POST csp.microsoft.com/report/ESTS-UX-All
200 OK 2 B URL POST csp.microsoft.com/report/ESTS-UX-All
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
Certificate IssuerDigiCert, Inc.
Subjectcsp.microsoft.com
Fingerprint96:0D:12:76:CF:F6:7A:E4:FE:C4:A3:34:C5:CF:AF:DE:55:EC:D1:99
ValidityWed, 01 Jan 2025 00:00:00 GMT - Tue, 01 Jul 2025 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /report/ESTS-UX-All HTTP/1.1
Host: csp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 1761
Origin: https://empires-airblast.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 31 Mar 2025 18:37:07 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
request-context: appId=cid-v1:5c791ad2-9c50-4271-a8a5-5c74d929f3ed
x-azure-ref: 20250331T183707Z-r1cf866b995vqbf8hC1SVG3eeg00000009a0000000001tc0
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2
GET a67a811c.6f94801be7c58a40c577135d.workers.dev/favicon.ico
200 OK 6.8 kB URL GET a67a811c.6f94801be7c58a40c577135d.workers.dev/favicon.ico
IP
Requested by https://a67a811c.6f94801be7c58a40c577135d.workers.dev/?qrc=accounting@slurpmail.net
Certificate IssuerGoogle Trust Services
Subject6f94801be7c58a40c577135d.workers.dev
Fingerprint31:F4:F9:02:C1:C8:93:EF:79:A2:DE:DA:CE:68:98:E2:B3:62:21:9B
ValidityFri, 07 Mar 2025 12:51:15 GMT - Thu, 05 Jun 2025 13:40:45 GMT
File type HTML document, ASCII text, with very long lines (7132), with no line terminators
Hash bac3a9b6c71b80f4821bf5e53ab32509
8262f45def9113760718a15224ce54578044850c
d3a90061d63af61a421e3b47776cefc4a374b4e81bc41cb9376191593d4a9990
GET /favicon.ico HTTP/1.1
Host: a67a811c.6f94801be7c58a40c577135d.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a67a811c.6f94801be7c58a40c577135d.workers.dev/?qrc=accounting@slurpmail.net
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 31 Mar 2025 18:36:51 GMT
content-type: text/html
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jzdyNl1j46lfUz%2Bi20a7KBFzfXjlBEaDrppArcYsFT4uF2wryArWPyUilIeTXVScgMWVREuEitwfjsQhUO2MUbCS5G%2FfU%2B1pUf3KdsQD9qBnZxB293aakYgo61u9qLziHuC9QZYh3ms3kbnAjWD%2BA45HBI4CwweH5YqnVM%2B%2BInQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9291f4668e3656ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3948&min_rtt=3917&rtt_var=1530&sent=12&recv=8&lost=0&retrans=0&sent_bytes=4168&recv_bytes=1267&delivery_rate=142165&cwnd=12000&unsent_bytes=0&cid=829c97744f3ed346&ts=418&x=1", cfExtPri, cfHdrFlush;dur=0
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
200 OK 28 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
IP
Requested by https://a67a811c.6f94801be7c58a40c577135d.workers.dev/?qrc=accounting@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
File type HTML document, ASCII text, with very long lines (22104)
Hash bdc553bec834ff1b93b7f4599addefb0
4e1d8c7735b635afc8e3e932f9206096b316fd3e
a89dd91d08ede59fda12650ccbae59c6e98df321cd731a575e3035004fad1fae
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a67a811c.6f94801be7c58a40c577135d.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 31 Mar 2025 18:36:51 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: default-src 'none'; script-src 'nonce-LBIWZxiJLHJNntJQ' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self'; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; sandbox allow-same-origin allow-scripts allow-popups allow-forms
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
document-policy: js-profiling
priority: u=4,i=?0
server: cloudflare
cf-ray: 9291f466bc90b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1288935762:1743442337:GnewMnrgHm1I_90hjYy1nZpau-dHrOE-D-YkxaR50G0/9291f466bc90b51b/OtvOhOi2YF2SizKUn1CMr.D_mRn9_6Gh76PJrGt67js-1743446211-1.1.1.1-Pvndtl3o03_3WhFqptcAuG51rFV6csjiNj3qy3HEe6zhVn_FgwOL7OPpu0DLm04G
200 OK 4.9 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1288935762:1743442337:GnewMnrgHm1I_90hjYy1nZpau-dHrOE-D-YkxaR50G0/9291f466bc90b51b/OtvOhOi2YF2SizKUn1CMr.D_mRn9_6Gh76PJrGt67js-1743446211-1.1.1.1-Pvndtl3o03_3WhFqptcAuG51rFV6csjiNj3qy3HEe6zhVn_FgwOL7OPpu0DLm04G
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
File type ASCII text, with very long lines (4856), with no line terminators
Hash ba93607d4f5752ebbdc668519ba2865e
25a842db15afc1a8dd5d59b020b09264e944b64e
a7228cd5a74a60762c424a17e86ed5c94b045f7eb39098428062512a6363444d
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1288935762:1743442337:GnewMnrgHm1I_90hjYy1nZpau-dHrOE-D-YkxaR50G0/9291f466bc90b51b/OtvOhOi2YF2SizKUn1CMr.D_mRn9_6Gh76PJrGt67js-1743446211-1.1.1.1-Pvndtl3o03_3WhFqptcAuG51rFV6csjiNj3qy3HEe6zhVn_FgwOL7OPpu0DLm04G HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
cf-chl: OtvOhOi2YF2SizKUn1CMr.D_mRn9_6Gh76PJrGt67js-1743446211-1.1.1.1-Pvndtl3o03_3WhFqptcAuG51rFV6csjiNj3qy3HEe6zhVn_FgwOL7OPpu0DLm04G
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 45153
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 31 Mar 2025 18:37:02 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: ftUJWAal6J+XZJJT3HAOg25q8SZqmzjS1IsouitKdMdv8hPEJqELtTn5HqNKjlHCqDUxrE3r6DRM55qCdPVoDxJ1UcBx323yuDj9vaGhrFSdlqBz0bl3BP8l/6KCCerlakDwN0tLpwBeJyspsXkqmuvnUFi/JJB2ZHk1YID7Rgi1bv+iIL0sNWaO4SLAzDSWUKH9Us4f9NwF9KeG+JAKrLepXS6LbSVttCAtOpI6VhUYHyKH5fY15TalLgEVN9XNqfwkdsRCJhVSaPS/DhiTAlF5exHYkm4RdXE/ZkMRNQOepq/cMquxsMIefSAFsnLh8LWpNBo9mAdDRTuAN+RfeRzMMVdvCxT1pshCYO/+DsC+stnt9zL2mC0Ee/imD93eMG+EA5E0JYjyufm7wMKI5LtWBMAVOgD6WP8XsF6OsEErdDHGSCVsKldUlpBqr27DFW0JrnZg+Dva8w6BSxBrEEg1u+V1NrLfmMJwvkKRU4sv9O5SIiJl0LIMhkZy5GbSuWm84oVr3lmtednEPllBNxbmFJlP7zzly0yB7xn0jB/0L0Gl+5CgnQ0u1DbJFobSToD49+xWRQDvj37j9G6Zt0aVhafYgNHJnCiIwep/ibcrdGphk/zuDNtp2770IWrPzx7K31WusJGj3GtffYyBTI77xIGvdp6c1qBdk8uArY5sUOLHCx7+SFPUoEWEwHR3L43Bl5a09BJWgYcn2jUs534DLA2fRR/o3f8AMrWWt5GudASiMGrghw2XcrZg2q4vbpIrVCWG0xqfApjUMlriKEKjqHiYWHzHy3Ugrs9POWLIDZK2TEV+8hISdKbzVatn653ChdcovmO9P+ct+aXJ3r5SaFqqIG0+lpGoAEl4KVBiLD/NASAGEoGOInpBQcewA65r8UhxJ8tpxbG/pDv4wB+2VhMhgJfMaJtFoRNv0O1VufDScdx3wPnHVR/wf2y2fx4nwxZX2LLhk+L5nT3kD0+yxiAtPtVbfTaU9kwOFP2HcscXR9qzAp7eOa5aWmWiY2FIjKUa744KtvO+Qr26pOavo6ocJXDg0f5mrrucy4EqqzMZqHkbMkJJyv9EIKYredgv27f8cy/4KbBIGx4gESr06TGHKmnw4e13pWwI7vs=$Od+FQ+GX8hzR1/pKjwkl9w==
cf-chl-out: eyxgnUH+gyxPzO3rSAHUKMeK/1J9HICt/Wnqx8rRsNIR/H/MGqcGYZ6Lf8IDrISuLBcca67aXLqOubX/u0Y2eg==$GskN5LLw2EyZfROuzlhcZA==
priority: u=3,i=?0
server: cloudflare
cf-ray: 9291f4aaeb2db51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET empires-airblast.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2VtcGlyZXMtYWlyYmxhc3QuY29tLyIsImRvbWFpbiI6ImVtcGlyZXMtYWlyYmxhc3QuY29tIiwia2V5IjoiVW55QlZqYjJONEtTIiwicXJjIjoiYWNjb3VudGluZ0BzbHVycG1haWwubmV0IiwiaWF0IjoxNzQzNDQ2MjIzLCJleHAiOjE3NDM0NDYzNDN9.1jrmfBfTQ55l_DD3t0TK6iWsWZA04A150jRo0F52RlQ
302 Found 42 kB URL User Request GET empires-airblast.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2VtcGlyZXMtYWlyYmxhc3QuY29tLyIsImRvbWFpbiI6ImVtcGlyZXMtYWlyYmxhc3QuY29tIiwia2V5IjoiVW55QlZqYjJONEtTIiwicXJjIjoiYWNjb3VudGluZ0BzbHVycG1haWwubmV0IiwiaWF0IjoxNzQzNDQ2MjIzLCJleHAiOjE3NDM0NDYzNDN9.1jrmfBfTQ55l_DD3t0TK6iWsWZA04A150jRo0F52RlQ
IP
ASN #215540 Global Connectivity Solutions Llp
Certificate IssuerLet's Encrypt
Subjectempires-airblast.com
Fingerprint8E:2D:CD:53:CB:07:39:4C:E7:08:D9:18:B1:2C:D0:59:75:4F:00:DF
ValidityFri, 21 Mar 2025 11:30:55 GMT - Thu, 19 Jun 2025 11:30:54 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
urlquery phishing Phishing - NakedPages Phishing Kit
GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2VtcGlyZXMtYWlyYmxhc3QuY29tLyIsImRvbWFpbiI6ImVtcGlyZXMtYWlyYmxhc3QuY29tIiwia2V5IjoiVW55QlZqYjJONEtTIiwicXJjIjoiYWNjb3VudGluZ0BzbHVycG1haWwubmV0IiwiaWF0IjoxNzQzNDQ2MjIzLCJleHAiOjE3NDM0NDYzNDN9.1jrmfBfTQ55l_DD3t0TK6iWsWZA04A150jRo0F52RlQ HTTP/1.1
Host: empires-airblast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a67a811c.6f94801be7c58a40c577135d.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Set-Cookie: qPdM=UnyBVjb2N4KS; path=/; samesite=none; secure; httponly
qPdM.sig=K8obD9FQlMZvC9xxQFRlAFuU5_g; path=/; samesite=none; secure; httponly
location: /?qrc=accounting%40slurpmail.net
Date: Mon, 31 Mar 2025 18:37:03 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
GET empires-airblast.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
200 OK 113 kB URL GET empires-airblast.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
IP
ASN #215540 Global Connectivity Solutions Llp
Requested by https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
Certificate IssuerLet's Encrypt
Subjectempires-airblast.com
Fingerprint8E:2D:CD:53:CB:07:39:4C:E7:08:D9:18:B1:2C:D0:59:75:4F:00:DF
ValidityFri, 21 Mar 2025 11:30:55 GMT - Thu, 19 Jun 2025 11:30:54 GMT
File type ASCII text, with very long lines (61177)
Size 113 kB (113424 bytes)
Hash f3588c5412d4119f95e47073a4a5df72
3c4b1652e71c25e1ce7de611fbd17edbaae411d9
6cc79c59f00478ce5d8eaa982efdd8fc3cc205a7ea023a564bb2688fa206a087
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
urlquery phishing Phishing - NakedPages Phishing Kit
GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1
Host: empires-airblast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
DNT: 1
Connection: keep-alive
Cookie: qPdM=UnyBVjb2N4KS; qPdM.sig=K8obD9FQlMZvC9xxQFRlAFuU5_g; ClientId=8B30EA8B042E48E4921D416CA8192891; OIDC=1; OpenIdConnect.nonce.v3.gPNiSARVnnr23KYBae1NzizRGTIGpdnK0Y1wyJi4r4w=638790430244628414.51b27d94-7fc5-41ad-94b5-c63ab9c648eb; X-OWA-RedirectHistory=ArLym14BQcqoCINw3Qg; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEipV1IRsI7PqVqaEfhl_cVqizkjBOxp_ZiseklkbdJw10pXxePYSkFjiY5vrzvYUp-1auezVdsrj6IUoSeX9zpaTqFPx7bRByOhl1A-oiglEgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEj_loHaNVNsepANCuQUwEYTnM5Ad7m8HIcxfICMcbyLsajFOOkSv8j2XVzGyXciR7nXWia_V9QTF3qqh145TCoMg7cgwlpFnn4A80Z3XXYWeyV7XNDsvDdFFJcCX_MqeQYRJMTNgwBCT5i8U3ecRdsduFxWc8TzlnTJL_oozjwm0gAA; esctx-ZSLSnhQaL4=AQABCQEAAABVrSpeuWamRam2jAF1XRQECqyCZb2Utt0esYdyuZJkjlVEWm6_oXM_6MjWmkyDm7eexpAtdSVbx1fyVzpOVQluAj2vOoIbKTIIRJMMlrbFAyjANfYdtBNf4aH-_NjoyTC_3gNOEp60831pyE7ZH6b29MxE2i-C5Pt2yjvZuXi9CCAA; fpc=AouqB_AYscdHlZEIYnZj0YSerOTJAQAAANDXfN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 20410
Content-Type: text/css
Content-Encoding: gzip
Content-MD5: O6TXahet0KbDTuaW8oyFQQ==
Last-Modified: Wed, 04 Dec 2024 23:52:00 GMT
Accept-Ranges: bytes
ETag: "0x8DD14BEA5012AB1"
x-ms-request-id: 93fcc275-101e-0002-7d9b-663fdf000000
x-ms-version: 2018-03-28
Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=30500030
Date: Mon, 31 Mar 2025 18:37:06 GMT
Connection: close
Vary: Accept-Encoding
Akamai-GRN: 0.e9182117.1743446226.950fda91
GET empires-airblast.com/aadcdn.msftauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js
404 Not Found 823 B URL GET empires-airblast.com/aadcdn.msftauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js
IP
ASN #215540 Global Connectivity Solutions Llp
Requested by https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
Certificate IssuerLet's Encrypt
Subjectempires-airblast.com
Fingerprint8E:2D:CD:53:CB:07:39:4C:E7:08:D9:18:B1:2C:D0:59:75:4F:00:DF
ValidityFri, 21 Mar 2025 11:30:55 GMT - Thu, 19 Jun 2025 11:30:54 GMT
File type HTML document, ASCII text, with very long lines (827), with no line terminators
Hash 42c3edabadbe31fc64f0bb6c0bd91d30
798964f6fb4a8e668fc9461f80fc6c51bd0cb701
e4b5fac2284f0bdd1fe5392bb097b8d0de4efa2ee2130fab4e2852246559ba90
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
urlquery phishing Phishing - NakedPages Phishing Kit
GET /aadcdn.msftauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js HTTP/1.1
Host: empires-airblast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
DNT: 1
Connection: keep-alive
Cookie: qPdM=UnyBVjb2N4KS; qPdM.sig=K8obD9FQlMZvC9xxQFRlAFuU5_g; ClientId=8B30EA8B042E48E4921D416CA8192891; OIDC=1; OpenIdConnect.nonce.v3.gPNiSARVnnr23KYBae1NzizRGTIGpdnK0Y1wyJi4r4w=638790430244628414.51b27d94-7fc5-41ad-94b5-c63ab9c648eb; X-OWA-RedirectHistory=ArLym14BQcqoCINw3Qg; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEipV1IRsI7PqVqaEfhl_cVqizkjBOxp_ZiseklkbdJw10pXxePYSkFjiY5vrzvYUp-1auezVdsrj6IUoSeX9zpaTqFPx7bRByOhl1A-oiglEgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEj_loHaNVNsepANCuQUwEYTnM5Ad7m8HIcxfICMcbyLsajFOOkSv8j2XVzGyXciR7nXWia_V9QTF3qqh145TCoMg7cgwlpFnn4A80Z3XXYWeyV7XNDsvDdFFJcCX_MqeQYRJMTNgwBCT5i8U3ecRdsduFxWc8TzlnTJL_oozjwm0gAA; esctx-ZSLSnhQaL4=AQABCQEAAABVrSpeuWamRam2jAF1XRQECqyCZb2Utt0esYdyuZJkjlVEWm6_oXM_6MjWmkyDm7eexpAtdSVbx1fyVzpOVQluAj2vOoIbKTIIRJMMlrbFAyjANfYdtBNf4aH-_NjoyTC_3gNOEp60831pyE7ZH6b29MxE2i-C5Pt2yjvZuXi9CCAA; fpc=AouqB_AYscdHlZEIYnZj0YSerOTJAQAAANDXfN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
content-length: 823
Content-Type: text/html
x-ms-error-code: WebContentNotFound
x-ms-request-id: ed9cbf31-701e-0099-346b-a2b591000000
x-ms-version: 2018-03-28
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-version
Access-Control-Allow-Origin: *
Date: Mon, 31 Mar 2025 18:37:07 GMT
Connection: close
Akamai-GRN: 0.e9182117.1743446227.950ffb29
Set-Cookie: ak_bmsc=6515F746A3A47D8FBFD2467084D4763A~000000000000000000000000000000~YAAQ6RghF2+15dOVAQAAjDl+7Rt8YMegR1OfOeFJd5wxRJZ5lVjUodSm3BDqDGGgTx6kqV1ueR5BMkQhOvTgZnH7YKhMG0QC2ZS1MjY0lf+dir9h4GjVZE1HLW5ss2ApqjNH5hnyXmnWZBvnnhWxc056VoCOIm7FJm6RxO29nwUqbK+nNyxfqmGCCSJYho4c7qSub1lGaXP6L/CrWtwss+SJPvFLvSERlM5GoXaxGO7xVE5n4dp9TKTYHkoZP3GCOXBpw/g6ODf41d9SjsqeRpxGFQSnJIVneIzgtbw3QbLEqAjJW/1kQjGpAD76dHgRF0VlkLVjNz2MawTDOBV4Knl3SOgXf9VYgToAJA==; Domain=empires-airblast.com; Path=/; Expires=Mon, 31 Mar 2025 20:37:07 GMT; Max-Age=7200; SameSite=None; Secure
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
GET empires-airblast.com/aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
200 OK 17 kB URL GET empires-airblast.com/aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
IP
ASN #215540 Global Connectivity Solutions Llp
Requested by https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
Certificate IssuerLet's Encrypt
Subjectempires-airblast.com
Fingerprint8E:2D:CD:53:CB:07:39:4C:E7:08:D9:18:B1:2C:D0:59:75:4F:00:DF
ValidityFri, 21 Mar 2025 11:30:55 GMT - Thu, 19 Jun 2025 11:30:54 GMT
File type MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Hash 12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
urlquery phishing Phishing - NakedPages Phishing Kit
GET /aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: empires-airblast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
DNT: 1
Connection: keep-alive
Cookie: qPdM=UnyBVjb2N4KS; qPdM.sig=K8obD9FQlMZvC9xxQFRlAFuU5_g; ClientId=8B30EA8B042E48E4921D416CA8192891; OIDC=1; OpenIdConnect.nonce.v3.gPNiSARVnnr23KYBae1NzizRGTIGpdnK0Y1wyJi4r4w=638790430244628414.51b27d94-7fc5-41ad-94b5-c63ab9c648eb; X-OWA-RedirectHistory=ArLym14BQcqoCINw3Qg; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEipV1IRsI7PqVqaEfhl_cVqizkjBOxp_ZiseklkbdJw10pXxePYSkFjiY5vrzvYUp-1auezVdsrj6IUoSeX9zpaTqFPx7bRByOhl1A-oiglEgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEj_loHaNVNsepANCuQUwEYTnM5Ad7m8HIcxfICMcbyLsajFOOkSv8j2XVzGyXciR7nXWia_V9QTF3qqh145TCoMg7cgwlpFnn4A80Z3XXYWeyV7XNDsvDdFFJcCX_MqeQYRJMTNgwBCT5i8U3ecRdsduFxWc8TzlnTJL_oozjwm0gAA; esctx-ZSLSnhQaL4=AQABCQEAAABVrSpeuWamRam2jAF1XRQECqyCZb2Utt0esYdyuZJkjlVEWm6_oXM_6MjWmkyDm7eexpAtdSVbx1fyVzpOVQluAj2vOoIbKTIIRJMMlrbFAyjANfYdtBNf4aH-_NjoyTC_3gNOEp60831pyE7ZH6b29MxE2i-C5Pt2yjvZuXi9CCAA; fpc=AouqB_AYscdHlZEIYnZj0YSerOTJAQAAANDXfN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/x-icon
Content-MD5: EuPayFgGHQiAI7K9SOL6lg==
Last-Modified: Thu, 05 Dec 2024 00:02:51 GMT
Accept-Ranges: bytes
ETag: "0x8DD14C0292CD581"
x-ms-request-id: fa26a65a-301e-00c0-6a9c-66acf0000000
x-ms-version: 2018-03-28
Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 540
Cache-Control: public, max-age=30500044
Date: Mon, 31 Mar 2025 18:37:07 GMT
Connection: close
Vary: Accept-Encoding
Akamai-GRN: 0.e9182117.1743446227.95100b9a
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1288935762:1743442337:GnewMnrgHm1I_90hjYy1nZpau-dHrOE-D-YkxaR50G0/9291f466bc90b51b/OtvOhOi2YF2SizKUn1CMr.D_mRn9_6Gh76PJrGt67js-1743446211-1.1.1.1-Pvndtl3o03_3WhFqptcAuG51rFV6csjiNj3qy3HEe6zhVn_FgwOL7OPpu0DLm04G
200 OK 228 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1288935762:1743442337:GnewMnrgHm1I_90hjYy1nZpau-dHrOE-D-YkxaR50G0/9291f466bc90b51b/OtvOhOi2YF2SizKUn1CMr.D_mRn9_6Gh76PJrGt67js-1743446211-1.1.1.1-Pvndtl3o03_3WhFqptcAuG51rFV6csjiNj3qy3HEe6zhVn_FgwOL7OPpu0DLm04G
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 228 kB (228028 bytes)
Hash c68b044b61b7e9d58bae8956c606a4cb
e5a5585165b519690d43bc85a1b22aaee2e72335
0d80392b5622778118f3186d814e4c5449a28eb9a6e6ed6bc2dadb77c4055a2f
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1288935762:1743442337:GnewMnrgHm1I_90hjYy1nZpau-dHrOE-D-YkxaR50G0/9291f466bc90b51b/OtvOhOi2YF2SizKUn1CMr.D_mRn9_6Gh76PJrGt67js-1743446211-1.1.1.1-Pvndtl3o03_3WhFqptcAuG51rFV6csjiNj3qy3HEe6zhVn_FgwOL7OPpu0DLm04G HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
cf-chl: OtvOhOi2YF2SizKUn1CMr.D_mRn9_6Gh76PJrGt67js-1743446211-1.1.1.1-Pvndtl3o03_3WhFqptcAuG51rFV6csjiNj3qy3HEe6zhVn_FgwOL7OPpu0DLm04G
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 3182
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 31 Mar 2025 18:36:52 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: mFja9i0c3e+InFbu4iEAZ+jJfXf73os5j3bn1b7LRe/JPDBgP1pcLfNYnrBwt4yzITrKpAkwsL9LjlJRbT2VBlOcOLLyYC43hgzvh3fIVefIrwDxzHkMk03ZP7BDyjtlujx1tqqMEB32wjhNxFkyrXnqEPOj1y2Hy7nH32NsXZp1n0wK49iPtecgk748ZG7aVhXdyIkFFsiTaTv307d5fo1/NYJLioSgc2kUt8Yz6vbsLY6z/9gYxc1lfMq/oydiR8mC//p+yBDO/YFatdKLyt6wdpUSqsKmrwgOV2GevqH9krHq0l/eTNmCItfa5q/vTbqBREdYUXfjXrld7o0YZb39V4+i0I26T00+ShqBFOAphwJJkWmzqNvd8tj3i2Nv8UoOuOedpFQqzlKJ5EKUjjnYkdmJlbmGMQ3ugDGNyz1lpSlfLQu7ZG3hInmOUThKkDjyMCZNhmVpqS3i//f4V0YgYpxVvqs0w33yJz4IxHujYmlL+qyT8+9YV7HoDVpitc/Tt5ZnywH+bezCrCZgY/BMi7f9PXkVqAf2eaZAb+4inWUvGrLvK7Yy2jZMbQ6fKPR0BW/SWH5xCQXBEujT2v9E3xcEEZjHainETbU8eKGyFRrSNUCEEEfML9hX0ABOM0Xn7lVCEdr3d5fU15cY55xJtpWjmnGCLaNERpanKxpYqAmGaiwiSbwURhaf/BKfEmwvHa7+VSdT5DfFKueBTG3GCXI/VqI9dG8ubuS7Mt0pRJi6oPOf0LjAQZMefCoOnS0PsG8SyPO1lL87EZ1eYg==$k7kDSawFQ0Z25RwwXludpw==
priority: u=3,i=?0
server: cloudflare
cf-ray: 9291f46a1a8db51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1288935762:1743442337:GnewMnrgHm1I_90hjYy1nZpau-dHrOE-D-YkxaR50G0/9291f466bc90b51b/OtvOhOi2YF2SizKUn1CMr.D_mRn9_6Gh76PJrGt67js-1743446211-1.1.1.1-Pvndtl3o03_3WhFqptcAuG51rFV6csjiNj3qy3HEe6zhVn_FgwOL7OPpu0DLm04G
200 OK 28 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1288935762:1743442337:GnewMnrgHm1I_90hjYy1nZpau-dHrOE-D-YkxaR50G0/9291f466bc90b51b/OtvOhOi2YF2SizKUn1CMr.D_mRn9_6Gh76PJrGt67js-1743446211-1.1.1.1-Pvndtl3o03_3WhFqptcAuG51rFV6csjiNj3qy3HEe6zhVn_FgwOL7OPpu0DLm04G
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
File type ASCII text, with very long lines (28296), with no line terminators
Hash 80cb76ca98662273477f90adfa36c21d
e22aef5df3e284c88f78b98b7e4a6c48a346354d
afb9b770f1c2538e01bfd965e24a3cf0715b2c5c62dd81714f340a46bfd0ee09
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1288935762:1743442337:GnewMnrgHm1I_90hjYy1nZpau-dHrOE-D-YkxaR50G0/9291f466bc90b51b/OtvOhOi2YF2SizKUn1CMr.D_mRn9_6Gh76PJrGt67js-1743446211-1.1.1.1-Pvndtl3o03_3WhFqptcAuG51rFV6csjiNj3qy3HEe6zhVn_FgwOL7OPpu0DLm04G HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
cf-chl: OtvOhOi2YF2SizKUn1CMr.D_mRn9_6Gh76PJrGt67js-1743446211-1.1.1.1-Pvndtl3o03_3WhFqptcAuG51rFV6csjiNj3qy3HEe6zhVn_FgwOL7OPpu0DLm04G
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 33943
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 31 Mar 2025 18:36:56 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 0xSIsvKv9oGOPOX3zdFbX3IJfa4EORZrDUG5BiviYkOMCY3e7yFBbXwIVb1618f9$hj2jRsYvAdYs6eMSl0x1fw==
priority: u=3,i=?0
server: cloudflare
cf-ray: 9291f48569b5b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST csp.microsoft.com/report/ESTS-UX-All
200 OK 2 B URL POST csp.microsoft.com/report/ESTS-UX-All
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
Certificate IssuerDigiCert, Inc.
Subjectcsp.microsoft.com
Fingerprint96:0D:12:76:CF:F6:7A:E4:FE:C4:A3:34:C5:CF:AF:DE:55:EC:D1:99
ValidityWed, 01 Jan 2025 00:00:00 GMT - Tue, 01 Jul 2025 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /report/ESTS-UX-All HTTP/1.1
Host: csp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 2862
Origin: https://empires-airblast.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 31 Mar 2025 18:37:07 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
request-context: appId=cid-v1:5c791ad2-9c50-4271-a8a5-5c74d929f3ed
x-azure-ref: 20250331T183707Z-r1cf866b995vqbf8hC1SVG3eeg00000009a0000000001tbz
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
200 OK 61 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
File type PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Hash 9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 31 Mar 2025 18:36:51 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
priority: u=4,i=?0
server: cloudflare
cf-ray: 9291f467adfcb51b-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST csp.microsoft.com/report/ESTS-UX-All
200 OK 2 B URL POST csp.microsoft.com/report/ESTS-UX-All
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
Certificate IssuerDigiCert, Inc.
Subjectcsp.microsoft.com
Fingerprint96:0D:12:76:CF:F6:7A:E4:FE:C4:A3:34:C5:CF:AF:DE:55:EC:D1:99
ValidityWed, 01 Jan 2025 00:00:00 GMT - Tue, 01 Jul 2025 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /report/ESTS-UX-All HTTP/1.1
Host: csp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 2862
Origin: https://empires-airblast.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 31 Mar 2025 18:37:07 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
request-context: appId=cid-v1:5c791ad2-9c50-4271-a8a5-5c74d929f3ed
x-azure-ref: 20250331T183707Z-r1cf866b995vqbf8hC1SVG3eeg00000009a0000000001tc3
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2
GET a67a811c.6f94801be7c58a40c577135d.workers.dev/?qrc=accounting@slurpmail.net
200 OK 6.8 kB URL User Request GET a67a811c.6f94801be7c58a40c577135d.workers.dev/?qrc=accounting@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subject6f94801be7c58a40c577135d.workers.dev
Fingerprint31:F4:F9:02:C1:C8:93:EF:79:A2:DE:DA:CE:68:98:E2:B3:62:21:9B
ValidityFri, 07 Mar 2025 12:51:15 GMT - Thu, 05 Jun 2025 13:40:45 GMT
File type HTML document, ASCII text, with very long lines (7161), with no line terminators
Hash 81fac437f9926a5645b3cdd9df0c44f1
4904b10d255976116ff62f2b1cdf9fe4103debe2
0e3cdbeca97bea5393c22354e13789a3d9564da4c030634624dc503be196e0c2
GET /?qrc=accounting@slurpmail.net HTTP/1.1
Host: a67a811c.6f94801be7c58a40c577135d.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 31 Mar 2025 18:36:51 GMT
content-type: text/html
content-encoding: br
cf-ray: 9291f4637f6856a8-OSL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ar%2BHoRVeJpCVNQtDg4aBzHzys3GbyeD%2B%2BZvZ8FCNOPW1hxa04y4Y0bc3umcM0l2Cs9xTi0MZVZTozKL7Duhd8QPVqrz2J1Lg3F83i5AcqHKK96FCKjHnPgOp4oP7PVB1egQ7RgBqScHQEVlzJGZztFDf5Euf1Y2ZkF8HlNIEzI0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5756&min_rtt=451&rtt_var=10625&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3274&recv_bytes=1168&delivery_rate=6983922&cwnd=254&unsent_bytes=0&cid=bae01b9c665ff25c&ts=139&x=0"
X-Firefox-Spdy: h2
GET amescompany.com/?dyusoxhf&qrc=accounting@slurpmail.net
200 OK 354 B URL GET amescompany.com/?dyusoxhf&qrc=accounting@slurpmail.net
IP
ASN #215540 Global Connectivity Solutions Llp
Requested by https://a67a811c.6f94801be7c58a40c577135d.workers.dev/?qrc=accounting@slurpmail.net
Certificate IssuerLet's Encrypt
Subjectamescompany.com
FingerprintF8:4A:52:4E:86:45:26:B7:4D:BB:F3:0E:BD:81:C7:77:60:C0:23:19
ValidityFri, 21 Mar 2025 11:22:54 GMT - Thu, 19 Jun 2025 11:22:53 GMT
File type troff or preprocessor input, ASCII text, with very long lines (360), with no line terminators
Hash 6cca293b1a3ac314848d3ba5802262d7
df7455df2cca0704975dbdbb8564ee97b8271124
b807b2f8d644b0f96441b66c5e55f895d240ddbd652302575c3ef676a03df252
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
urlquery phishing Phishing - NakedPages Phishing Kit
GET /?dyusoxhf&qrc=accounting@slurpmail.net HTTP/1.1
Host: amescompany.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
qrc-auth: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Origin: https://a67a811c.6f94801be7c58a40c577135d.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://a67a811c.6f94801be7c58a40c577135d.workers.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Set-Cookie: qPdM=UnyBVjb2N4KS; path=/; samesite=none; secure; httponly
qPdM.sig=K8obD9FQlMZvC9xxQFRlAFuU5_g; path=/; samesite=none; secure; httponly
content-type: application/json
Access-Control-Allow-Origin: *
Date: Mon, 31 Mar 2025 18:37:03 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
GET empires-airblast.com/?qrc=accounting%40slurpmail.net
302 Moved Temporarily 42 kB URL User Request GET empires-airblast.com/?qrc=accounting%40slurpmail.net
IP
ASN #215540 Global Connectivity Solutions Llp
Certificate IssuerLet's Encrypt
Subjectempires-airblast.com
Fingerprint8E:2D:CD:53:CB:07:39:4C:E7:08:D9:18:B1:2C:D0:59:75:4F:00:DF
ValidityFri, 21 Mar 2025 11:30:55 GMT - Thu, 19 Jun 2025 11:30:54 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
urlquery phishing Phishing - NakedPages Phishing Kit
GET /?qrc=accounting%40slurpmail.net HTTP/1.1
Host: empires-airblast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a67a811c.6f94801be7c58a40c577135d.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=UnyBVjb2N4KS; qPdM.sig=K8obD9FQlMZvC9xxQFRlAFuU5_g
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://empires-airblast.com/owa/?login_hint=accounting%40slurpmail.net
Server: Microsoft-IIS/10.0
request-id: 5d7f4142-a8d1-faed-5a0c-94504d52da0b
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: YT3PR01CA0104, YT3PR01CA0104
X-RequestId: 45f1b163-0ea9-48f3-b068-e43ac5f1dd6e
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-FEProxyInfo: YT3PR01CA0104.CANPRD01.PROD.OUTLOOK.COM
X-FEEFZInfo: YYZ
MS-CV: QkF/XdGo7fpaDJRQTVLaCw.0
X-Powered-By: ASP.NET
X-MS-DIAGNOSTICS:
Date: Mon, 31 Mar 2025 18:37:03 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
GET empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
200 OK 42 kB URL User Request GET empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
IP
ASN #215540 Global Connectivity Solutions Llp
Certificate IssuerLet's Encrypt
Subjectempires-airblast.com
Fingerprint8E:2D:CD:53:CB:07:39:4C:E7:08:D9:18:B1:2C:D0:59:75:4F:00:DF
ValidityFri, 21 Mar 2025 11:30:55 GMT - Thu, 19 Jun 2025 11:30:54 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
urlquery phishing Phishing - NakedPages Phishing Kit
GET /?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg= HTTP/1.1
Host: empires-airblast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a67a811c.6f94801be7c58a40c577135d.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=UnyBVjb2N4KS; qPdM.sig=K8obD9FQlMZvC9xxQFRlAFuU5_g; ClientId=8B30EA8B042E48E4921D416CA8192891; OIDC=1; OpenIdConnect.nonce.v3.gPNiSARVnnr23KYBae1NzizRGTIGpdnK0Y1wyJi4r4w=638790430244628414.51b27d94-7fc5-41ad-94b5-c63ab9c648eb; X-OWA-RedirectHistory=ArLym14BQcqoCINw3Qg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msftauth.net>; rel=dns-prefetch,<https://aadcdn.msauth.net>; rel=dns-prefetch
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 61dda007-83ba-4a87-a7c7-1b5c4d247000
x-ms-ests-server: 2.1.20329.5 - NCUS ProdSlices
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-K3z6BfwGWar6kp_c01ca3A' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
Set-Cookie: buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEipV1IRsI7PqVqaEfhl_cVqizkjBOxp_ZiseklkbdJw10pXxePYSkFjiY5vrzvYUp-1auezVdsrj6IUoSeX9zpaTqFPx7bRByOhl1A-oiglEgAA; expires=Wed, 30-Apr-2025 18:37:05 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEj_loHaNVNsepANCuQUwEYTnM5Ad7m8HIcxfICMcbyLsajFOOkSv8j2XVzGyXciR7nXWia_V9QTF3qqh145TCoMg7cgwlpFnn4A80Z3XXYWeyV7XNDsvDdFFJcCX_MqeQYRJMTNgwBCT5i8U3ecRdsduFxWc8TzlnTJL_oozjwm0gAA; domain=empires-airblast.com; path=/; secure; HttpOnly; SameSite=None
esctx-ZSLSnhQaL4=AQABCQEAAABVrSpeuWamRam2jAF1XRQECqyCZb2Utt0esYdyuZJkjlVEWm6_oXM_6MjWmkyDm7eexpAtdSVbx1fyVzpOVQluAj2vOoIbKTIIRJMMlrbFAyjANfYdtBNf4aH-_NjoyTC_3gNOEp60831pyE7ZH6b29MxE2i-C5Pt2yjvZuXi9CCAA; domain=empires-airblast.com; path=/; secure; HttpOnly; SameSite=None
fpc=AouqB_AYscdHlZEIYnZj0YSerOTJAQAAANDXfN8OAAAA; expires=Wed, 30-Apr-2025 18:37:05 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Mon, 31 Mar 2025 18:37:05 GMT
Connection: close
content-length: 42330
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
GET empires-airblast.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js
200 OK 59 kB URL GET empires-airblast.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js
IP
ASN #215540 Global Connectivity Solutions Llp
Requested by https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
Certificate IssuerLet's Encrypt
Subjectempires-airblast.com
Fingerprint8E:2D:CD:53:CB:07:39:4C:E7:08:D9:18:B1:2C:D0:59:75:4F:00:DF
ValidityFri, 21 Mar 2025 11:30:55 GMT - Thu, 19 Jun 2025 11:30:54 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
urlquery phishing Phishing - NakedPages Phishing Kit
GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js HTTP/1.1
Host: empires-airblast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
DNT: 1
Connection: keep-alive
Cookie: qPdM=UnyBVjb2N4KS; qPdM.sig=K8obD9FQlMZvC9xxQFRlAFuU5_g; ClientId=8B30EA8B042E48E4921D416CA8192891; OIDC=1; OpenIdConnect.nonce.v3.gPNiSARVnnr23KYBae1NzizRGTIGpdnK0Y1wyJi4r4w=638790430244628414.51b27d94-7fc5-41ad-94b5-c63ab9c648eb; X-OWA-RedirectHistory=ArLym14BQcqoCINw3Qg; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEipV1IRsI7PqVqaEfhl_cVqizkjBOxp_ZiseklkbdJw10pXxePYSkFjiY5vrzvYUp-1auezVdsrj6IUoSeX9zpaTqFPx7bRByOhl1A-oiglEgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEj_loHaNVNsepANCuQUwEYTnM5Ad7m8HIcxfICMcbyLsajFOOkSv8j2XVzGyXciR7nXWia_V9QTF3qqh145TCoMg7cgwlpFnn4A80Z3XXYWeyV7XNDsvDdFFJcCX_MqeQYRJMTNgwBCT5i8U3ecRdsduFxWc8TzlnTJL_oozjwm0gAA; esctx-ZSLSnhQaL4=AQABCQEAAABVrSpeuWamRam2jAF1XRQECqyCZb2Utt0esYdyuZJkjlVEWm6_oXM_6MjWmkyDm7eexpAtdSVbx1fyVzpOVQluAj2vOoIbKTIIRJMMlrbFAyjANfYdtBNf4aH-_NjoyTC_3gNOEp60831pyE7ZH6b29MxE2i-C5Pt2yjvZuXi9CCAA; fpc=AouqB_AYscdHlZEIYnZj0YSerOTJAQAAANDXfN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
content-length: 58645
Content-Type: application/x-javascript
Content-Encoding: gzip
Content-MD5: 3JO8LQEZ/TDRAhHAFgkHIQ==
Last-Modified: Mon, 03 Mar 2025 20:34:05 GMT
Accept-Ranges: bytes
ETag: "0x8DD5A92BDF0C136"
x-ms-request-id: 1919e774-301e-00ac-6caa-8c92ce000000
x-ms-version: 2018-03-28
Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=29143709
Date: Mon, 31 Mar 2025 18:37:06 GMT
Connection: close
Vary: Accept-Encoding
Akamai-GRN: 0.e9182117.1743446226.950fda90
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
POST csp.microsoft.com/report/ESTS-UX-All
200 OK 2 B URL POST csp.microsoft.com/report/ESTS-UX-All
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
Certificate IssuerDigiCert, Inc.
Subjectcsp.microsoft.com
Fingerprint96:0D:12:76:CF:F6:7A:E4:FE:C4:A3:34:C5:CF:AF:DE:55:EC:D1:99
ValidityWed, 01 Jan 2025 00:00:00 GMT - Tue, 01 Jul 2025 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /report/ESTS-UX-All HTTP/1.1
Host: csp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 2855
Origin: https://empires-airblast.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 31 Mar 2025 18:37:08 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
request-context: appId=cid-v1:5c791ad2-9c50-4271-a8a5-5c74d929f3ed
x-azure-ref: 20250331T183707Z-r1cf866b995vqbf8hC1SVG3eeg00000009a0000000001tc2
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
302 Found 48 kB URL GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
Requested by https://a67a811c.6f94801be7c58a40c577135d.workers.dev/?qrc=accounting@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a67a811c.6f94801be7c58a40c577135d.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Mon, 31 Mar 2025 18:36:51 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/708f7a809116/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 9291f465d8c00b31-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.js
200 OK 48 kB URL GET challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.js
IP
Requested by https://a67a811c.6f94801be7c58a40c577135d.workers.dev/?qrc=accounting@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
File type JavaScript source, ASCII text, with very long lines (48122)
Hash ea38bda3c117e2fe01bd862003357394
767ccb3589e3067ee1b348df2426a9e2e32cee5c
719423c7b70ac911f76d00b3ae514d108a8315ea60a80519820be50c0e4c96ef
GET /turnstile/v0/b/708f7a809116/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a67a811c.6f94801be7c58a40c577135d.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 31 Mar 2025 18:36:51 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 18 Mar 2025 12:36:20 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 9291f465f9010b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9291f466bc90b51b&lang=auto
200 OK 118 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9291f466bc90b51b&lang=auto
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 118 kB (118275 bytes)
Hash 25031df102d926334a88d4a8627fbfe7
21b4569d8852c60be4a298e99661bdc5bf434d6b
1c30e0b99c65b2966577b3b94406db076c8286313c6176ef8834784ac8353411
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9291f466bc90b51b&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 31 Mar 2025 18:36:51 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
priority: u=3,i=?0
server: cloudflare
cf-ray: 9291f467de5eb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/9291f466bc90b51b/1743446212217/Tcwba7sB4k5rK02
200 OK 61 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/9291f466bc90b51b/1743446212217/Tcwba7sB4k5rK02
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
File type PNG image data, 100 x 55, 8-bit/color RGB, non-interlaced
Hash f998494f0c8040f70c5bb6defcd80605
35cdc61a4f811bac41d1b567f5d57a855725c9a3
3f5cd82dd3a48031e66861834984447b045ca427e9834b866c6cf132eaaf77bb
GET /cdn-cgi/challenge-platform/h/b/d/9291f466bc90b51b/1743446212217/Tcwba7sB4k5rK02 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 31 Mar 2025 18:36:55 GMT
content-type: image/png
content-length: 61
priority: u=4,i=?0
server: cloudflare
cf-ray: 9291f47f0d6db51b-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/9291f466bc90b51b/1743446212220/d16839df5fe347269648a965b0558a5686acdf643fe3020e6b2a6aba9e24f295/4mbQJ8pT3dqXYIv
401 Unauthorized 1 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/9291f466bc90b51b/1743446212220/d16839df5fe347269648a965b0558a5686acdf643fe3020e6b2a6aba9e24f295/4mbQJ8pT3dqXYIv
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/9291f466bc90b51b/1743446212220/d16839df5fe347269648a965b0558a5686acdf643fe3020e6b2a6aba9e24f295/4mbQJ8pT3dqXYIv HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/zsyn4/0x4AAAAAABB8RVoLXngZ7yj_/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Mon, 31 Mar 2025 18:36:56 GMT
content-type: text/plain; charset=utf-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g0Wg531_jRyaWSKllsFWKVoas32Q_4wIOaypqup4k8pUAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tINFoOd9f40cmlkipZbBVilaGrN9kP-MCDmsqarqeJPKVABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tINFoOd9f40cmlkipZbBVilaGrN9kP-MCDmsqarqeJPKVABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA8WJgxqVwts3CABR8W8de7CZzn589SvR4_GgNfCqIxTv1u2xuxGKJ0auei0t6k1J1s6MgWW7cnqUVpCdVhMGbQht9FKQOybdXBn57266e98ZMxht1OmyAx5dTfZvM7dajH0DJRf6IlTaWWWeNiU_NEQC4jf5R-PXSEVHsn-1fmoGUXuexzQ69XRR-RCUJE1A3A3pDVwmY19tNYCHeJUHDb1CtWFJ57pDisYmb6TUZcTRuuVZrJyeMxgLj_NKoxsw_2_UOP7Z0pbp9dzm5rE1rfBD_tQv-s1kF0G_1B0s6fKJqBISknxSlLJsa1oLjLOBCVcSCNTBzMoA7BJxOzpMEVwIDAQAB", max-age=20
priority: u=4,i=?0
server: cloudflare
cf-ray: 9291f4828c28b51b-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET empires-airblast.com/owa/?login_hint=accounting%40slurpmail.net
302 Found 42 kB URL User Request GET empires-airblast.com/owa/?login_hint=accounting%40slurpmail.net
IP
ASN #215540 Global Connectivity Solutions Llp
Certificate IssuerLet's Encrypt
Subjectempires-airblast.com
Fingerprint8E:2D:CD:53:CB:07:39:4C:E7:08:D9:18:B1:2C:D0:59:75:4F:00:DF
ValidityFri, 21 Mar 2025 11:30:55 GMT - Thu, 19 Jun 2025 11:30:54 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
urlquery phishing Phishing - NakedPages Phishing Kit
GET /owa/?login_hint=accounting%40slurpmail.net HTTP/1.1
Host: empires-airblast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a67a811c.6f94801be7c58a40c577135d.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=UnyBVjb2N4KS; qPdM.sig=K8obD9FQlMZvC9xxQFRlAFuU5_g
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
OPTIONS amescompany.com/?dyusoxhf&qrc=accounting@slurpmail.net
200 OK 0 B URL OPTIONS amescompany.com/?dyusoxhf&qrc=accounting@slurpmail.net
IP
ASN #215540 Global Connectivity Solutions Llp
Requested by https://a67a811c.6f94801be7c58a40c577135d.workers.dev/?qrc=accounting@slurpmail.net
Certificate IssuerLet's Encrypt
Subjectamescompany.com
FingerprintF8:4A:52:4E:86:45:26:B7:4D:BB:F3:0E:BD:81:C7:77:60:C0:23:19
ValidityFri, 21 Mar 2025 11:22:54 GMT - Thu, 19 Jun 2025 11:22:53 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - NakedPages Phishing Kit
OPTIONS /?dyusoxhf&qrc=accounting@slurpmail.net HTTP/1.1
Host: amescompany.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: qrc-auth
Referer: https://a67a811c.6f94801be7c58a40c577135d.workers.dev/
Origin: https://a67a811c.6f94801be7c58a40c577135d.workers.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Date: Mon, 31 Mar 2025 18:37:03 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
GET empires-airblast.com/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js
200 OK 689 kB URL GET empires-airblast.com/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js
IP
ASN #215540 Global Connectivity Solutions Llp
Requested by https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
Certificate IssuerLet's Encrypt
Subjectempires-airblast.com
Fingerprint8E:2D:CD:53:CB:07:39:4C:E7:08:D9:18:B1:2C:D0:59:75:4F:00:DF
ValidityFri, 21 Mar 2025 11:30:55 GMT - Thu, 19 Jun 2025 11:30:54 GMT
File type JavaScript source, ASCII text
Size 689 kB (689017 bytes)
Hash 3e89ae909c6a8d8c56396830471f3373
2632f95a5be7e4c589402bf76e800a8151cd036b
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
urlquery phishing Phishing - NakedPages Phishing Kit
GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js HTTP/1.1
Host: empires-airblast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://empires-airblast.com/?o380puuw7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hY2NvdW50aW5nJTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD1mNjNiMjU1MC02ZTM4LWI0ZTgtZjcyNy01OTk2ZWUwNjg0NTUmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NzkwNDMwMjQ0NjI4NDE0LjUxYjI3ZDk0LTdmYzUtNDFhZC05NGI1LWM2M2FiOWM2NDhlYiZzdGF0ZT1EY3ZMRHNJZ0VFQlIwRzl4WldoNURLLUY4VlBNUUdzbG9ZTlJHbjlmRnVmdUxtZU1uWWZUd09VSTg4NEVIeVVZcVFHY0RxQmdzaXBwdjBRUV9wbXRBSVdMaUpDc3lNNWdpdGxCV0JNZjczVnVQNXp2dFcyRkhxOUNfWVk1dDRONm9lMEM4bHVQejN2SFVpZGEteDg=
DNT: 1
Connection: keep-alive
Cookie: qPdM=UnyBVjb2N4KS; qPdM.sig=K8obD9FQlMZvC9xxQFRlAFuU5_g; ClientId=8B30EA8B042E48E4921D416CA8192891; OIDC=1; OpenIdConnect.nonce.v3.gPNiSARVnnr23KYBae1NzizRGTIGpdnK0Y1wyJi4r4w=638790430244628414.51b27d94-7fc5-41ad-94b5-c63ab9c648eb; X-OWA-RedirectHistory=ArLym14BQcqoCINw3Qg; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEipV1IRsI7PqVqaEfhl_cVqizkjBOxp_ZiseklkbdJw10pXxePYSkFjiY5vrzvYUp-1auezVdsrj6IUoSeX9zpaTqFPx7bRByOhl1A-oiglEgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEj_loHaNVNsepANCuQUwEYTnM5Ad7m8HIcxfICMcbyLsajFOOkSv8j2XVzGyXciR7nXWia_V9QTF3qqh145TCoMg7cgwlpFnn4A80Z3XXYWeyV7XNDsvDdFFJcCX_MqeQYRJMTNgwBCT5i8U3ecRdsduFxWc8TzlnTJL_oozjwm0gAA; esctx-ZSLSnhQaL4=AQABCQEAAABVrSpeuWamRam2jAF1XRQECqyCZb2Utt0esYdyuZJkjlVEWm6_oXM_6MjWmkyDm7eexpAtdSVbx1fyVzpOVQluAj2vOoIbKTIIRJMMlrbFAyjANfYdtBNf4aH-_NjoyTC_3gNOEp60831pyE7ZH6b29MxE2i-C5Pt2yjvZuXi9CCAA; fpc=AouqB_AYscdHlZEIYnZj0YSerOTJAQAAANDXfN8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 689017
Content-Type: application/x-javascript
Date: Mon, 31 Mar 2025 18:37:06 GMT
Connection: keep-alive
Keep-Alive: timeout=5
104.21.94.250
81.19.140.193
13.107.246.53
0.0.0.0