Report - megaaaglisse.com/pret/sas/sas2/qelyyu/d2lsc29ucm9AY2Fzc2NvdW50eW5kLmdvdg==

Report Overview

URL

megaaaglisse.com/pret/sas/sas2/qelyyu/d2lsc29ucm9AY2Fzc2NvdW50eW5kLmdvdg==
IP

109.234.160.139

ASN

#50474 O2switch Sarl
Submitted

2023-06-10T12:27:23Z

Access

public
Tags

phishing microsoft outlook
urlquery detections

Phishing - Microsoft Outlook

Detections

urlquery

2
Network Intrusion Detection

3
Threat Detection Systems

5

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
aadcdn.msauth.net (8)	1421	2018-11-19 11:50:03	2023-06-10 05:30:38	4288	78129	13.107.213.53
login.live.com (1)	79	2012-05-21 09:00:20	2023-06-10 10:16:37	445	1907	20.190.177.148
pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev (5)	unknown	2023-06-07 21:58:01	2023-06-10 11:34:52	2685	59444	104.18.2.35
ajax.googleapis.com (2)	12905	2013-08-16 11:51:31	2023-06-10 11:47:03	934	64122	142.250.74.106
i.postimg.cc (2)	23840	2018-04-11 12:01:12	2023-06-10 09:28:37	932	21774	162.19.88.69
logincdn.msauth.net (3)	2330	2019-04-23 03:13:28	2023-06-10 12:57:24	1601	3964	192.229.221.185
ocsp.sectigo.com (1)	487	2019-11-29 12:50:24	2023-06-10 09:30:09	330	963	104.18.15.101
authorize.binniegrosspurpose.store (1)	unknown	2023-05-13 21:11:03	2023-06-10 02:30:48	601	290	184.94.213.167
megaaaglisse.com (1)	unknown	2021-11-09 14:58:14	2023-06-10 12:31:00	530	268	109.234.160.139
ocsp.pki.goog (2)	175	2018-07-01 08:43:07	2023-06-10 05:09:51	666	1398	142.250.74.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-10T12:27:05Z	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-06-10T12:27:05Z	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-06-10T12:27:08Z	medium	Client IP	Internal IP	ET DNS Query for .cc TLD

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-06-09	medium	megaaaglisse.com/pret/sas/sas2/qelyyu/d2lsc29ucm9AY2Fzc2NvdW50eW5kLmdvdg==
2023-06-07	medium	pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html
2023-06-07	medium	pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html

PhishTank

Scan Date	Severity	Indicator	Alert
2023-06-09	medium	pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html
2023-06-09	medium	pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

HTTP Transactions (26)

URL IP Response Size

megaaaglisse.com/pret/sas/sas2/qelyyu/d2lsc29ucm9AY2Fzc2NvdW50eW5kLmdvdg==

109.234.160.139

URL

megaaaglisse.com/pret/sas/sas2/qelyyu/d2lsc29ucm9AY2Fzc2NvdW50eW5kLmdvdg==
IP

109.234.160.139:0
ASN

#50474 O2switch Sarl

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
openphish	Outlook

HTTP Headers

                                        GET /pret/sas/sas2/qelyyu/d2lsc29ucm9AY2Fzc2NvdW50eW5kLmdvdg== HTTP/1.1
Host: megaaaglisse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sat, 10 Jun 2023 12:27:05 GMT
content-type: text/html; charset=UTF-8
content-length: 0
refresh: 0;url=https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html#wilsonro@casscountynd.gov
server: o2switch-PowerBoost-v3
X-Firefox-Spdy: h2

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html

104.18.2.35

489

URL

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html
IP

104.18.2.35:0
ASN

#13335 CLOUDFLARENET

Magic

HTML document text\012- HTML document, ASCII text

Size

489
Hash

8e9b1f3d48c3819728eebfceb37c8ea0

454170f8ef3605eb1d7824be38c96024e604bf14

036fdbdd077cebe5b9c1b9a21bedcf8964f052ab2d93b9129c8bd18d521aad27

HTTP Headers

                                        GET /index.html HTTP/1.1
Host: pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 12:27:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"8e9b1f3d48c3819728eebfceb37c8ea0"
Last-Modified: Mon, 05 Jun 2023 15:48:38 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d519b427c00b524-OSL
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

