Report - microsoft-microsoft.pppunit.go.ug/

Report Overview

Submitted URL
microsoft-microsoft.pppunit.go.ug/
IP
45.77.228.161
ASN
#20473 AS-CHOOPA
Submitted
2022-11-29 00:35:59
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.53.106
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	55 kB	34.120.237.76
56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.3 kB	7.3 kB	45.77.228.161
microsoft-microsoft.pppunit.go.ug	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.5 kB	1.7 kB	45.77.228.161
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
wwwofc.pppunit.go.ug	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	572 B	2.1 kB	45.77.228.161
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
ll.pppunit.go.ug	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	662 B	568 B	45.77.228.161

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-29	medium	microsoft-microsoft.pppunit.go.ug/	Phishing
2022-11-29	medium	microsoft-microsoft.pppunit.go.ug/websocket/hook/?tlij2c=ZmVlZjA5ODM2YWZmNDdkZGFhYWI2YzNlYjY1MTM0YjU=	Phishing
2022-11-29	medium	microsoft-microsoft.pppunit.go.ug/	Phishing
2022-11-29	medium	microsoft-microsoft.pppunit.go.ug/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0	12 kB	2023-03-08	2023-03-26
Pretty URL microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0 IP 45.77.228.161 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:30:55 Last Seen2023-03-26 06:24:15 Times Seen33 Hash 3821e6afa981d12eb2ccd3f671c4d147 942ce5432f674bfe7f56288c778fc88ce5250d32 54d9ce733b0d4ab500f98a2e10988770f8cf12b4cb637e4a47cf88157c097ff7 Loading...

	microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0	42 B	2023-03-07	2023-03-26
Pretty URL microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0 IP 45.77.228.161 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:39 Last Seen2023-03-26 06:24:15 Times Seen33 Hash b0d131ab52b3cc1954cf1618fe694b46 abb7b03a9af9074f88d1b4fb0b1a4c68cdcdb2fe 6f63d695b7e03a8d69f1eae46312d82e29c06836300318b9fb7249409bf7bfd9 Loading...

	microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0	181 kB	2023-03-11	2023-03-11
Pretty URL microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0 IP 45.77.228.161 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:07:10 Last Seen2023-03-11 22:07:10 Times Seen1 Hash 67a1d7255e0c117b192d5cb2d99af41d 468ff059afea6c34da59f284b9b19aa0431039c8 0aed281603bba5d13b597e1d05b47607b1ad3aa14c43a29751f1dac9f24d3ea3 Loading...

	microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0	358 B	2023-03-07	2023-03-17
Pretty URL microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0 IP 45.77.228.161 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:39 Last Seen2023-03-17 12:40:48 Times Seen1 Hash aa59e5d67d17e152092f8cacc3b918b9 24d624ccabadacc538e7375ea7f1073750a6c398 4f48d11be16814d550cd88efedd0dbef69c1a0089cce3ec4a7f530ee757206cb Loading...

	microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0	29 kB	2023-03-11	2023-03-11
Pretty URL microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0 IP 45.77.228.161 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:07:10 Last Seen2023-03-11 22:07:10 Times Seen1 Hash fa85617e4ed900da5469f6a1cc0b13ff 86a056129353e388bf40a622314cf415b0197a6c 61b2b19bf3e1dac26eb0a29122d2b22ab3a99dbe234819ccc023ab87948b6f37 Loading...

	microsoft-microsoft.pppunit.go.ug/	25 B	2023-03-11	2023-03-11
Pretty URL microsoft-microsoft.pppunit.go.ug/ IP 45.77.228.161 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:07:10 Last Seen2023-03-11 22:07:10 Times Seen1 Hash fa8c05fbe90334dbe60d00aabbdc5625 da325bdec34524fc1c9184759da2618491c4cb02 ad0890dc25abe5052ab047044ea6f0df7a170f40afd7f98ebbbf64c02ae4c77d Loading...

	56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/js/ConvergedLogin_PCore_pcipSPYgxw6k0H7PwESK3w2.js	397 kB	2023-03-11	2023-03-11
Pretty URL 56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/js/ConvergedLogin_PCore_pcipSPYgxw6k0H7PwESK3w2.js IP 45.77.228.161 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:07:10 Last Seen2023-03-11 22:07:10 Times Seen1 Hash 13c43a776a9a6464bc0f5baf297588b8 e3c25072ca09dd26acc192a97328dc58be5deee2 292deca422472cb8e88168afd14b561447ea0f54a9fb7b62bb88533ed696a349 Loading...

	microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0	48 kB	2023-03-08	2023-03-11
Pretty URL microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0 IP 45.77.228.161 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:43:21 Last Seen2023-03-11 23:42:58 Times Seen1 Hash bfa7623248ec32fd39a11a3144135eae 015dc763b53460047921463c4ab679026c89b509 200fa2c1f4bcd0d25959b40cbcfca4515f39ed8c9b35354f5d3b687b2d0c09e3 Loading...

	microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0	4.1 kB	2023-03-11	2023-03-11
Pretty URL microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0 IP 45.77.228.161 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:07:10 Last Seen2023-03-11 22:07:10 Times Seen1 Hash e2fa1dbf34e6cfb218a5ad6fee7f0e17 c4aa498ec5e07edbcab6045f5b6fba1f8859397b fce3789d969e9fc14ea3e19dfdac5618cfa2e3c1d88eae6a57c0d2f999020476 Loading...

	56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_bc2482665b7aae7b068e.js	16 kB	2023-03-11	2023-03-11
Pretty URL 56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_bc2482665b7aae7b068e.js IP 45.77.228.161 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:07:10 Last Seen2023-03-11 22:07:10 Times Seen1 Hash b7d5717e755c6cf85dd3ba99a350988c da677321e075ab91e29d8c6afb3622b61646ccf5 45f128a465cd8ae9e989ebae6fbe16fd205a5c085c6d45cdca59dd2fddc20563 Loading...

	56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8dc1586f19519d6b618f.js	110 kB	2023-03-11	2023-03-11
Pretty URL 56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8dc1586f19519d6b618f.js IP 45.77.228.161 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:07:10 Last Seen2023-03-11 22:07:10 Times Seen1 Hash bbfd308a0f40e4cc73811791a1dd04d9 4ea842debfb5bec417e039639adfac68e0b929c3 52d20dcae236d79be48c04a32e0862c453d40302a23c8b6be1c0a7ceb62e2fdc Loading...

	ll.pppunit.go.ug/Me.htm?v=3	2.7 kB	2023-03-11	2023-03-11
Pretty URL ll.pppunit.go.ug/Me.htm?v=3 IP 45.77.228.161 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:07:10 Last Seen2023-03-11 22:07:10 Times Seen1 Hash c0e1ce97d2cef1da6d999b3e0702d0d6 280aca3629383ee2f0a9da514f5eb85e6d56f643 5530df9efc17534d85c86e13b48644ccf6c6f45777864a46e0c9e1434805f5a1 Loading...

	microsoft-microsoft.pppunit.go.ug/	59 kB	2023-03-11	2023-03-11
Pretty URL microsoft-microsoft.pppunit.go.ug/ IP 45.77.228.161 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:07:10 Last Seen2023-03-11 22:07:10 Times Seen1 Hash c603947c43cf168a89389fb7c6c2a72e da839549e5862edbe97a416f6b391b59cb425931 e8f380c6d708cdbbda9c89da2b4f142b0a938311a5d516975bbb6554589bb03f Loading...

HTTP Transactions (35)

URL IP Response Size

microsoft-microsoft.pppunit.go.ug/

45.77.228.161

301 Moved Permanently

162 B

URL HTTP/1.1
microsoft-microsoft.pppunit.go.ug/
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: microsoft-microsoft.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 29 Nov 2022 00:35:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://microsoft-microsoft.pppunit.go.ug/

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2550
Expires: Tue, 29 Nov 2022 01:18:18 GMT
Date: Tue, 29 Nov 2022 00:35:48 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2666
Cache-Control: max-age=124799
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 00:35:48 GMT
Etag: "63848df9-1d7"
Expires: Wed, 30 Nov 2022 11:15:47 GMT
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 00:19:33 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 975
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b56944f0e5716fd4fad2ec18994d4be
61cafa4de31ba960d1145ec37272f6f6b6944e0c
4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3236
Expires: Tue, 29 Nov 2022 01:29:44 GMT
Date: Tue, 29 Nov 2022 00:35:48 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: yXOHYI/W0Bad5stsdSV8FkS217Ych6X86AghMMfz4zZnR3wpGmc3sN94OmLUZSeY8N2kisCqbgo=
x-amz-request-id: QP3HHB0W01JNNRE4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 23:42:16 GMT
age: 3212
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 00:35:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d58035bb1cefc7846ffe415eb9637102
2c64a4f47cddcfb6012d898966fe727034c626bb
8ceed12f2f989b3b2ce3a704c3299fead84574245ebd31374d0db4d30cd5e7b9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8CEED12F2F989B3B2CE3A704C3299FEAD84574245EBD31374D0DB4D30CD5E7B9"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21555
Expires: Tue, 29 Nov 2022 06:35:03 GMT
Date: Tue, 29 Nov 2022 00:35:48 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 00:11:12 GMT
cache-control: public,max-age=3600
age: 1477
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3845
Cache-Control: max-age=120911
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 00:35:49 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 10:11:00 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.148.53.106

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.53.106:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bLbXDi2+xZju/pqNqUxnWA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nr1Yj1f0DSIGJD7yF7lOjGN7PxU=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2577
Expires: Tue, 29 Nov 2022 01:18:48 GMT
Date: Tue, 29 Nov 2022 00:35:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2577
Expires: Tue, 29 Nov 2022 01:18:48 GMT
Date: Tue, 29 Nov 2022 00:35:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2577
Expires: Tue, 29 Nov 2022 01:18:48 GMT
Date: Tue, 29 Nov 2022 00:35:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2577
Expires: Tue, 29 Nov 2022 01:18:48 GMT
Date: Tue, 29 Nov 2022 00:35:51 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad01b94-5d16-49b9-bf3e-5742e02ae8b6.jpeg

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad01b94-5d16-49b9-bf3e-5742e02ae8b6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8796 bytes)
Hash
7e44c46db2ac9917110dc47aa38fdc85
b5b245c90705ad80c31d457c0d7c96709ca31e96
5024225a583b188860eaf21f7196c06cef8b2e89389ae4b1df6e314399f3b2ae

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad01b94-5d16-49b9-bf3e-5742e02ae8b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8796
x-amzn-requestid: 2eed036c-fcda-425b-8c5d-0b0ff31214a0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEEWMIAMFwKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-5cb071a2098d43d909eb8d5c;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uWzs8gOBoczTeYXB7-FfJemWbh-hYHwNcR3b9BM5VtJ55NRUzCZeTQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 09:53:45 GMT
age: 52926
etag: "b5b245c90705ad80c31d457c0d7c96709ca31e96"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9868f6d6-e29b-42b5-89c4-eec4771663b2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8402 bytes)
Hash
faf3524970b0c3256eb5708f4ccf11ce
47295f2cf1b039c4b85cbe463d7893671a563989
ba0c2ce23eae865936caa7fb47dd1ef6346b8a7bc8340db700df6e2f5e27ec27

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9868f6d6-e29b-42b5-89c4-eec4771663b2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8402
x-amzn-requestid: d2d62f85-b6be-4394-9668-1d913e4120d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYeaGbgoAMFdCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d45c-2b6bfdcc72011cf01ddbd66b;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:07:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cI-Pu4bHJfVrF5BHt5BW1qlrjMtbQlYexvxJEHmipD39D4yyu94mKg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 04:18:06 GMT
age: 73065
etag: "47295f2cf1b039c4b85cbe463d7893671a563989"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4871 bytes)
Hash
a4058fd62595d15c58b3d3266de9865a
d0dff35eb78f129b5da407043037bcf9c27e55c0
ab996c23d58871a2ad53f0c34688c87f0d7c0eac5d0c1d8265b86951248449fe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4871
x-amzn-requestid: e2dfa7b8-ded7-4104-a913-1b84746a3c6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLDUUEy_oAMFgSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638118e8-0b229e0f60ff019d26800dd9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 19:35:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9BUuT9WFwAQMnl8JiTDKo-zHgDL0AdjAAAIh0Mx405zbGwhvRouebQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 12:30:42 GMT
age: 43509
etag: "d0dff35eb78f129b5da407043037bcf9c27e55c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9203 bytes)
Hash
5d574c4db20a68295dbd06cb08f5990b
433061bbb226048765a711deca3026ee3e52372f
8cc1a4d18e242f8bfc8ab94637f635b73554b903462c29b06d0ec67872542afb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9203
x-amzn-requestid: 8cba52d6-3c1c-495c-bb9d-3ba6f0adc7e1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cHcHmGmQoAMF6dQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fa6fd-73abfa592ff223061401af9a;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 17:16:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UmhWm03jrsV8dFagrzIA0E-8eL8dykoO5kw3cYOBd172dCGqNdAX-Q==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 03:31:58 GMT
age: 75833
etag: "433061bbb226048765a711deca3026ee3e52372f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1f728a04-45b0-4726-b646-628601e2ebbc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8578 bytes)
Hash
4b7d3821d0bd11c196724846a7b9fe22
5b1700fa9cd4f1aaafda28ac28a0e2086fa8499c
b4f820555c4daf6e112c1a395bc57e22f0ef8e2e4299a0ffbb54e0bf18c87f47

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1f728a04-45b0-4726-b646-628601e2ebbc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8578
x-amzn-requestid: 4f948bb9-74db-4a5d-927d-a6b893735531
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFxnWHq-IAMF4LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637efc95-2f9e98ca2dad65a80e2195c2;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 05:09:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vSvGc0JIh4JOWTlagt4uDD_CDPiWOSfYYEI4lUBPsQb4qJMOEbBcmw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 04:09:24 GMT
age: 73587
etag: "5b1700fa9cd4f1aaafda28ac28a0e2086fa8499c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8460 bytes)
Hash
516776052e5e906ea9f42d25bae5cc85
be4c4d01fc67218e26a3e9d27a2f708e639c9d4b
28e70e38cfad65ad8a7a68ab1dc78747c7013a87b854fc35b163cc5765cd0570

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8460
x-amzn-requestid: 51416479-3854-4f1a-9d86-35e104c57f6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnkHuZIAMF-_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852963-180b323d4a45fa2f29f9b1fc;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3MKambAjrBl64HI6hBuOtNJi3Tj6gxtwH_lOfk0WNX15UnCrAJbNig==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:48:54 GMT
age: 10017
etag: "be4c4d01fc67218e26a3e9d27a2f708e639c9d4b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

microsoft-microsoft.pppunit.go.ug/websocket/hook/?tlij2c=ZmVlZjA5ODM2YWZmNDdkZGFhYWI2YzNlYjY1MTM0YjU=

45.77.228.161

101 Switching Protocols

0 B

URL HTTP/1.1
microsoft-microsoft.pppunit.go.ug/websocket/hook/?tlij2c=ZmVlZjA5ODM2YWZmNDdkZGFhYWI2YzNlYjY1MTM0YjU=
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /websocket/hook/?tlij2c=ZmVlZjA5ODM2YWZmNDdkZGFhYWI2YzNlYjY1MTM0YjU= HTTP/1.1
Host: microsoft-microsoft.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://microsoft-microsoft.pppunit.go.ug
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: D/hOiH6eWcp20N3w+MfOYA==
Connection: keep-alive, Upgrade
Cookie: tlij2c=ZmVlZjA5ODMtNmFmZi00N2RkLWFhYWItNmMzZWI2NTEzNGI1OmQxNmI2ZWI1LThiMjYtNGEwZi04YmQwLWI4OGU3NjA5MTgwOA==; MUID=1A003588E4D16181260827E3E5ED60EC
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Tue, 29 Nov 2022 00:35:53 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4vyQ+xRqKZhVHNGzWBkHrf5VJvk=
Sec-WebSocket-Extensions: permessage-deflate
Strict-Transport-Security: max-age=31536000; includeSubDomains

56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_bc2482665b7aae7b068e.js

45.77.228.161

200 OK

0 B

URL HTTP/2
56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_bc2482665b7aae7b068e.js
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_bc2482665b7aae7b068e.js HTTP/1.1
Host: 56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-microsoft.pppunit.go.ug/
Connection: keep-alive
Cookie: tlij2c=ZmVlZjA5ODMtNmFmZi00N2RkLWFhYWItNmMzZWI2NTEzNGI1OmQxNmI2ZWI1LThiMjYtNGEwZi04YmQwLWI4OGU3NjA5MTgwOA==; MUID=1A003588E4D16181260827E3E5ED60EC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 00:35:53 GMT
content-type: application/x-javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
last-modified: Wed, 07 Sep 2022 21:51:35 GMT
x-cache: TCP_HIT
x-ms-request-id: a36c12a9-201e-0011-7dec-ffac53000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 06VOFYwAAAADdHaAB1XlvRYar2R7vkDQeTE9OMjFFREdFMTcxMAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif

45.77.228.161

200 OK

0 B

URL HTTP/2
56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1
Host: 56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-microsoft.pppunit.go.ug/
Connection: keep-alive
Cookie: tlij2c=ZmVlZjA5ODMtNmFmZi00N2RkLWFhYWItNmMzZWI2NTEzNGI1OmQxNmI2ZWI1LThiMjYtNGEwZi04YmQwLWI4OGU3NjA5MTgwOA==; MUID=1A003588E4D16181260827E3E5ED60EC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 00:35:53 GMT
content-type: image/gif
cache-control: public, max-age=31536000
last-modified: Fri, 17 Jan 2020 19:28:38 GMT
etag: 0x8D79B8373B17F89
x-cache: TCP_HIT
x-ms-request-id: ace8751b-c01e-001f-0cc2-ff0e4e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0NMSDYwAAAABO6PC3FyyqSb3SbsM9u78gTE9OMjFFREdFMTcxNQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 06VOFYwAAAABtLxhzt0pZTbjiUn9T0J0jTFRTRURHRTEyMDkAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

wwwofc.pppunit.go.ug/login

45.77.228.161

302 Found

0 B

URL HTTP/2
wwwofc.pppunit.go.ug/login
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /login HTTP/1.1
Host: wwwofc.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: tlij2c=ZmVlZjA5ODMtNmFmZi00N2RkLWFhYWItNmMzZWI2NTEzNGI1OmQxNmI2ZWI1LThiMjYtNGEwZi04YmQwLWI4OGU3NjA5MTgwOA==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: nginx
date: Tue, 29 Nov 2022 00:35:50 GMT
content-type: text/html; charset=utf-8
location: https://microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0
vary: Accept-Encoding
request-context: appId=
referrer-policy: strict-origin-when-cross-origin
x-ua-compatible: IE=edge,chrome=1
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 275186FBFAFA42E09BAA15D1FE97DF63 Ref B: LON212050715029 Ref C: 2022-11-29T00:35:50Z
access-control-allow-origin: *
access-control-allow-headers: *
set-cookie: MUID=1A003588E4D16181260827E3E5ED60EC; Domain=pppunit.go.ug; expires=Fri, 20 Nov 2076 01:11:40 GMT; Path=/; Secure
.AspNetCore.Correlation.OpenIdConnectV2.5Wp6fMfh3nPFksavsgafYxNAF7Y9Hf5gsT-4Xx8OvAY=N; expires=Sun, 27 Oct 2075 01:26:40 GMT; Path=/; Secure
.AspNetCore.OpenIdConnect.Nonce.KKDMNoi3kdG0dS2zVriH5kYmoANLcmWymapx01wOWLywvyDdOcG_m3V-fCBdTgUgwyYrXSw3H-57SZ9zZG8sMplwhz9e8BZjNnpIA9pVa5DqRX9yGUysWuE40cZZvoLY5mIeUEY3-I3NX8CR89Mcgt3qknEu2dYWtZFa5LAxs5rr_H21XrTXN87XhQHHAGq7KW0sL2Recv6vHh4wVRcL8psVwIfjzpp1Xmd25rW4TYXzn0isDHxFGONfLuqaCIG3=N; expires=Sun, 27 Oct 2075 01:26:40 GMT; Path=/; Secure
OH.DCAffinity=OH-suk; expires=Sun, 27 Oct 2075 09:11:40 GMT; Path=/; Secure
OH.FLID=96f20394-711d-44a4-b9b4-0e114a5a6764; expires=Mon, 26 Oct 2076 01:11:40 GMT; Path=/; Secure
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0

45.77.228.161

200 OK

0 B

URL HTTP/2
microsoft-microsoft.pppunit.go.ug/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.pppunit.go.ug%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.pppunit.go.ug%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052789507795994.NmU2ZTNlOTUtMGUwMi00MDVhLWFiMjEtODBhNTgyZGJmYTM5MzMwZDhlMzYtZTk3NS00NzRmLWIyYTYtOTBlNTE3NTNjMzQ3&ui_locales=en-US&mkt=en-US&state=AhOrUV5Wr6L9Zlccr8WKyXDqn8ZFYoEhjaydJdE4152Zv8BVZvSYEENUHxDv_uIFH0pOFDDCQ1TLnRMEggkIedVjPVtJOi9SzNmvIgQV3CXwzrS1pwZ2aLmDOrBYtWKK8sSIhCmCAG_Bc1RYW7W55QzvTYWE59LrhsnPPdqMutcvKhcAsomW0b8bnVWGDTciK5RICV38yb8uUIysm7cdptVnLcaIEmHCM8JlKOdc0q71f_I-_Xp7LVwIkV18fG3JSxOsr1T57YLaowHTFYAXoA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0 HTTP/1.1
Host: microsoft-microsoft.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: tlij2c=ZmVlZjA5ODMtNmFmZi00N2RkLWFhYWItNmMzZWI2NTEzNGI1OmQxNmI2ZWI1LThiMjYtNGEwZi04YmQwLWI4OGU3NjA5MTgwOA==; MUID=1A003588E4D16181260827E3E5ED60EC
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 00:35:51 GMT
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache
pragma: no-cache
vary: Accept-Encoding, Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 1b0a908a-056e-427b-80f3-a8430e9c8904
x-ms-ests-server: 2.1.14059.16 - WEULR2 ProdSlices
x-ms-clitelem: 1,0,0,,
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/js/ConvergedLogin_PCore_pcipSPYgxw6k0H7PwESK3w2.js

45.77.228.161

200 OK

0 B

URL HTTP/2
56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/js/ConvergedLogin_PCore_pcipSPYgxw6k0H7PwESK3w2.js
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /shared/1.0/content/js/ConvergedLogin_PCore_pcipSPYgxw6k0H7PwESK3w2.js HTTP/1.1
Host: 56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-microsoft.pppunit.go.ug/
Origin: https://microsoft-microsoft.pppunit.go.ug
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 00:35:52 GMT
content-type: application/x-javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
last-modified: Wed, 12 Oct 2022 00:12:26 GMT
x-cache: TCP_HIT
x-ms-request-id: c53fb954-b01e-0054-2479-fff848000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 004KEYwAAAAAmDPbOIotgRo+fUpqbnZ70TE9OMjFFREdFMTcxMwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 06FOFYwAAAABU+2obylnoRomyMKIPKSIrTFRTRURHRTEyMTcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

45.77.228.161

200 OK

0 B

URL HTTP/2
56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: 56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-microsoft.pppunit.go.ug/
Connection: keep-alive
Cookie: tlij2c=ZmVlZjA5ODMtNmFmZi00N2RkLWFhYWItNmMzZWI2NTEzNGI1OmQxNmI2ZWI1LThiMjYtNGEwZi04YmQwLWI4OGU3NjA5MTgwOA==; MUID=1A003588E4D16181260827E3E5ED60EC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 00:35:53 GMT
content-type: image/x-icon
cache-control: public, max-age=31536000
last-modified: Sun, 18 Oct 2020 03:02:03 GMT
etag: 0x8D8731230C851A6
x-cache: TCP_HIT
x-ms-request-id: 5526a407-a01e-0009-56f9-fe4460000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 04GyDYwAAAABf2S3izORYTbA0GxthFRJCTE9OMjFFREdFMTgxMAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 06VOFYwAAAAAdGvLdstH6QrDIhLgyyhWDTFRTRURHRTEzMTMAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif

45.77.228.161

200 OK

0 B

URL HTTP/2
56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1
Host: 56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-microsoft.pppunit.go.ug/
Connection: keep-alive
Cookie: tlij2c=ZmVlZjA5ODMtNmFmZi00N2RkLWFhYWItNmMzZWI2NTEzNGI1OmQxNmI2ZWI1LThiMjYtNGEwZi04YmQwLWI4OGU3NjA5MTgwOA==; MUID=1A003588E4D16181260827E3E5ED60EC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 00:35:53 GMT
content-type: image/gif
cache-control: public, max-age=31536000
last-modified: Fri, 17 Jan 2020 19:28:37 GMT
etag: 0x8D79B83739984DD
x-cache: TCP_HIT
x-ms-request-id: 2a40497d-a01e-0019-3ef9-fef442000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0Z72EYwAAAACSC0cH8T7iT6wpg/o45uAXTE9OMjFFREdFMTcxMAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 06VOFYwAAAABnHAoUUBQ9R6r6b/vXiaOSTFRTRURHRTEyMTEAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

ll.pppunit.go.ug/Me.htm?v=3

45.77.228.161

200 OK

0 B

URL HTTP/2
ll.pppunit.go.ug/Me.htm?v=3
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Me.htm?v=3 HTTP/1.1
Host: ll.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-microsoft.pppunit.go.ug/
Connection: keep-alive
Cookie: tlij2c=ZmVlZjA5ODMtNmFmZi00N2RkLWFhYWItNmMzZWI2NTEzNGI1OmQxNmI2ZWI1LThiMjYtNGEwZi04YmQwLWI4OGU3NjA5MTgwOA==; MUID=1A003588E4D16181260827E3E5ED60EC
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 00:35:53 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=315360000
vary: Accept-Encoding, Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
referrer-policy: strict-origin-when-cross-origin
x-ms-route-info: R3_BL2
x-ms-request-id: bb5e7b0e-ddc9-498c-95e7-1929382a7d1e
ppserver: PPV: 30 H: BL02EPF000066B5 V: 0
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

microsoft-microsoft.pppunit.go.ug/

45.77.228.161

200 OK

0 B

URL HTTP/2
microsoft-microsoft.pppunit.go.ug/
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: microsoft-microsoft.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 00:35:49 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

microsoft-microsoft.pppunit.go.ug/

45.77.228.161

200 OK

0 B

URL HTTP/2
microsoft-microsoft.pppunit.go.ug/
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST / HTTP/1.1
Host: microsoft-microsoft.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://microsoft-microsoft.pppunit.go.ug
Content-Length: 2512
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 00:35:49 GMT
content-type: application/json
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_itjeuokkx5s5hz5xm6syrg2.js

45.77.228.161

200 OK

0 B

URL HTTP/2
56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_itjeuokkx5s5hz5xm6syrg2.js
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_itjeuokkx5s5hz5xm6syrg2.js HTTP/1.1
Host: 56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-microsoft.pppunit.go.ug/
X-Moz: prefetch
Connection: keep-alive
Cookie: tlij2c=ZmVlZjA5ODMtNmFmZi00N2RkLWFhYWItNmMzZWI2NTEzNGI1OmQxNmI2ZWI1LThiMjYtNGEwZi04YmQwLWI4OGU3NjA5MTgwOA==; MUID=1A003588E4D16181260827E3E5ED60EC
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 00:35:53 GMT
content-type: application/x-javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
last-modified: Wed, 12 Oct 2022 19:43:39 GMT
x-cache: TCP_HIT
x-ms-request-id: 259c4ab3-001e-0097-2867-fd010a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0HX6DYwAAAADT7VGATO1CTK9WLvX/gslzTE9OMjFFREdFMTcxMAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 06VOFYwAAAADhZNMbSLn8QpzEZEgr2T+0TFRTRURHRTEzMTkAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css

45.77.228.161

200 OK

0 B

URL HTTP/2
56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css HTTP/1.1
Host: 56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-microsoft.pppunit.go.ug/
X-Moz: prefetch
Connection: keep-alive
Cookie: tlij2c=ZmVlZjA5ODMtNmFmZi00N2RkLWFhYWItNmMzZWI2NTEzNGI1OmQxNmI2ZWI1LThiMjYtNGEwZi04YmQwLWI4OGU3NjA5MTgwOA==; MUID=1A003588E4D16181260827E3E5ED60EC
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 00:35:53 GMT
content-type: text/css
vary: Accept-Encoding
cache-control: public, max-age=31536000
last-modified: Thu, 04 Aug 2022 19:37:00 GMT
x-cache: TCP_HIT
x-ms-request-id: 85256ef9-a01e-0009-307a-034460000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 06VOFYwAAAACDq/q30+ffQrziU0PpjFOSTE9OMjFFREdFMTcxNgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8dc1586f19519d6b618f.js

45.77.228.161

200 OK

0 B

URL HTTP/2
56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8dc1586f19519d6b618f.js
IP
45.77.228.161:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8dc1586f19519d6b618f.js HTTP/1.1
Host: 56526443-e89a-42e9-a3a7-ffc156f3623b-feef0983.pppunit.go.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-microsoft.pppunit.go.ug/
Connection: keep-alive
Cookie: tlij2c=ZmVlZjA5ODMtNmFmZi00N2RkLWFhYWItNmMzZWI2NTEzNGI1OmQxNmI2ZWI1LThiMjYtNGEwZi04YmQwLWI4OGU3NjA5MTgwOA==; MUID=1A003588E4D16181260827E3E5ED60EC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 00:35:53 GMT
content-type: application/x-javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
last-modified: Wed, 07 Sep 2022 21:51:35 GMT
x-cache: TCP_HIT
x-ms-request-id: 0b9fd352-e01e-0075-3122-034279000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0L9SEYwAAAABKja2jYhDsQ5j2meL2lTkZTE9OMjFFREdFMTcxMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 06VOFYwAAAAAIrj/0CcgeRpAf280Y6GFzTFRTRURHRTEzMTgAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations