Report - megaaaglisse.com/pret/sas/sas2/qelyyu/d2lsc29ucm9AY2Fzc2NvdW50eW5kLmdvdg==

Report Overview

Submitted URL
megaaaglisse.com/pret/sas/sas2/qelyyu/d2lsc29ucm9AY2Fzc2NvdW50eW5kLmdvdg==
IP
109.234.160.139
ASN
#50474 O2switch Sarl
Submitted
2023-06-10 12:27:23
Access
public
Website Title
Final URL
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
2
Network Intrusion Detection
3
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aadcdn.msauth.net	1421	2018-10-25	2018-11-19	2023-06-10	4.3 kB	78 kB	13.107.213.53
login.live.com	79	1994-12-28	2012-05-21	2023-06-10	445 B	1.9 kB	20.190.177.148
pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev	unknown	2022-08-23	2023-06-07	2023-06-10	2.7 kB	59 kB	104.18.2.35
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2023-06-10	934 B	64 kB	142.250.74.106
i.postimg.cc	23840	2016-06-11	2018-04-11	2023-06-10	932 B	22 kB	162.19.88.69
logincdn.msauth.net	2330	2018-10-25	2019-04-23	2023-06-10	1.6 kB	4.0 kB	192.229.221.185
ocsp.sectigo.com	487	2018-08-16	2019-11-29	2023-06-10	330 B	963 B	104.18.15.101
authorize.binniegrosspurpose.store	unknown	2023-04-24	2023-05-13	2023-06-10	601 B	290 B	184.94.213.167
megaaaglisse.com	unknown	2021-11-09	2021-11-09	2023-06-10	530 B	268 B	109.234.160.139
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-06-10	666 B	1.4 kB	142.250.74.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-10 12:27:05	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-06-10 12:27:05	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-06-10 12:27:08	medium	Client IP	Internal IP	ET DNS Query for .cc TLD

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-06-09	medium	megaaaglisse.com/pret/sas/sas2/qelyyu/d2lsc29ucm9AY2Fzc2NvdW50eW5kLmdvdg==
2023-06-07	medium	pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html
2023-06-07	medium	pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html

PhishTank

Scan Date	Severity	Indicator	Alert
2023-06-09	medium	pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html
2023-06-09	medium	pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	unknown	16 B	2023-04-10	2024-04-18
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 21:05:25 Last Seen2024-04-18 11:46:45 Times Seen1473 Hash 35cbe67c28f248a0eda182fcd963bb07 d8ab6c8b6cbd09e6f35cdd9cf423590155fce997 749c737310ca23809bb32db69b1bfb5125b2b695b01814e0ef1d0025fe239d77 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-04-18
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-18 22:27:25 Times Seen138198 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov	6.3 kB	2023-06-08	2024-04-14
Pretty URL pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-08 13:10:53 Last Seen2024-04-14 07:13:32 Times Seen43 Hash fbf38d628568936efb5f06b9462ac2ee 9a79ee63c204e4cdf75f0d641436c90374e2dc6b 84a4e7e003ccb1238157e8950b25deacf7884af1788c7a8bba23967b07c19696 Loading...

HTTP Transactions (26)

URL IP Response Size

megaaaglisse.com/pret/sas/sas2/qelyyu/d2lsc29ucm9AY2Fzc2NvdW50eW5kLmdvdg==

109.234.160.139

0 B

URL
megaaaglisse.com/pret/sas/sas2/qelyyu/d2lsc29ucm9AY2Fzc2NvdW50eW5kLmdvdg==
IP
109.234.160.139:0
ASN
#50474 O2switch Sarl

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
openphish	Outlook

HTTP Headers

GET /pret/sas/sas2/qelyyu/d2lsc29ucm9AY2Fzc2NvdW50eW5kLmdvdg== HTTP/1.1
Host: megaaaglisse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 10 Jun 2023 12:27:05 GMT
content-type: text/html; charset=UTF-8
content-length: 0
refresh: 0;url=https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html#wilsonro@casscountynd.gov
server: o2switch-PowerBoost-v3
X-Firefox-Spdy: h2