039bd5f5536d1b489d46e52d9cd5a21e

88770d7c23bb9aefa7d8fad6262332c0a682a0d3

6195b2c8747988942a35a477b811d323d137e697b23c6670d093a1b10c4879c9

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Jun 2023 12:27:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js

142.250.74.106

31154

URL

ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js
IP

142.250.74.106:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (65447)

Size

31154
Hash

641dd14370106e992d352166f5a07e99

eda46747c71d38a880bee44f9a439c3858bb8f99

a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af

HTTP Headers

                                        GET /ajax/libs/jquery/3.6.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31154
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Jun 2023 13:53:51 GMT
expires: Sun, 02 Jun 2024 13:53:51 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 599595
last-modified: Tue, 04 Apr 2023 03:27:01 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i.postimg.cc/pTF5N0Dk/outlogo-a.png

162.19.88.69

13104

URL

i.postimg.cc/pTF5N0Dk/outlogo-a.png
IP

162.19.88.69:0
ASN

#16276 OVH SAS

Magic

PNG image data, 200 x 185, 8-bit/color RGBA, non-interlaced\012- data

Size

13104
Hash

c7280d37085fbbf1d305a3d02021f90c

f6bb95a7efe4a8c5eb5f1a18b3867db52a1d9bf2

ff1197d661ec23e0e8ae066305396bc0d8fb478d2ded1e994249974f7fa6cb1f

HTTP Headers

                                        GET /pTF5N0Dk/outlogo-a.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
server: nginx
date: Sat, 10 Jun 2023 12:27:06 GMT
content-type: image/png
content-length: 13104
last-modified: Sat, 13 May 2023 22:44:41 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

039bd5f5536d1b489d46e52d9cd5a21e

88770d7c23bb9aefa7d8fad6262332c0a682a0d3

6195b2c8747988942a35a477b811d323d137e697b23c6670d093a1b10c4879c9

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Jun 2023 12:27:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/favicon.ico

104.18.2.35

6476

URL

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/favicon.ico
IP

104.18.2.35:0
ASN

#13335 CLOUDFLARENET

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (611)

Size

6476
Hash

df3d48946e8d3f5a83608308edbb4b86

47b9c40c97abf2658df96b1c06109324e15e1a00

570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 404 Not Found
Date: Sat, 10 Jun 2023 12:27:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d519b4629a2b524-OSL
Content-Encoding: gzip

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html

104.18.2.35

10283

URL

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html
IP

104.18.2.35:0
ASN

#13335 CLOUDFLARENET

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1531)

Size

10283
Hash

2544facb4f25d8370e21e51962cc169c

98d1b24284a4d7dc2c78cff0acae2d60819425fa

43079d15b2464a690561c4a3f9f905692d89bb7f6880ff7128c4d7edffab5ff6

Detections

Analyzer	Verdict	Alert
openphish	Outlook
phishtank	Other

HTTP Headers

                                        GET /index2.html HTTP/1.1
Host: pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 12:27:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"2544facb4f25d8370e21e51962cc169c"
Last-Modified: Mon, 05 Jun 2023 15:48:38 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d519b52bd1fb524-OSL
Content-Encoding: gzip

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.74.106

200 OK

31021

URL GET HTTP/3

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP

142.250.74.106:443
ASN

#15169 GOOGLE

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0

ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

Magic

ASCII text, with very long lines (65451)

Size

31021
Hash

dc5e7f18c8d36ac1d3d4753a87c98d0a

c8e1c8b386dc5b7a9184c763c88d19a346eb3342

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

                                        GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Jun 2023 18:21:45 GMT
expires: Sat, 08 Jun 2024 18:21:45 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 65123
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

i.postimg.cc/jSSXVbCX/cbimage.jpg

162.19.88.69

200 OK

7948

URL GET HTTP/2

i.postimg.cc/jSSXVbCX/cbimage.jpg
IP

162.19.88.69:443
ASN

#16276 OVH SAS

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerLet's Encrypt

Subjectpostimg.cc

FingerprintF7:9A:EC:C0:0E:AB:80:A9:55:8F:DF:97:AD:BB:4B:70:07:08:F0:F0

ValidityWed, 19 Apr 2023 13:39:30 GMT - Tue, 18 Jul 2023 13:39:29 GMT

Magic

JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 29x32, components 3\012- data

Size

7948
Hash

d9770e6df0dba2ca3e46ce1583d32969

83c5ea5fc0d13cb0e274a76be8e47a63a5aa5655

a1628cef037d3930abed04e0db3eaa1fe2eeedfd60e843da356ada1ff9d0d432

HTTP Headers

                                        GET /jSSXVbCX/cbimage.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 10 Jun 2023 12:27:08 GMT
content-type: image/jpeg
content-length: 7948
last-modified: Sat, 13 May 2023 22:57:42 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

United States MICROSOFT-CORP-MSN-AS-BLOCK

13.107.213.53

200 OK

673

URL GET HTTP/2

aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
IP

13.107.213.53:443
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84

ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1864), with no line terminators

Size

673
Hash

bc3d32a696895f78c19df6c717586a5d

9191cb156a30a3ed79c44c0a16c95159e8ff689d

0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

HTTP Headers

                                        GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 673
content-type: image/svg+xml
content-encoding: gzip
content-md5: DhdidjYrlCeaRJJRG/y9mA==
last-modified: Wed, 12 Feb 2020 22:01:30 GMT
etag: 0x8D7B0071D86E386
x-cache: TCP_HIT
x-ms-request-id: 16548846-101e-000a-669e-943966000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0ZfKCZAAAAABf732Z2j5fQa3h8tPBkdAVQU1TMDRFREdFMTkxNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAAA4PgRrZPpDT57Y83YFn6wkU1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

13.107.213.53

200 OK

1435

URL GET HTTP/2

aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
IP

13.107.213.53:443
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84

ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

Magic

SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators

Size

1435
Hash

ee5c8d9fb6248c938fd0dc19370e90bd

d01a22720918b781338b5bbf9202b241a5f99ee4

04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

HTTP Headers

                                        GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 1435
content-type: image/svg+xml
content-encoding: gzip
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
last-modified: Fri, 17 Jan 2020 19:28:38 GMT
etag: 0x8D79B8373CB2849
x-cache: TCP_HIT
x-ms-request-id: 665222c6-c01e-005b-3344-997157000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0LNiCZAAAAAB4fgHm3cImRrkfatknPz3uQU1TMDRFREdFMTgwOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAABV7qjV+PG2RJx+g+5CN46cU1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg

13.107.213.53

200 OK

252

URL GET HTTP/2

aadcdn.msauth.net/shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
IP

13.107.213.53:443
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84

ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

Magic

SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (900), with no line terminators

Size

252
Hash

635a63d500a92a0b8497cdc58d0f66b1

a32eba4b4d139e8da52c5801a13c1ee222b2b882

61d7ccc5d2c41bf86be6cefb0063405067849ba64e9f219f60596ef09a54a942

HTTP Headers

                                        GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 252
content-type: image/svg+xml
content-encoding: gzip
content-md5: GapJ5vNFgRzr6JUAPI/Pxw==
last-modified: Fri, 17 Jan 2020 19:28:37 GMT
etag: 0x8D79B83739D7D79
x-cache: TCP_HIT
x-ms-request-id: 2b253c4a-201e-002d-039a-9a795b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0MtCCZAAAAADfrizTMWPWRo2Ro6srUYg2QU1TMDRFREdFMTkxMAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAAAlBJ2ftmmwQJt7AmfEivKDU1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg

13.107.213.53

200 OK

263

URL GET HTTP/2

aadcdn.msauth.net/shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
IP

13.107.213.53:443
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84

ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

Magic

SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (915), with no line terminators

Size

263
Hash

2b5d393db04a5e6e1f739cb266e65b4c

6a435df5cac3d58ccad655fe022ccf3dd4b9b721

16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

HTTP Headers

                                        GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 263
content-type: image/svg+xml
content-encoding: gzip
content-md5: /a3y/mpA+HRaVAiPACrsog==
last-modified: Fri, 17 Jan 2020 19:28:37 GMT
etag: 0x8D79B83737D1C56
x-cache: TCP_HIT
x-ms-request-id: 739f5bd0-201e-0095-4b84-95570e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 02fyCZAAAAAAcVUezkqLqQaVhYl6/4M8GQU1TMDRFREdFMTkxMAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAABEVWVJSkbDQJ2NCsGw7v3nU1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css

13.107.213.53

200 OK

19750

URL GET HTTP/2

aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css
IP

13.107.213.53:443
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84

ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (61177)

Size

19750
Hash

5a25dd6f3dd40593681065e908691fa2

2f0d8a2c1c76b8b6d5354240907d353701aa11b7

a96b2b12489a80eafe62cc4bcc04cb367e2b54efc3039e484211c7deec12c0b8

HTTP Headers

                                        GET /ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 19750
content-type: text/css
content-encoding: gzip
content-md5: /7H4IR1YAHBHDqgAZw2T1Q==
last-modified: Tue, 18 Aug 2020 21:44:27 GMT
etag: 0x8D843BFE1586E6F
x-cache: TCP_HIT
x-ms-request-id: eb04640c-c01e-0023-7492-9adb46000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0+MCCZAAAAADHyLyG8r44Q5L55kywil7PQU1TMDRFREdFMTkyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAAAXOuy+UsVfQ7keNri0C64PU1ZHMjBFREdFMDYxOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

192.229.221.185

200 OK

1435

URL GET HTTP/2

logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
IP

192.229.221.185:443
ASN

#15133 EDGECAST

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerMicrosoft Corporation

Subjectidentitycdn.msauth.net

FingerprintEE:40:2D:5A:6D:D7:45:A2:7B:73:AC:5A:A3:0A:9C:D7:D5:BB:5A:E4

ValidityTue, 23 Aug 2022 22:36:46 GMT - Fri, 18 Aug 2023 22:36:46 GMT

Magic

SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators

Size

1435
Hash

ee5c8d9fb6248c938fd0dc19370e90bd

d01a22720918b781338b5bbf9202b241a5f99ee4

04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

HTTP Headers

                                        GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 12672186
cache-control: public, max-age=31536000
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
content-type: image/svg+xml
date: Sat, 10 Jun 2023 12:27:09 GMT
etag: 0x8D79ED29CF0C29A
last-modified: Wed, 22 Jan 2020 00:32:50 GMT
server: ECAcc (ska/F7B5)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: fd0c0cdd-301e-0034-1256-28f450000000
x-ms-version: 2009-09-19
content-length: 1435
X-Firefox-Spdy: h2

logincdn.msauth.net/shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg

192.229.221.185

200 OK

252

URL GET HTTP/2

logincdn.msauth.net/shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
IP

192.229.221.185:443
ASN

#15133 EDGECAST

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerMicrosoft Corporation

Subjectidentitycdn.msauth.net

FingerprintEE:40:2D:5A:6D:D7:45:A2:7B:73:AC:5A:A3:0A:9C:D7:D5:BB:5A:E4

ValidityTue, 23 Aug 2022 22:36:46 GMT - Fri, 18 Aug 2023 22:36:46 GMT

Magic

SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (900), with no line terminators

Size

252
Hash

635a63d500a92a0b8497cdc58d0f66b1

a32eba4b4d139e8da52c5801a13c1ee222b2b882

61d7ccc5d2c41bf86be6cefb0063405067849ba64e9f219f60596ef09a54a942

HTTP Headers

                                        GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 83538
cache-control: public, max-age=31536000
content-md5: GapJ5vNFgRzr6JUAPI/Pxw==
content-type: image/svg+xml
date: Sat, 10 Jun 2023 12:27:09 GMT
etag: 0x8D79ED29C78BE93
last-modified: Wed, 22 Jan 2020 00:32:50 GMT
server: ECAcc (ska/F768)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 78c3c385-d01e-0062-42d4-9a511b000000
x-ms-version: 2009-09-19
content-length: 252
X-Firefox-Spdy: h2

logincdn.msauth.net/shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg

192.229.221.185

200 OK

263

URL GET HTTP/2

logincdn.msauth.net/shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
IP

192.229.221.185:443
ASN

#15133 EDGECAST

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerMicrosoft Corporation

Subjectidentitycdn.msauth.net

FingerprintEE:40:2D:5A:6D:D7:45:A2:7B:73:AC:5A:A3:0A:9C:D7:D5:BB:5A:E4

ValidityTue, 23 Aug 2022 22:36:46 GMT - Fri, 18 Aug 2023 22:36:46 GMT

Magic

SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (915), with no line terminators

Size

263
Hash

2b5d393db04a5e6e1f739cb266e65b4c

6a435df5cac3d58ccad655fe022ccf3dd4b9b721

16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

HTTP Headers

                                        GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 26036280
cache-control: public, max-age=31536000
content-md5: /a3y/mpA+HRaVAiPACrsog==
content-type: image/svg+xml
date: Sat, 10 Jun 2023 12:27:09 GMT
etag: 0x8D79ED29CB2C46E
last-modified: Wed, 22 Jan 2020 00:32:50 GMT
server: ECAcc (ska/F7B8)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 28082b1c-601e-0091-1aca-ae67e5000000
x-ms-version: 2009-09-19
content-length: 263
X-Firefox-Spdy: h2

aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

13.107.213.53

200 OK

17174

URL GET HTTP/2

aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
IP

13.107.213.53:443
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84

ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

Magic

MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data

Size

17174
Hash

12e3dac858061d088023b2bd48e2fa96

e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

                                        GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
content-length: 17174
content-type: image/x-icon
content-md5: EuPayFgGHQiAI7K9SOL6lg==
last-modified: Fri, 02 Nov 2018 20:25:25 GMT
etag: 0x8D6410152A9D7E1
x-cache: TCP_HIT
x-ms-request-id: dafd6dbd-101e-0036-428c-99ec6e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0msaCZAAAAAAOKV3ZBhf0SIkt5u0edKlqQU1TMDRFREdFMTkyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAADfwRa8IYfJRaMo6Ua7ER5hU1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css

13.107.213.53

200 OK

19750

URL GET HTTP/2

aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css
IP

13.107.213.53:443
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84

ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (61177)

Size

19750
Hash

5a25dd6f3dd40593681065e908691fa2

2f0d8a2c1c76b8b6d5354240907d353701aa11b7

a96b2b12489a80eafe62cc4bcc04cb367e2b54efc3039e484211c7deec12c0b8

HTTP Headers

                                        GET /ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 19750
content-type: text/css
content-encoding: gzip
content-md5: /7H4IR1YAHBHDqgAZw2T1Q==
last-modified: Tue, 18 Aug 2020 21:44:27 GMT
etag: 0x8D843BFE1586E6F
x-cache: TCP_HIT
x-ms-request-id: eb04640c-c01e-0023-7492-9adb46000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0+MCCZAAAAADHyLyG8r44Q5L55kywil7PQU1TMDRFREdFMTkyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAAAT4aGdx0GQS6vkHD+rj9aXU1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js

13.107.213.53

200 OK

11322

URL GET HTTP/2

aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js
IP

13.107.213.53:443
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84

ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

Magic

Unicode text, UTF-8 text, with very long lines (32009)

Size

11322
Hash

61152ab723b4aac94eef497803efd436

9dd07deea63389c32b6c297ea0385b0329fe8f1d

fff0b1c545c2119a2855b9028567640f4145c079eff9b48da0ddf66dc8d92f6c

HTTP Headers

                                        GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 11322
content-type: application/x-javascript
content-encoding: gzip
content-md5: 5Zw7HraGKmMzSIoAiA15xA==
last-modified: Wed, 12 Aug 2020 03:03:49 GMT
etag: 0x8D83E6C5642CD2B
x-cache: TCP_HIT
x-ms-request-id: 0ff38cd0-f01e-0080-7c98-9a6026000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0aRaDZAAAAAALALXQQk6ZR4xQSC14NsyrQU1TMDRFREdFMTkyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAADWIvoZFKUQTbwreeS5zHz0U1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

20.190.177.148

200 OK

1132

URL GET HTTP/1.1

login.live.com/Me.htm?v=3
IP

20.190.177.148:443
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerDigiCert Inc

Subjectlogin.live.com

Fingerprint39:21:EA:1C:F8:78:E5:E4:84:D3:7A:AD:EA:36:59:90:51:3C:82:EF

ValiditySun, 02 Apr 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

Magic

HTML document, ASCII text, with very long lines (2345), with CRLF line terminators

Size

1132
Hash

e86ef8b6111e5fb1d1665bcdc90888c9

994bf7651cb967cd9053056af2d69acb74db7f29

3410242720de50b090d07a23aee2dad879b31d36f2615732962ec4cfa8a9d458

HTTP Headers

                                        GET /Me.htm?v=3 HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Cache-Control: max-age=315360000
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Tue, 07 Jun 2033 12:27:09 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C107_BL2
x-ms-request-id: 0d1ead8a-ddcd-4ca3-839e-cac1d01d483c
PPServer: PPV: 30 H: BL02PFA09B1BC9E V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=d907a205fcf440f0b5ddcd3073accd8d; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=N&lt=1686400029&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Sat, 10 Jun 2023 12:27:08 GMT
Content-Length: 1132

ocsp.sectigo.com/

104.18.15.101

471

URL

ocsp.sectigo.com/
IP

104.18.15.101:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

471
Hash

60acba84f8be37e15a4113e269e7b481

730d759ef3feb5cc5ec97a26ad37a569b6fc2ab9

d6b33fab38a4f0b62a4d080051891188c36dbc4023dcc48e5a9229e7245ee0d4

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 12:27:09 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Jun 2023 13:38:51 GMT
Expires: Thu, 15 Jun 2023 13:38:50 GMT
Etag: "730d759ef3feb5cc5ec97a26ad37a569b6fc2ab9"
Cache-Control: max-age=435700,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d519b5a393a0b61-OSL

authorize.binniegrosspurpose.store/

184.94.213.167

200 OK

URL POST HTTP/2

authorize.binniegrosspurpose.store/
IP

184.94.213.167:443
ASN

#22612 NAMECHEAP-NET

Requested by

https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate

IssuerSectigo Limited

Subjectauthorize.binniegrosspurpose.store

Fingerprint75:49:42:E1:21:57:16:05:34:65:D2:D3:2C:AF:FA:F8:C4:83:FC:15

ValiditySat, 13 May 2023 00:00:00 GMT - Mon, 13 May 2024 23:59:59 GMT

Magic

ASCII text, with no line terminators

Size

6
Hash

444bcb3a3fcf8389296c49467f27e1d6

7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

                                        POST / HTTP/1.1
Host: authorize.binniegrosspurpose.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 141
Origin: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
x-powered-by: PHP/8.0.28
access-control-allow-origin: *
content-type: text/html; charset=UTF-8
content-length: 6
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 Jun 2023 12:27:10 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html

104.18.2.35

200 OK

39874

URL User Request GET HTTP/1.1

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html
IP

104.18.2.35:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subject*.r2.dev

Fingerprint87:5C:76:14:05:03:7E:AD:00:B9:80:0B:3F:E7:E3:25:D8:A5:4C:03

ValidityMon, 17 Apr 2023 14:40:35 GMT - Sun, 16 Jul 2023 14:40:34 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1531)

Size

39874
Hash

2544facb4f25d8370e21e51962cc169c

98d1b24284a4d7dc2c78cff0acae2d60819425fa

43079d15b2464a690561c4a3f9f905692d89bb7f6880ff7128c4d7edffab5ff6

Detections

Analyzer	Verdict	Alert
openphish	Outlook
phishtank	Other

HTTP Headers

                                        GET /index2.html HTTP/1.1
Host: pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 12:27:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"2544facb4f25d8370e21e51962cc169c"
Last-Modified: Mon, 05 Jun 2023 15:48:38 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d519b52bd1fb524-OSL
Content-Encoding: gzip

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html

104.18.2.35

200 OK

811

URL User Request GET HTTP/1.1

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html
IP

104.18.2.35:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subject*.r2.dev

Fingerprint87:5C:76:14:05:03:7E:AD:00:B9:80:0B:3F:E7:E3:25:D8:A5:4C:03

ValidityMon, 17 Apr 2023 14:40:35 GMT - Sun, 16 Jul 2023 14:40:34 GMT

Magic

HTML document text\012- HTML document, ASCII text, with very long lines (857), with no line terminators

Size

811
Hash

11f60ba82a04d21c7c5a38bca55674f6

cd475f5df71a8d207fd817d7360c80c1c2a372f3

4bd900e6c64deb7ed61cf3e3259761c754f93c69e25a388e85daf996f363fed6

HTTP Headers

                                        GET /index.html HTTP/1.1
Host: pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 12:27:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"8e9b1f3d48c3819728eebfceb37c8ea0"
Last-Modified: Mon, 05 Jun 2023 15:48:38 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d519b427c00b524-OSL
Content-Encoding: gzip

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

#1 JS:Script (size: 16)

#2 JS:Script (size: 89476)

#3 JS:Script (size: 6311)

HTTP Transactions (26)

URL

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL

IP