e7ceef1d4ded053b3bffb6e1b9b65380b9b3dd620280","ssdeep":"","tlshash":"82511097f36c66573076507c982f25c92b2e68f379008f73fc7456a85aa0d1bb83ad24","size":2882,"data":"","first_seen":"2023-11-21T01:06:11Z","last_seen":"2024-08-20T18:33:58.067569Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html#helen.matthews@trailight.co.uk","fqdn":"pub-331069acac904c9490fbab889f44375d.r2.dev","domain":"pub-331069acac904c9490fbab889f44375d.r2.dev","tld":"r2.dev"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"398d45527ac0f5c79f262839f98ec3f1","sha1":"960b8b802581eead9fa02ff4483a85d2b7cf939a","sha256":"76da592798ee5b41a444eebf66d08d461bc826db30df367fd21c85862ca82db0","sha512":"4f0673fd82e75fde270a4f037f33e1a1ff5b8f10ff0aeef6ac273f88d134fd2f8c3faa353dcc2701fc7c9a748828ca45ab792e5f883a8601dc63ef5f7c1f70b0","ssdeep":"","tlshash":"42d0235775d1597445ff773e2347c2443d7140b174183e5124484e314c30d545766a41","size":217,"data":"","first_seen":"2023-03-07T01:18:27Z","last_seen":"2026-05-01T14:51:41.047231Z","times_seen":2681,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"octopusmarine.in/new/auth/192.168.247.187/aGVsZW4ubWF0dGhld3NAdHJhaWxpZ2h0LmNvLnVr?referrer=singular_click_id=5c248db2-e9fd-4f0d-9e2e-3bd020d42f1b","fqdn":"octopusmarine.in","domain":"octopusmarine.in","tld":"in"},"ip":{"addr":"103.76.231.42","port":0,"asn":394695,"as":"PUBLIC-DOMAIN-REGISTRY","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-11-21T06:37:26.174810311Z","timestamp":1700548646174,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /new/auth/192.168.247.187/aGVsZW4ubWF0dGhld3NAdHJhaWxpZ2h0LmNvLnVr?referrer=singular_click_id=5c248db2-e9fd-4f0d-9e2e-3bd020d42f1b HTTP/1.1\r\nHost: octopusmarine.in\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\nrefresh: 0;url=https://pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html#helen.matthews@trailight.co.uk\r\ncontent-length: 0\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Tue, 21 Nov 2023 06:37:24 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-05T10:09:53.76672Z","times_seen":14682636,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null}]}},{"url":{"schema":"https","addr":"pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html","fqdn":"pub-331069acac904c9490fbab889f44375d.r2.dev","domain":"pub-331069acac904c9490fbab889f44375d.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.3.35","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-11-21T06:37:26.547978344Z","timestamp":1700548646547,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET /tc.html HTTP/1.1\r\nHost: pub-331069acac904c9490fbab889f44375d.r2.dev\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 21 Nov 2023 06:37:24 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"3dfb1b2b8f6e697f284baeea7641e820\"\r\nLast-Modified: Mon, 20 Nov 2023 21:42:34 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8296ec843f84568b-OSL\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":21786,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document, ASCII text, with very long lines (65131), with CRLF line terminators","md5":"3dfb1b2b8f6e697f284baeea7641e820","sha1":"9dda8384821e551c0e5c45cf5f2364371947ebe8","sha256":"aeb405952ec5cf072cf96a35ae419e99c36178dae17070a284b234ee0e31a010","sha512":"462a4df67dc808b6acb75eb5a32f639579d194ebb1f470380c4818c3a2630be40447c030dd102544aea58155a0891ed9e38a1a157d5a757e42a8f47581244c61","ssdeep":"1536:DxoBMCgKy+U5KazA/PWrF7qvEAFiQcpm2CkMgpC4903S67UxUkbjqM:loBgp4490l6","tlshash":"87b3d8906914392a9027c73671d1bd8b62251433e737aeb7f6752cb8cf896870f32a49","first_seen":"2023-11-21T01:06:11Z","last_seen":"2024-08-20T18:33:58.062202Z","times_seen":25,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null}]}},{"url":{"schema":"https","addr":"aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg","fqdn":"aadcdn.msftauth.net","domain":"msftauth.net","tld":"net"},"ip":{"addr":"152.199.23.37","port":443,"asn":15133,"as":"EDGECAST","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html#helen.matthews@trailight.co.uk","date":"2023-11-21T06:37:26.680Z","timestamp":1700548646680,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aadcdn.msftauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"DigiCert SHA2 Secure Server CA","organization":"DigiCert Inc"},"validity":{"start":"Tue, 31 Jan 2023 00:00:00 GMT","end":"Wed, 31 Jan 2024 23:59:59 GMT"},"fingerprint":{"sha1":"99:06:D8:1E:EC:BF:DB:78:DF:F4:89:A3:ED:23:07:3D:79:F1:16:D6","sha256":"F7:B6:66:B3:86:91:AD:10:60:9A:D7:48:01:B8:27:C3:F4:47:7A:7C:B7:FF:C5:3F:77:26:B0:B3:08:24:D9:EE"}}},"request":{"raw":"GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1\r\nHost: aadcdn.msftauth.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-331069acac904c9490fbab889f44375d.r2.dev/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding\r\nage: 26820782\r\ncache-control: public, max-age=31536000\r\ncontent-md5: nzaLxFgP7ZB3dfMcaybWzw==\r\ncontent-type: image/svg+xml\r\ndate: Tue, 21 Nov 2023 06:37:24 GMT\r\netag: 0x8D79A1B9F5E121A\r\nlast-modified: Thu, 16 Jan 2020 00:32:52 GMT\r\nserver: ECAcc (ska/F7B5)\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-ms-blob-type: BlockBlob\r\nx-ms-lease-status: unlocked\r\nx-ms-request-id: fc3f3f64-801e-006c-6456-2890f5000000\r\nx-ms-version: 2009-09-19\r\ncontent-length: 1435\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1435,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\\012- HTML document, ASCII text, with very long lines (3651), with no line terminators","md5":"ee5c8d9fb6248c938fd0dc19370e90bd","sha1":"d01a22720918b781338b5bbf9202b241a5f99ee4","sha256":"04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a","sha512":"c77215b729d0e60c97f075998e88775cd0f813b4d094dc2fdd13e5711d16f4e5993d4521d0fbd5bf7150b0dbe253d88b1b1ff60901f053113c5d7c1919852d58","ssdeep":"","tlshash":"6371117b132887dae9d4a78c2e997b8d377095c4b1b24290874328a5bc086f7f038d60","first_seen":"2023-04-06T08:44:24Z","last_seen":"2026-05-05T09:52:09.051031Z","times_seen":125069,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":48,"dns":2,"connect":9,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.1.1.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html#helen.matthews@trailight.co.uk","date":"2023-11-21T06:37:26.673Z","timestamp":1700548646673,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 11 Jul 2023 00:00:00 GMT","end":"Sun, 14 Jul 2024 23:59:59 GMT"},"fingerprint":{"sha1":"D2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D","sha256":"B1:CA:3A:23:BA:70:1D:18:3F:EC:99:D7:BE:6D:B2:FD:66:5F:5C:A7:7D:7F:C1:FC:16:D1:FD:89:4B:CC:15:34"}}},"request":{"raw":"GET /jquery-3.1.1.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-331069acac904c9490fbab889f44375d.r2.dev/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-152b5\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Tue, 21 Nov 2023 06:37:24 GMT\r\nage: 5748043\r\nx-served-by: cache-lga21947-LGA, cache-bma1621-BMA\r\nx-cache: HIT, HIT\r\nx-cache-hits: 119, 82770\r\nx-timer: S1700548645.833008,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30070\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":30070,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (32030)","md5":"e071abda8fe61194711cfc2ab99fe104","sha1":"f647a6d37dc4ca055ced3cf64bbc1f490070acba","sha256":"85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf","sha512":"53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65","ssdeep":"1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5","tlshash":"3183d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f058c5d57eb8a8e507bf2c","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-05-05T09:55:48.998759Z","times_seen":140623,"resource_available":true,"data":null}},"time_used":124,"timings":{"blocked":55,"dns":3,"connect":8,"send":0,"wait":11,"receive":2,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg","fqdn":"aadcdn.msauth.net","domain":"msauth.net","tld":"net"},"ip":{"addr":"13.107.213.53","port":443,"asn":8068,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html#helen.matthews@trailight.co.uk","date":"2023-11-21T06:37:26.683Z","timestamp":1700548646683,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"aadcdn.msauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"DigiCert SHA2 Secure Server CA","organization":"DigiCert Inc"},"validity":{"start":"Sun, 29 Oct 2023 00:00:00 GMT","end":"Tue, 29 Oct 2024 23:59:59 GMT"},"fingerprint":{"sha1":"88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C","sha256":"09:32:99:C8:74:C7:C3:CF:73:1C:DD:DA:92:7C:22:1B:DD:53:9C:51:21:D5:10:61:C4:4D:CC:52:56:13:C6:DC"}}},"request":{"raw":"GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1\r\nHost: aadcdn.msauth.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-331069acac904c9490fbab889f44375d.r2.dev/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000\r\ncontent-length: 276\r\ncontent-type: image/svg+xml\r\ncontent-encoding: gzip\r\ncontent-md5: TjUQkZ0p0Y7rbj6LJofS9Q==\r\nlast-modified: Fri, 17 Jan 2020 19:28:34 GMT\r\netag: 0x8D79B8371B97A82\r\nx-cache: TCP_HIT\r\nx-ms-request-id: 4d8ee911-101e-0036-6042-0fec6e000000\r\nx-ms-version: 2009-09-19\r\nx-ms-lease-status: unlocked\r\nx-ms-blob-type: BlockBlob\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding\r\naccess-control-allow-origin: *\r\nx-azure-ref-originshield: 0SpZJZQAAAAAmBLZXYFfTSIPxFEjCT7FDQU1TMDRFREdFMTkxNQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=\r\nx-azure-ref: 0JFBcZQAAAAD0dHFq/AyoT70KXa7Ofx95U1ZHMjBFREdFMDUwOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=\r\ndate: Tue, 21 Nov 2023 06:37:24 GMT\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":276,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\\012- HTML document, ASCII text, with very long lines (513), with no line terminators","md5":"a9cc2824ef3517b6c4160dcf8ff7d410","sha1":"8db9aebad84ca6e4225bfdd2458ff3821cc4f064","sha256":"34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58","sha512":"aa3ddab0a1cff9533f9a668aba4fb5e3d75ed9f8aff8a1caa4c29f9126d85ff4529e82712c0119d2e81035d1ce1cc491ff9473384d211317d4d00e0e234ad97f","ssdeep":"","tlshash":"29f0598a41c8fb142ce08050dff8ea28540270c3fb4e5008b1922b18e2ef383f6406f5","first_seen":"2023-04-19T20:10:52Z","last_seen":"2026-05-05T08:45:07.706766Z","times_seen":30351,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":49,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg","fqdn":"aadcdn.msauth.net","domain":"msauth.net","tld":"net"},"ip":{"addr":"13.107.213.53","port":443,"asn":8068,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html#helen.matthews@trailight.co.uk","date":"2023-11-21T06:37:26.685Z","timestamp":1700548646685,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"aadcdn.msauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"DigiCert SHA2 Secure Server CA","organization":"DigiCert Inc"},"validity":{"start":"Sun, 29 Oct 2023 00:00:00 GMT","end":"Tue, 29 Oct 2024 23:59:59 GMT"},"fingerprint":{"sha1":"88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C","sha256":"09:32:99:C8:74:C7:C3:CF:73:1C:DD:DA:92:7C:22:1B:DD:53:9C:51:21:D5:10:61:C4:4D:CC:52:56:13:C6:DC"}}},"request":{"raw":"GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1\r\nHost: aadcdn.msauth.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-331069acac904c9490fbab889f44375d.r2.dev/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000\r\ncontent-length: 621\r\ncontent-type: image/svg+xml\r\ncontent-encoding: gzip\r\ncontent-md5: R2FAVxfpONfnQAuxVxXbHg==\r\nlast-modified: Tue, 10 Nov 2020 03:41:24 GMT\r\netag: 0x8D8852A7FA6B761\r\nx-cache: TCP_HIT\r\nx-ms-request-id: e81352b3-401e-0017-38fb-1b565f000000\r\nx-ms-version: 2009-09-19\r\nx-ms-lease-status: unlocked\r\nx-ms-blob-type: BlockBlob\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding\r\naccess-control-allow-origin: *\r\nx-azure-ref-originshield: 0CUxcZQAAAADvdCtwm8bLTonFJEywFxrVQU1TMDRFREdFMTgxNQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=\r\nx-azure-ref: 0JFBcZQAAAACjby9nWkDeQLihUIi3YEFbU1ZHMjBFREdFMDUwOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=\r\ndate: Tue, 21 Nov 2023 06:37:24 GMT\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":621,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\\012- HTML document, ASCII text, with very long lines (1592), with no line terminators","md5":"4e48046ce74f4b89d45037c90576bfac","sha1":"4a41b3b51ed787f7b33294202da72220c7cd2c32","sha256":"8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93","sha512":"b2bba2a68edaa1a08cfa31ed058afb5e6a3150aabb9a78db9f5ccc2364186d44a015986a57707b57e2cc855fa7da57861ad19fc4e7006c2c239c98063fe903cf","ssdeep":"","tlshash":"b931787f43b45ae7239017741760626c13f4ee917169d0b4dba30c9a8d4bd33327843a","first_seen":"2023-04-14T20:16:11Z","last_seen":"2026-05-05T09:30:50.508036Z","times_seen":77703,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":46,"dns":2,"connect":9,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg","fqdn":"aadcdn.msftauth.net","domain":"msftauth.net","tld":"net"},"ip":{"addr":"152.199.23.37","port":443,"asn":15133,"as":"EDGECAST","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html#helen.matthews@trailight.co.uk","date":"2023-11-21T06:37:26.871Z","timestamp":1700548646871,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aadcdn.msftauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"DigiCert SHA2 Secure Server CA","organization":"DigiCert Inc"},"validity":{"start":"Tue, 31 Jan 2023 00:00:00 GMT","end":"Wed, 31 Jan 2024 23:59:59 GMT"},"fingerprint":{"sha1":"99:06:D8:1E:EC:BF:DB:78:DF:F4:89:A3:ED:23:07:3D:79:F1:16:D6","sha256":"F7:B6:66:B3:86:91:AD:10:60:9A:D7:48:01:B8:27:C3:F4:47:7A:7C:B7:FF:C5:3F:77:26:B0:B3:08:24:D9:EE"}}},"request":{"raw":"GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1\r\nHost: aadcdn.msftauth.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-331069acac904c9490fbab889f44375d.r2.dev/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding\r\nage: 13772603\r\ncache-control: public, max-age=31536000\r\ncontent-md5: DhdidjYrlCeaRJJRG/y9mA==\r\ncontent-type: image/svg+xml\r\ndate: Tue, 21 Nov 2023 06:37:24 GMT\r\netag: 0x8D7B007297AE131\r\nlast-modified: Wed, 12 Feb 2020 22:01:50 GMT\r\nserver: ECAcc (ska/F732)\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-ms-blob-type: BlockBlob\r\nx-ms-lease-status: unlocked\r\nx-ms-request-id: 68d21ab8-f01e-0076-6702-9f059f000000\r\nx-ms-version: 2009-09-19\r\ncontent-length: 673\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":673,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\\012- , ASCII text, with very long lines (1864), with no line terminators","md5":"bc3d32a696895f78c19df6c717586a5d","sha1":"9191cb156a30a3ed79c44c0a16c95159e8ff689d","sha256":"0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68","sha512":"8d4f38907f3423a86d90575772b292680f7970527d2090fc005f9b096cc81d3f279d59ad76eafca30c3d4bbaf2276bbaa753e2a46a149424cf6f1c319ded5a64","ssdeep":"","tlshash":"4e310059c51d3566ec04c3aceae1d468315e71efa8a581c961849b3f95b0dce0eccb70","first_seen":"2023-04-12T23:20:27Z","last_seen":"2026-05-05T08:45:07.710901Z","times_seen":102733,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-331069acac904c9490fbab889f44375d.r2.dev/favicon.ico","fqdn":"pub-331069acac904c9490fbab889f44375d.r2.dev","domain":"pub-331069acac904c9490fbab889f44375d.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.3.35","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html#helen.matthews@trailight.co.uk","date":"2023-11-21T06:37:26.887Z","timestamp":1700548646887,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Oct 2023 17:13:53 GMT","end":"Tue, 09 Jan 2024 17:13:52 GMT"},"fingerprint":{"sha1":"91:F0:8B:D3:AA:FC:86:18:F9:F2:29:EB:98:8C:D8:5A:3A:76:5C:CF","sha256":"F3:D6:02:91:4C:11:83:7C:7C:FD:D0:A3:86:08:75:A0:37:A4:08:AF:67:24:48:AE:14:4D:D0:BA:8D:6A:19:A9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: pub-331069acac904c9490fbab889f44375d.r2.dev\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 21 Nov 2023 06:37:25 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8296ec872a2c568b-OSL\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":6481,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (611)","md5":"df3d48946e8d3f5a83608308edbb4b86","sha1":"47b9c40c97abf2658df96b1c06109324e15e1a00","sha256":"570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499","sha512":"36ec1cec72dc3245730c813277c645525473cc5232e85cd23503b8593d90264f335e61a16d364a1e6c41922820b40ba7c0f46b19f4b91db6a0cf5e31e778ddea","ssdeep":"384:6FamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:663Mp5If8WOmgW3","tlshash":"6bc292dc7bf968e4a5de43aaef2831a8320ba0fb17425904f51d12142f0655cec6f6ed","first_seen":"2023-04-05T17:41:51Z","last_seen":"2025-09-17T15:21:34.980882Z","times_seen":52648,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":70,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"crina.sa.com/man/prv.php?id=helen.matthews@trailight.co.uk","fqdn":"crina.sa.com","domain":"trailight.co.uk","tld":"sa.com"},"ip":{"addr":"185.250.243.86","port":443,"asn":211804,"as":"Sistemdc webhosting and server services","country":"Turkey","country_code":"TR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html#helen.matthews@trailight.co.uk","date":"2023-11-21T06:37:26.898Z","timestamp":1700548646898,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"crina.sa.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Nov 2023 17:47:48 GMT","end":"Fri, 16 Feb 2024 17:47:47 GMT"},"fingerprint":{"sha1":"7A:55:9D:1E:A6:07:FD:56:DB:B8:8E:9E:DB:57:16:9E:7B:67:4E:8D","sha256":"D3:22:96:B0:5D:AB:2E:8F:70:70:70:D9:0F:CB:3C:D4:18:4C:19:38:2D:14:37:30:E3:63:D1:8F:56:57:DE:CC"}}},"request":{"raw":"GET /man/prv.php?id=helen.matthews@trailight.co.uk HTTP/1.1\r\nHost: crina.sa.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pub-331069acac904c9490fbab889f44375d.r2.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-331069acac904c9490fbab889f44375d.r2.dev/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 21 Nov 2023 06:37:25 GMT\r\nServer: Apache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: x-test-header, Origin, X-Requested-With, Content-Type, Accept\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":350,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON data\\012- , ASCII text, with very long lines (350), with no line terminators","md5":"4db4d02eeea5e242e41432783061ed2d","sha1":"630207d236b2bfeb004f6750e606ff2762ec868e","sha256":"a200e446f2fdf6b246d2087ad8537315f45901484b94fe7ff2fbc66aa3e36caa","sha512":"7e5aebea90a70faef57392a45c91bf804ae786796a598dc493145deddf81c82aa26c4b885949e1ad46c32077ffebac263c2a0146a31fda9e397e880a1d2b5ab3","ssdeep":"","tlshash":"c9e0d899c246a44165a592cc35cb3136885f32a32896dfee27a94b10a06c158a8faa8d","first_seen":"2023-05-10T08:56:29Z","last_seen":"2023-11-21T07:37:47Z","times_seen":5,"resource_available":false,"data":null}},"time_used":740,"timings":{"blocked":154,"dns":2,"connect":71,"send":0,"wait":431,"receive":2,"ssl":78},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aadcdn.msauthimages.net/c1c6b6c8-3gsnnb9dvgu7n0pltbnkos0qpi8pdwccfzl5j3qqmoq/logintenantbranding/0/illustration?ts=636191284441743124","fqdn":"aadcdn.msauthimages.net","domain":"msauthimages.net","tld":"net"},"ip":{"addr":"152.199.23.72","port":443,"asn":15133,"as":"EDGECAST","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html#helen.matthews@trailight.co.uk","date":"2023-11-21T06:37:27.533Z","timestamp":1700548647533,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aadcdn.msauthimages.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft Azure TLS Issuing CA 02","organization":"Microsoft Corporation"},"validity":{"start":"Wed, 08 Mar 2023 11:16:34 GMT","end":"Sat, 02 Mar 2024 11:16:34 GMT"},"fingerprint":{"sha1":"6B:EB:AC:06:FC:06:82:11:17:1C:6B:72:7D:B5:95:2D:CF:E7:A3:5D","sha256":"E5:FB:43:84:42:E5:D9:D8:29:91:B4:27:99:47:7F:D1:AD:4E:11:B8:F5:ED:1C:AB:BC:FB:75:9F:B0:41:53:98"}}},"request":{"raw":"GET /c1c6b6c8-3gsnnb9dvgu7n0pltbnkos0qpi8pdwccfzl5j3qqmoq/logintenantbranding/0/illustration?ts=636191284441743124 HTTP/1.1\r\nHost: aadcdn.msauthimages.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-331069acac904c9490fbab889f44375d.r2.dev/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding\r\nage: 13\r\ncache-control: public, max-age=86400\r\ncontent-md5: C2qWa4ubTvpNZel2rNQJlg==\r\ncontent-type: image/*\r\ndate: Tue, 21 Nov 2023 06:37:25 GMT\r\netag: 0x8D4349A3E94ECFE\r\nlast-modified: Wed, 04 Jan 2017 12:07:24 GMT\r\nserver: ECAcc (ska/F739)\r\nx-cache: HIT\r\nx-ms-blob-type: BlockBlob\r\nx-ms-lease-status: unlocked\r\nx-ms-request-id: dd2f7605-f01e-001a-5a45-1c035d000000\r\nx-ms-version: 2009-09-19\r\ncontent-length: 42564\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":42564,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1420 x 1200, 8-bit/color RGB, non-interlaced\\012- data","md5":"0b6a966b8b9b4efa4d65e976acd40996","sha1":"8f43d5d4f59a110a43cdca25cf5133b6b07fb88f","sha256":"86f537306eab8a16153ec56324cb790c64ad2e4d4806cb95cd1ed879bc745d58","sha512":"80df8deb6bcc5e19a9f6e7cacbb2f0a4544a64f975189e228ef76b02ecb21d32afbb8a72602cadf7e6fe1f267653801089c18aaa556581407753faadd816c88f","ssdeep":"","tlshash":"","first_seen":"2023-05-10T08:56:29Z","last_seen":"2024-08-21T05:31:44.684377Z","times_seen":8,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":34,"dns":1,"connect":8,"send":0,"wait":18,"receive":8,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aadcdn.msauthimages.net/c1c6b6c8-3gsnnb9dvgu7n0pltbnkos0qpi8pdwccfzl5j3qqmoq/logintenantbranding/0/bannerlogo?ts=636191284461398518","fqdn":"aadcdn.msauthimages.net","domain":"msauthimages.net","tld":"net"},"ip":{"addr":"152.199.23.72","port":443,"asn":15133,"as":"EDGECAST","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html#helen.matthews@trailight.co.uk","date":"2023-11-21T06:37:27.530Z","timestamp":1700548647530,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aadcdn.msauthimages.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft Azure TLS Issuing CA 02","organization":"Microsoft Corporation"},"validity":{"start":"Wed, 08 Mar 2023 11:16:34 GMT","end":"Sat, 02 Mar 2024 11:16:34 GMT"},"fingerprint":{"sha1":"6B:EB:AC:06:FC:06:82:11:17:1C:6B:72:7D:B5:95:2D:CF:E7:A3:5D","sha256":"E5:FB:43:84:42:E5:D9:D8:29:91:B4:27:99:47:7F:D1:AD:4E:11:B8:F5:ED:1C:AB:BC:FB:75:9F:B0:41:53:98"}}},"request":{"raw":"GET /c1c6b6c8-3gsnnb9dvgu7n0pltbnkos0qpi8pdwccfzl5j3qqmoq/logintenantbranding/0/bannerlogo?ts=636191284461398518 HTTP/1.1\r\nHost: aadcdn.msauthimages.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-331069acac904c9490fbab889f44375d.r2.dev/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding\r\nage: 13\r\ncache-control: public, max-age=86400\r\ncontent-md5: SA8nyz/FD03AwehLIOzYeA==\r\ncontent-type: image/*\r\ndate: Tue, 21 Nov 2023 06:37:25 GMT\r\netag: 0x8D4349A3FF8A0E9\r\nlast-modified: Wed, 04 Jan 2017 12:07:26 GMT\r\nserver: ECAcc (ska/F738)\r\nx-cache: HIT\r\nx-ms-blob-type: BlockBlob\r\nx-ms-lease-status: unlocked\r\nx-ms-request-id: ca0c153b-801e-0037-6945-1c809d000000\r\nx-ms-version: 2009-09-19\r\ncontent-length: 5498\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5498,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 280 x 60, 8-bit/color RGB, non-interlaced\\012- data","md5":"480f27cb3fc50f4dc0c1e84b20ecd878","sha1":"9d9cdc77645ebfe89aaf0d449a1f667501413bd3","sha256":"c9821a0f6753cd02f9a91000fa944f64f6d6c47514beaf03d4f8da157cd21074","sha512":"823c5d175593f715c23a147e964afc57fe6c8e748a02817cc9b15a9fa5372a3e6f5e7e05801268890c9cc8dabdc562d1b1a3295a28e0265d18334a9a7b272fdf","ssdeep":"","tlshash":"","first_seen":"2023-05-10T08:56:29Z","last_seen":"2024-08-21T05:31:44.683768Z","times_seen":8,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":38,"dns":1,"connect":7,"send":0,"wait":25,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-331069acac904c9490fbab889f44375d.r2.dev/tc.html","fqdn":"pub-331069acac904c9490fbab889f44375d.r2.dev","domain":"pub-331069acac904c9490fbab889f44375d.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.3.35","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-21T06:37:26.395Z","timestamp":1700548646395,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Oct 2023 17:13:53 GMT","end":"Tue, 09 Jan 2024 17:13:52 GMT"},"fingerprint":{"sha1":"91:F0:8B:D3:AA:FC:86:18:F9:F2:29:EB:98:8C:D8:5A:3A:76:5C:CF","sha256":"F3:D6:02:91:4C:11:83:7C:7C:FD:D0:A3:86:08:75:A0:37:A4:08:AF:67:24:48:AE:14:4D:D0:BA:8D:6A:19:A9"}}},"request":{"raw":"GET /tc.html HTTP/1.1\r\nHost: pub-331069acac904c9490fbab889f44375d.r2.dev\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 21 Nov 2023 06:37:24 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"3dfb1b2b8f6e697f284baeea7641e820\"\r\nLast-Modified: Mon, 20 Nov 2023 21:42:34 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8296ec843f84568b-OSL\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":114244,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document, ASCII text, with very long lines (65131), with CRLF line terminators","md5":"3dfb1b2b8f6e697f284baeea7641e820","sha1":"9dda8384821e551c0e5c45cf5f2364371947ebe8","sha256":"aeb405952ec5cf072cf96a35ae419e99c36178dae17070a284b234ee0e31a010","sha512":"462a4df67dc808b6acb75eb5a32f639579d194ebb1f470380c4818c3a2630be40447c030dd102544aea58155a0891ed9e38a1a157d5a757e42a8f47581244c61","ssdeep":"1536:DxoBMCgKy+U5KazA/PWrF7qvEAFiQcpm2CkMgpC4903S67UxUkbjqM:loBgp4490l6","tlshash":"87b3d8906914392a9027c73671d1bd8b62251433e737aeb7f6752cb8cf896870f32a49","first_seen":"2023-11-21T01:06:11Z","last_seen":"2024-08-20T18:33:58.062202Z","times_seen":25,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":24,"dns":4,"connect":1,"send":0,"wait":111,"receive":2,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null}]}}]}