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html

104.18.2.35

489 B

URL
pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html
IP
104.18.2.35:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document, ASCII text
Size
489 B (489 bytes)
Hash
8e9b1f3d48c3819728eebfceb37c8ea0
454170f8ef3605eb1d7824be38c96024e604bf14
036fdbdd077cebe5b9c1b9a21bedcf8964f052ab2d93b9129c8bd18d521aad27

HTTP Headers

GET /index.html HTTP/1.1
Host: pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 12:27:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"8e9b1f3d48c3819728eebfceb37c8ea0"
Last-Modified: Mon, 05 Jun 2023 15:48:38 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d519b427c00b524-OSL
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.3

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
039bd5f5536d1b489d46e52d9cd5a21e
88770d7c23bb9aefa7d8fad6262332c0a682a0d3
6195b2c8747988942a35a477b811d323d137e697b23c6670d093a1b10c4879c9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Jun 2023 12:27:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js

142.250.74.106

31 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65447)
Size
31 kB (31154 bytes)
Hash
641dd14370106e992d352166f5a07e99
eda46747c71d38a880bee44f9a439c3858bb8f99
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af

HTTP Headers

GET /ajax/libs/jquery/3.6.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31154
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Jun 2023 13:53:51 GMT
expires: Sun, 02 Jun 2024 13:53:51 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 599595
last-modified: Tue, 04 Apr 2023 03:27:01 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i.postimg.cc/pTF5N0Dk/outlogo-a.png

162.19.88.69

13 kB

URL
i.postimg.cc/pTF5N0Dk/outlogo-a.png
IP
162.19.88.69:0
ASN
#16276 OVH SAS

File type
PNG image data, 200 x 185, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (13104 bytes)
Hash
c7280d37085fbbf1d305a3d02021f90c
f6bb95a7efe4a8c5eb5f1a18b3867db52a1d9bf2
ff1197d661ec23e0e8ae066305396bc0d8fb478d2ded1e994249974f7fa6cb1f

HTTP Headers

GET /pTF5N0Dk/outlogo-a.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 Jun 2023 12:27:06 GMT
content-type: image/png
content-length: 13104
last-modified: Sat, 13 May 2023 22:44:41 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
039bd5f5536d1b489d46e52d9cd5a21e
88770d7c23bb9aefa7d8fad6262332c0a682a0d3
6195b2c8747988942a35a477b811d323d137e697b23c6670d093a1b10c4879c9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Jun 2023 12:27:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/favicon.ico

104.18.2.35

6.5 kB

URL
pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/favicon.ico
IP
104.18.2.35:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (611)
Size
6.5 kB (6476 bytes)
Hash
df3d48946e8d3f5a83608308edbb4b86
47b9c40c97abf2658df96b1c06109324e15e1a00
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sat, 10 Jun 2023 12:27:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d519b4629a2b524-OSL
Content-Encoding: gzip

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html

104.18.2.35

10 kB

URL
pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html
IP
104.18.2.35:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1531)
Size
10 kB (10283 bytes)
Hash
2544facb4f25d8370e21e51962cc169c
98d1b24284a4d7dc2c78cff0acae2d60819425fa
43079d15b2464a690561c4a3f9f905692d89bb7f6880ff7128c4d7edffab5ff6

Detections

Analyzer	Verdict	Alert
openphish	Outlook
phishtank	Other

HTTP Headers

GET /index2.html HTTP/1.1
Host: pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 12:27:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"2544facb4f25d8370e21e51962cc169c"
Last-Modified: Mon, 05 Jun 2023 15:48:38 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d519b52bd1fb524-OSL
Content-Encoding: gzip

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.74.106

200 OK

31 kB

URL GET HTTP/3
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Jun 2023 18:21:45 GMT
expires: Sat, 08 Jun 2024 18:21:45 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 65123
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

i.postimg.cc/jSSXVbCX/cbimage.jpg

162.19.88.69

200 OK

7.9 kB

URL GET HTTP/2
i.postimg.cc/jSSXVbCX/cbimage.jpg
IP
162.19.88.69:443
ASN
#16276 OVH SAS

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintF7:9A:EC:C0:0E:AB:80:A9:55:8F:DF:97:AD:BB:4B:70:07:08:F0:F0
ValidityWed, 19 Apr 2023 13:39:30 GMT - Tue, 18 Jul 2023 13:39:29 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 29x32, components 3\012- data
Size
7.9 kB (7948 bytes)
Hash
d9770e6df0dba2ca3e46ce1583d32969
83c5ea5fc0d13cb0e274a76be8e47a63a5aa5655
a1628cef037d3930abed04e0db3eaa1fe2eeedfd60e843da356ada1ff9d0d432

HTTP Headers

GET /jSSXVbCX/cbimage.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Jun 2023 12:27:08 GMT
content-type: image/jpeg
content-length: 7948
last-modified: Sat, 13 May 2023 22:57:42 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

13.107.213.53

200 OK

673 B

URL GET HTTP/2
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84
ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1864), with no line terminators
Size
673 B (673 bytes)
Hash
bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

HTTP Headers

GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 673
content-type: image/svg+xml
content-encoding: gzip
content-md5: DhdidjYrlCeaRJJRG/y9mA==
last-modified: Wed, 12 Feb 2020 22:01:30 GMT
etag: 0x8D7B0071D86E386
x-cache: TCP_HIT
x-ms-request-id: 16548846-101e-000a-669e-943966000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0ZfKCZAAAAABf732Z2j5fQa3h8tPBkdAVQU1TMDRFREdFMTkxNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAAA4PgRrZPpDT57Y83YFn6wkU1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

13.107.213.53

200 OK

1.4 kB

URL GET HTTP/2
aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84
ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators
Size
1.4 kB (1435 bytes)
Hash
ee5c8d9fb6248c938fd0dc19370e90bd
d01a22720918b781338b5bbf9202b241a5f99ee4
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

HTTP Headers

GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 1435
content-type: image/svg+xml
content-encoding: gzip
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
last-modified: Fri, 17 Jan 2020 19:28:38 GMT
etag: 0x8D79B8373CB2849
x-cache: TCP_HIT
x-ms-request-id: 665222c6-c01e-005b-3344-997157000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0LNiCZAAAAAB4fgHm3cImRrkfatknPz3uQU1TMDRFREdFMTgwOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAABV7qjV+PG2RJx+g+5CN46cU1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg

13.107.213.53

200 OK

252 B

URL GET HTTP/2
aadcdn.msauth.net/shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84
ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (900), with no line terminators
Size
252 B (252 bytes)
Hash
635a63d500a92a0b8497cdc58d0f66b1
a32eba4b4d139e8da52c5801a13c1ee222b2b882
61d7ccc5d2c41bf86be6cefb0063405067849ba64e9f219f60596ef09a54a942

HTTP Headers

GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 252
content-type: image/svg+xml
content-encoding: gzip
content-md5: GapJ5vNFgRzr6JUAPI/Pxw==
last-modified: Fri, 17 Jan 2020 19:28:37 GMT
etag: 0x8D79B83739D7D79
x-cache: TCP_HIT
x-ms-request-id: 2b253c4a-201e-002d-039a-9a795b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0MtCCZAAAAADfrizTMWPWRo2Ro6srUYg2QU1TMDRFREdFMTkxMAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAAAlBJ2ftmmwQJt7AmfEivKDU1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg

13.107.213.53

200 OK

263 B

URL GET HTTP/2
aadcdn.msauth.net/shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84
ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (915), with no line terminators
Size
263 B (263 bytes)
Hash
2b5d393db04a5e6e1f739cb266e65b4c
6a435df5cac3d58ccad655fe022ccf3dd4b9b721
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

HTTP Headers

GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 263
content-type: image/svg+xml
content-encoding: gzip
content-md5: /a3y/mpA+HRaVAiPACrsog==
last-modified: Fri, 17 Jan 2020 19:28:37 GMT
etag: 0x8D79B83737D1C56
x-cache: TCP_HIT
x-ms-request-id: 739f5bd0-201e-0095-4b84-95570e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 02fyCZAAAAAAcVUezkqLqQaVhYl6/4M8GQU1TMDRFREdFMTkxMAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAABEVWVJSkbDQJ2NCsGw7v3nU1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css

13.107.213.53

200 OK

20 kB

URL GET HTTP/2
aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84
ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (61177)
Size
20 kB (19750 bytes)
Hash
5a25dd6f3dd40593681065e908691fa2
2f0d8a2c1c76b8b6d5354240907d353701aa11b7
a96b2b12489a80eafe62cc4bcc04cb367e2b54efc3039e484211c7deec12c0b8

HTTP Headers

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 19750
content-type: text/css
content-encoding: gzip
content-md5: /7H4IR1YAHBHDqgAZw2T1Q==
last-modified: Tue, 18 Aug 2020 21:44:27 GMT
etag: 0x8D843BFE1586E6F
x-cache: TCP_HIT
x-ms-request-id: eb04640c-c01e-0023-7492-9adb46000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0+MCCZAAAAADHyLyG8r44Q5L55kywil7PQU1TMDRFREdFMTkyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAAAXOuy+UsVfQ7keNri0C64PU1ZHMjBFREdFMDYxOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

192.229.221.185

200 OK

1.4 kB

URL GET HTTP/2
logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
IP
192.229.221.185:443
ASN
#15133 EDGECAST

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
FingerprintEE:40:2D:5A:6D:D7:45:A2:7B:73:AC:5A:A3:0A:9C:D7:D5:BB:5A:E4
ValidityTue, 23 Aug 2022 22:36:46 GMT - Fri, 18 Aug 2023 22:36:46 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators
Size
1.4 kB (1435 bytes)
Hash
ee5c8d9fb6248c938fd0dc19370e90bd
d01a22720918b781338b5bbf9202b241a5f99ee4
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

HTTP Headers

GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 12672186
cache-control: public, max-age=31536000
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
content-type: image/svg+xml
date: Sat, 10 Jun 2023 12:27:09 GMT
etag: 0x8D79ED29CF0C29A
last-modified: Wed, 22 Jan 2020 00:32:50 GMT
server: ECAcc (ska/F7B5)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: fd0c0cdd-301e-0034-1256-28f450000000
x-ms-version: 2009-09-19
content-length: 1435
X-Firefox-Spdy: h2

logincdn.msauth.net/shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg

192.229.221.185

200 OK

252 B

URL GET HTTP/2
logincdn.msauth.net/shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
IP
192.229.221.185:443
ASN
#15133 EDGECAST

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
FingerprintEE:40:2D:5A:6D:D7:45:A2:7B:73:AC:5A:A3:0A:9C:D7:D5:BB:5A:E4
ValidityTue, 23 Aug 2022 22:36:46 GMT - Fri, 18 Aug 2023 22:36:46 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (900), with no line terminators
Size
252 B (252 bytes)
Hash
635a63d500a92a0b8497cdc58d0f66b1
a32eba4b4d139e8da52c5801a13c1ee222b2b882
61d7ccc5d2c41bf86be6cefb0063405067849ba64e9f219f60596ef09a54a942

HTTP Headers

GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 83538
cache-control: public, max-age=31536000
content-md5: GapJ5vNFgRzr6JUAPI/Pxw==
content-type: image/svg+xml
date: Sat, 10 Jun 2023 12:27:09 GMT
etag: 0x8D79ED29C78BE93
last-modified: Wed, 22 Jan 2020 00:32:50 GMT
server: ECAcc (ska/F768)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 78c3c385-d01e-0062-42d4-9a511b000000
x-ms-version: 2009-09-19
content-length: 252
X-Firefox-Spdy: h2

logincdn.msauth.net/shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg

192.229.221.185

200 OK

263 B

URL GET HTTP/2
logincdn.msauth.net/shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
IP
192.229.221.185:443
ASN
#15133 EDGECAST

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
FingerprintEE:40:2D:5A:6D:D7:45:A2:7B:73:AC:5A:A3:0A:9C:D7:D5:BB:5A:E4
ValidityTue, 23 Aug 2022 22:36:46 GMT - Fri, 18 Aug 2023 22:36:46 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (915), with no line terminators
Size
263 B (263 bytes)
Hash
2b5d393db04a5e6e1f739cb266e65b4c
6a435df5cac3d58ccad655fe022ccf3dd4b9b721
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

HTTP Headers

GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 26036280
cache-control: public, max-age=31536000
content-md5: /a3y/mpA+HRaVAiPACrsog==
content-type: image/svg+xml
date: Sat, 10 Jun 2023 12:27:09 GMT
etag: 0x8D79ED29CB2C46E
last-modified: Wed, 22 Jan 2020 00:32:50 GMT
server: ECAcc (ska/F7B8)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 28082b1c-601e-0091-1aca-ae67e5000000
x-ms-version: 2009-09-19
content-length: 263
X-Firefox-Spdy: h2

aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

13.107.213.53

200 OK

17 kB

URL GET HTTP/2
aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84
ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
content-length: 17174
content-type: image/x-icon
content-md5: EuPayFgGHQiAI7K9SOL6lg==
last-modified: Fri, 02 Nov 2018 20:25:25 GMT
etag: 0x8D6410152A9D7E1
x-cache: TCP_HIT
x-ms-request-id: dafd6dbd-101e-0036-428c-99ec6e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0msaCZAAAAAAOKV3ZBhf0SIkt5u0edKlqQU1TMDRFREdFMTkyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAADfwRa8IYfJRaMo6Ua7ER5hU1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css

13.107.213.53

200 OK

20 kB

URL GET HTTP/2
aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84
ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (61177)
Size
20 kB (19750 bytes)
Hash
5a25dd6f3dd40593681065e908691fa2
2f0d8a2c1c76b8b6d5354240907d353701aa11b7
a96b2b12489a80eafe62cc4bcc04cb367e2b54efc3039e484211c7deec12c0b8

HTTP Headers

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 19750
content-type: text/css
content-encoding: gzip
content-md5: /7H4IR1YAHBHDqgAZw2T1Q==
last-modified: Tue, 18 Aug 2020 21:44:27 GMT
etag: 0x8D843BFE1586E6F
x-cache: TCP_HIT
x-ms-request-id: eb04640c-c01e-0023-7492-9adb46000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0+MCCZAAAAADHyLyG8r44Q5L55kywil7PQU1TMDRFREdFMTkyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAAAT4aGdx0GQS6vkHD+rj9aXU1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js

13.107.213.53

200 OK

11 kB

URL GET HTTP/2
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint53:74:89:61:D2:A4:7B:B7:BC:6E:DA:17:D3:7E:5A:A1:F0:77:AD:84
ValidityFri, 28 Apr 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (32009)
Size
11 kB (11322 bytes)
Hash
61152ab723b4aac94eef497803efd436
9dd07deea63389c32b6c297ea0385b0329fe8f1d
fff0b1c545c2119a2855b9028567640f4145c079eff9b48da0ddf66dc8d92f6c

HTTP Headers

GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 11322
content-type: application/x-javascript
content-encoding: gzip
content-md5: 5Zw7HraGKmMzSIoAiA15xA==
last-modified: Wed, 12 Aug 2020 03:03:49 GMT
etag: 0x8D83E6C5642CD2B
x-cache: TCP_HIT
x-ms-request-id: 0ff38cd0-f01e-0080-7c98-9a6026000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0aRaDZAAAAAALALXQQk6ZR4xQSC14NsyrQU1TMDRFREdFMTkyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0HWyEZAAAAADWIvoZFKUQTbwreeS5zHz0U1ZHMjBFREdFMDYwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Sat, 10 Jun 2023 12:27:08 GMT
X-Firefox-Spdy: h2

20.190.177.148

200 OK

1.1 kB

URL GET HTTP/1.1
login.live.com/Me.htm?v=3
IP
20.190.177.148:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerDigiCert Inc
Subjectlogin.live.com
Fingerprint39:21:EA:1C:F8:78:E5:E4:84:D3:7A:AD:EA:36:59:90:51:3C:82:EF
ValiditySun, 02 Apr 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
Size
1.1 kB (1132 bytes)
Hash
e86ef8b6111e5fb1d1665bcdc90888c9
994bf7651cb967cd9053056af2d69acb74db7f29
3410242720de50b090d07a23aee2dad879b31d36f2615732962ec4cfa8a9d458

HTTP Headers

GET /Me.htm?v=3 HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=315360000
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Tue, 07 Jun 2033 12:27:09 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C107_BL2
x-ms-request-id: 0d1ead8a-ddcd-4ca3-839e-cac1d01d483c
PPServer: PPV: 30 H: BL02PFA09B1BC9E V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=d907a205fcf440f0b5ddcd3073accd8d; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=N&lt=1686400029&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Sat, 10 Jun 2023 12:27:08 GMT
Content-Length: 1132

ocsp.sectigo.com/

104.18.15.101

471 B

URL
ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
60acba84f8be37e15a4113e269e7b481
730d759ef3feb5cc5ec97a26ad37a569b6fc2ab9
d6b33fab38a4f0b62a4d080051891188c36dbc4023dcc48e5a9229e7245ee0d4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 12:27:09 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Jun 2023 13:38:51 GMT
Expires: Thu, 15 Jun 2023 13:38:50 GMT
Etag: "730d759ef3feb5cc5ec97a26ad37a569b6fc2ab9"
Cache-Control: max-age=435700,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d519b5a393a0b61-OSL

authorize.binniegrosspurpose.store/

184.94.213.167

200 OK

6 B

URL POST HTTP/2
authorize.binniegrosspurpose.store/
IP
184.94.213.167:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html#wilsonro@casscountynd.gov
Certificate
IssuerSectigo Limited
Subjectauthorize.binniegrosspurpose.store
Fingerprint75:49:42:E1:21:57:16:05:34:65:D2:D3:2C:AF:FA:F8:C4:83:FC:15
ValiditySat, 13 May 2023 00:00:00 GMT - Mon, 13 May 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
6 B (6 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST / HTTP/1.1
Host: authorize.binniegrosspurpose.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 141
Origin: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/8.0.28
access-control-allow-origin: *
content-type: text/html; charset=UTF-8
content-length: 6
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 Jun 2023 12:27:10 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html

104.18.2.35

200 OK

40 kB

URL User Request GET HTTP/1.1
pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint87:5C:76:14:05:03:7E:AD:00:B9:80:0B:3F:E7:E3:25:D8:A5:4C:03
ValidityMon, 17 Apr 2023 14:40:35 GMT - Sun, 16 Jul 2023 14:40:34 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1531)
Size
40 kB (39874 bytes)
Hash
2544facb4f25d8370e21e51962cc169c
98d1b24284a4d7dc2c78cff0acae2d60819425fa
43079d15b2464a690561c4a3f9f905692d89bb7f6880ff7128c4d7edffab5ff6

Detections

Analyzer	Verdict	Alert
openphish	Outlook
phishtank	Other

HTTP Headers

GET /index2.html HTTP/1.1
Host: pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 12:27:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"2544facb4f25d8370e21e51962cc169c"
Last-Modified: Mon, 05 Jun 2023 15:48:38 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d519b52bd1fb524-OSL
Content-Encoding: gzip

pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html

104.18.2.35

200 OK

811 B

URL User Request GET HTTP/1.1
pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index.html
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint87:5C:76:14:05:03:7E:AD:00:B9:80:0B:3F:E7:E3:25:D8:A5:4C:03
ValidityMon, 17 Apr 2023 14:40:35 GMT - Sun, 16 Jul 2023 14:40:34 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (857), with no line terminators
Size
811 B (811 bytes)
Hash
11f60ba82a04d21c7c5a38bca55674f6
cd475f5df71a8d207fd817d7360c80c1c2a372f3
4bd900e6c64deb7ed61cf3e3259761c754f93c69e25a388e85daf996f363fed6

HTTP Headers

GET /index.html HTTP/1.1
Host: pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 12:27:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"8e9b1f3d48c3819728eebfceb37c8ea0"
Last-Modified: Mon, 05 Jun 2023 15:48:38 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d519b427c00b524-OSL
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (26)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash