Report - microsoft-windows.pages.dev/

Report Overview

URL

microsoft-windows.pages.dev/
IP

188.114.96.1

ASN

#13335 CLOUDFLARENET
Submitted

2023-04-18T05:58:12Z

Access

public
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

14

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
microsoft-windows.pages.dev (25)	unknown	No data	No data	12158	752484	188.114.97.1
ocsp.sectigo.com (1)	487	2019-11-29 12:50:24	2023-04-18 00:06:17	330	964	104.18.32.68
cdnhst.xyz (1)	unknown	2022-04-20 13:28:23	2023-04-12 08:10:00	435	1040	104.21.57.38
cdnjs.cloudflare.com (1)	235	2015-04-17 22:46:33	2023-04-17 18:37:36	437	27698	104.17.25.14
ocsp.pki.goog (1)	175	2018-07-01 08:43:07	2023-04-17 18:12:05	333	700	142.250.74.131
www.googletagmanager.com (2)	75	2013-05-22 04:07:37	2023-04-17 18:43:59	910	90636	142.250.74.168
maxcdn.bootstrapcdn.com (2)	724	2014-06-18 02:37:31	2023-04-18 00:28:56	1027	75079	104.18.10.207
cdn.pushalert.co (1)	44711	2017-02-01 09:03:30	2023-04-18 01:58:27	444	221655	151.139.128.10
cdn.jsdelivr.net (1)	439	2012-09-30 02:15:09	2023-04-17 23:22:59	501	162154	185.244.209.62

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-04-18	medium	microsoft-windows.pages.dev/minimize.jpeg
2023-04-18	medium	microsoft-windows.pages.dev/background.webp
2023-04-18	medium	microsoft-windows.pages.dev/wa0lDErtm0s.mp3
2023-04-18	medium	microsoft-windows.pages.dev/xham.webp
2023-04-18	medium	microsoft-windows.pages.dev/style.css?1665074482
2023-04-18	medium	microsoft-windows.pages.dev/js/interactive89e5.js?1665074482
2023-04-18	medium	microsoft-windows.pages.dev/modernizr.js
2023-04-18	medium	microsoft-windows.pages.dev/fullscreen.js
2023-04-18	medium	microsoft-windows.pages.dev/before.js
2023-04-18	medium	microsoft-windows.pages.dev/modernizr.js
2023-04-18	medium	microsoft-windows.pages.dev/bootstrap.js
2023-04-18	medium	microsoft-windows.pages.dev/main.js
2023-04-18	medium	microsoft-windows.pages.dev/light.js
2023-04-18	medium	microsoft-windows.pages.dev/

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (35)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js

104.17.25.14

200 OK

26660

URL GET HTTP/2

cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP

104.17.25.14:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F

ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (32180)

Size

26660
Hash

b1e4b2a99336201b37fb8cea5d57abb9

d57980f0d0eaaf57ec33ddc9ed027274cfa86027

c805bfd991983f57b5b7878b998f7529e9b7e2df4bc2d39ba493934e23ba3f8a

HTTP Headers

                                        GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 26660
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14983"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 464800
expires: Sun, 07 Apr 2024 05:57:56 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dSUI8ZZ3TSwO6ypmX%2BKHeQGMdE4VvhPV3e3sTJs4xoZ2r0sNlo0ehJoICQUwduhmt9VfGeFDVzneQGpExHknxNbSTzFwg6GmZppKRDKSPu34a0cJc%2B1gdNTgXb6c1H6nGQU1tJOH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7b9aac54fcf2b517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

microsoft-windows.pages.dev/microsoft.png

188.114.97.1

200 OK

700

URL GET HTTP/3

microsoft-windows.pages.dev/microsoft.png
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

PNG image data, 47 x 46, 8-bit colormap, non-interlaced\012- data

Size

700
Hash

0ff56a6a86d5e52a8befd4c71d1842df

9a5cd44dd2f43a37ce3af14e167bcba480e97ff4

81e528ea37468236da238a66c1539207d5eca2db4dbeb429bb0e67b80f04a9bb

HTTP Headers

                                        GET /microsoft.png HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: image/png
content-length: 700
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "477cf60256fdc17a03865c19b516e74e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hs8tkwi6v5StmmuAZw%2FLLRDcEyj83sWd3sVaJ06fLj%2FXddo21absK%2Bxeo5yj20SCoEs5Ef5J47ZWoO9LY%2BthQwJ72UW4S8AzKcRwzsSOlEVPp6MIc47j5QpDGgOvBCPlDotQ1gwNnkFSzlNH9oM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54cee3b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/pc.png

188.114.97.1

200 OK

4949

URL GET HTTP/3

microsoft-windows.pages.dev/pc.png
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

PNG image data, 166 x 92, 8-bit/color RGBA, non-interlaced\012- data

Size

4949
Hash

cc5132b56ba46b03dd998aa1fe220106

403e007a0b17d76a9945fa5ec46a9d01733b3040

598699133be5eef63e3b9b5540609ec0dc91d7af9c7f70a3b890e57491a70ae0

HTTP Headers

                                        GET /pc.png HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: image/png
content-length: 4949
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "b60af58af358bbff1b64cbb0cae96f72"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BwkTyfIjuHvsUcaVmMKpRGb112pFelh7n9vV0Pp1GBkCEBiEhAOM%2B9snwv1BjK9ROs%2BtJltyWd8fZIK5TkZkBiEBsTeblHOb6aLCMlMYq2e60TCxyaF2EOx9TGTYnuwDxXlTjpvAZuoTKfOjLzI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54defcb529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/minimize.jpeg

188.114.97.1

200 OK

2247

URL GET HTTP/3

microsoft-windows.pages.dev/minimize.jpeg
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 180x39, components 3\012- data

Size

2247
Hash

1ba392dce74f8987dca48bf65d817c8f

db0b8444c46125105b52f272bd422a7f52da1f72

a05245b6f7fd752af4a7b0131bbdfdf3eaee6c5a25a81cb498e0f0759189473c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /minimize.jpeg HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: image/jpeg
content-length: 2247
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "94135e9c4b673c3071863eb8b5db0c0d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZYLodOnTyq0185wbzFDfGh07xV1a%2BZPQR5OWc5RLLV79lVfu6SEAs6EUkwyQRsKCsrZMibWDCeoFdPqmqygReq4z%2FnKp%2BaDkg8udLnGiJUMpj61d3XIFWqP8j6uJc%2FnQUtj1Q9jsV1yGw2ZjGaE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54cee5b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/setting.png

188.114.97.1

200 OK

364

URL GET HTTP/3

microsoft-windows.pages.dev/setting.png
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data

Size

364
Hash

e144c3378090087c8ce129a30cb6cb4e

59da5466551de941d0215e45c54aa2ceaf436be1

b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

HTTP Headers

                                        GET /setting.png HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: image/png
content-length: 364
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "ee63d8b934f54cf7e606ebae2b4bfcf6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QpfIh7rux8f2sTzxA%2FQD0CH2HigKgGN%2BQn%2BCEcXWfJoNAvSB%2BDffEB33FxwXRDTyagB2LcX0YI4ndtqymQHCJTHreSo5RvbRqeUPxKDqpnkyauMHv%2B6xzaiZaYjCOwlNwI%2FKmHibgbCxRFeJYV4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54ceefb529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/images/ico_tray1.gif

188.114.97.1

200 OK

URL GET HTTP/3

microsoft-windows.pages.dev/images/ico_tray1.gif
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

GIF image data, version 89a, 16 x 16\012- data

Size

69
Hash

3ae573d079dcd1d2da4086f2c0c72c45

e7c9dabec81379373476ed23168dcecb9b8c56aa

9cce08ab28e94790cf78c87e37f8690acbc6c535e4b43ae7b38506b94538e107

HTTP Headers

                                        GET /images/ico_tray1.gif HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: image/gif
content-length: 69
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "aaf6c5e1ac9ac320bede916158ed5d07"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G1cf1A06DRQ7et4lpaom5yquT7ZRbL0PREjsH14a1g1cNyhDRQosrJ5zMPnTga0B8EHEUuv5mlU9hHZw3TGyZkvnWHUL%2BJFfsHlhjJ96%2FaiG9RnLsefgVysrDRxivrozxt4rI4Utey3XtVZrMy8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54defbb529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/que.png

188.114.97.1

200 OK

349

URL GET HTTP/3

microsoft-windows.pages.dev/que.png
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced\012- data

Size

349
Hash

7454c652e0733d92de6c920c2d646ae0

34a5bd8c7401f95e346895b0e5ccffbf0e9ad638

44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

HTTP Headers

                                        GET /que.png HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: image/png
content-length: 349
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "0d6dd742fc1124fe244e6f4f212155f3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oo2FhRQggU5vF2Kx5Mpg79RuZCwYsi%2F5CnkqQziiUD0JmZNRYCtal%2BhB7Kf4xEbhq%2FtZ9tcyB4KQlqgFT5cD2euK5Eytkw51oXAcRZpeJdWvg2k8i1AXYZeGHGZcUmMAENZicYr7oxB7SV%2FGZjY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54def2b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/virus-scan.png

188.114.97.1

200 OK

25871

URL GET HTTP/3

microsoft-windows.pages.dev/virus-scan.png
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data

Size

25871
Hash

2c497dfff84bd8c5af9254c9d6278ce1

667e72e7ba6f00a54629e28133317022d4b59af6

b2dc4153ee7019c70a1095d5d1304d540e3bba045d99e141f63e5b13362e5a4e

HTTP Headers

                                        GET /virus-scan.png HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: image/png
content-length: 25871
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "cbc9ed14fa29655a591dc055c3db0f03"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DUYqA6EI%2BisSPM6k9W7uSdnBEK2l7TpNR4tiz2ooKO9ufbIrPrPwgVh6fNpq1x2Ii%2FeI2d444b0x83n3tcRsllhP9gtwRmZohAGR45OVuSfPdXNB4jpgRn9n1orQD0HsrBmY4tY2tu5DmdvYqdY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54def6b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/images/ico_tray3.gif

188.114.97.1

200 OK

234

URL GET HTTP/3

microsoft-windows.pages.dev/images/ico_tray3.gif
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

GIF image data, version 89a, 16 x 16\012- data

Size

234
Hash

9ce99ec458daf212f9812a90f3fadd13

9e3041bc91b79a17b52e0fbb6c2d0e2f905d98a1

b0d335401c9fd5fac9991ec92edaf7865ff3a491ebe390120936c69796c3b753

HTTP Headers

                                        GET /images/ico_tray3.gif HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: image/gif
content-length: 234
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "77658f49c3237c43feb1f812a11dc45b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zIhZzZ60tsaKkKZJ5S4DBkkgNa3S0yBBm2zOMSm5iPP5SW1FsbYwRjnMikFJUbsy3OkBydbmr83zRUJxC2GIn%2BdIDJxjlsDkiiCRPxhUwKCohkc2pwUC7A9sdX%2FCv2ZzazZuqHHOqSqWbXcaROk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54ef0ab529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/images/ico_tray2.gif

188.114.97.1

200 OK

377

URL GET HTTP/3

microsoft-windows.pages.dev/images/ico_tray2.gif
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

GIF image data, version 89a, 16 x 16\012- data

Size

377
Hash

c10bdec858cb0cf9e6cc5865d5925746

697c095ed5509e5a5af0c5ebf2380662aeffc531

b65b47a79e32335d9ca35ff59c6975d2b5808f84da0db88d11ce777b33e72ad9

HTTP Headers

                                        GET /images/ico_tray2.gif HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: image/gif
content-length: 377
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "9f6c72ab1272f4bbadf6b026cfcf0490"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YpmnNI%2F2f74W6rKFN8aDiXgSg%2FliCFMbFCZcq2Lz%2FmNoJLcwNn7FaVFQFLqn5TCC7hEUYtA94AthG2VAJPztvc4ZuMa1sLmYzfxMb7XWDnjjRx336c8I6%2BjPMZVyq%2FFU8YdhVT0A5Tc%2Fdt%2F6aKY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54ef07b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/background.webp

188.114.97.1

200 OK

85652

URL GET HTTP/3

microsoft-windows.pages.dev/background.webp
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

RIFF (little-endian) data, Web/P image, VP8 encoding, 1900x1037, Scaling: [none]x[none], YUV color, decoders should clamp\012- data

Size

85652
Hash

08f7689f83b94fbf477bed4120ffd462

fe211d4605aa91d719e38a6cb6ca0aea1f74d375

a07598c068b797d9285806bc978a34ec52aa534d297630df8748ce0c95500ecb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /background.webp HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: image/webp
content-length: 85652
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "fa827b468f65c170ec8702d1b70ddd2e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SXJnFMhsYHUlZmhD%2B4kdJEZQw1O85H90byMkcc0umM%2F17Fnj%2BNZjC2zpftTPajcslyZBNCl7NtYGBBVv%2BOjp4QH%2BM%2BNLaYoGQ0TDFzBWDr%2BCBDTgZ4Od5bMGiULn%2BZsLO4Jl5erZJIcGr9CWzpQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54cee8b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

472

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

43db2c964498883fd98799a8b1dc6ea4

4814b7cbb03111d02286329392d2735225df3a5c

44b1d4e6c4b4ba2f50b3344787b34e1c8100454ce01eccd79c4c949fb7491690

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 18 Apr 2023 05:57:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-210786003-1

142.250.74.168

200 OK

44682

URL GET HTTP/3

www.googletagmanager.com/gtag/js?id=UA-210786003-1
IP

142.250.74.168:443
ASN

#15169 GOOGLE

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.google-analytics.com

Fingerprint0D:E0:7D:60:57:50:BA:EB:CA:6E:2A:3F:20:5B:C7:91:67:89:3F:09

ValidityTue, 28 Mar 2023 16:45:47 GMT - Tue, 20 Jun 2023 16:45:46 GMT

Magic

ASCII text, with very long lines (2206)

Size

44682
Hash

7dedab5353a32f3089d16e07b88f2fb8

af6e6b1c2e37a514cc7c4d68a73f8af69c2a4ceb

02ded9c8cb52d5e25da30fb6998ab21e89e1bc1694efe9a4afbe1d587fbacd96

HTTP Headers

                                        GET /gtag/js?id=UA-210786003-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 18 Apr 2023 05:57:56 GMT
expires: Tue, 18 Apr 2023 05:57:56 GMT
cache-control: private, max-age=900
last-modified: Tue, 18 Apr 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44682
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

472

URL

ocsp.sectigo.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

472
Hash

940a764e481cc568f4cc030d3c72b5b4

74ef33f6b2c969185a3d6a28434b9a103c026006

8a7c2cef6f34c90ecb57205d67835cb83de9af05d8ded665f4def1d830041ca9

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Tue, 18 Apr 2023 05:57:56 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 17 Apr 2023 23:50:03 GMT
Expires: Mon, 24 Apr 2023 23:50:02 GMT
Etag: "74ef33f6b2c969185a3d6a28434b9a103c026006"
Cache-Control: max-age=582125,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b9aac551afb0b61-OSL

maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

104.18.10.207

200 OK

6639

URL GET HTTP/2

maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP

104.18.10.207:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A

ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (27303)

Size

6639
Hash

cdb32709ad49f6cddb68df3458b0824a

01f8bb4211a72a926076773e606c3818e34db8d8

c9a410068a7b6d44725b2dc6d309af75805f9ef1f14ba54bd5a803ee7262896e

HTTP Headers

                                        GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 27241724
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7b9aac54ff9eb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-210786003-1

142.250.74.168

200 OK

44680

URL GET HTTP/3

www.googletagmanager.com/gtag/js?id=UA-210786003-1
IP

142.250.74.168:443
ASN

#15169 GOOGLE

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.google-analytics.com

Fingerprint0D:E0:7D:60:57:50:BA:EB:CA:6E:2A:3F:20:5B:C7:91:67:89:3F:09

ValidityTue, 28 Mar 2023 16:45:47 GMT - Tue, 20 Jun 2023 16:45:46 GMT

Magic

ASCII text, with very long lines (2206)

Size

44680
Hash

27fae1368430481412320558db1c738d

70b4c6667ba22c8450fca21555c07cd7aa02ec9f

d0c0d6a9db01ae060d22864a1592a1f654e18accc8c2b1979bcba0a4b1ee583e

HTTP Headers

                                        GET /gtag/js?id=UA-210786003-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: www.googletagmanager.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 18 Apr 2023 05:57:56 GMT
expires: Tue, 18 Apr 2023 05:57:56 GMT
cache-control: private, max-age=900
last-modified: Tue, 18 Apr 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44680
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

microsoft-windows.pages.dev/main.css

188.114.97.1

200 OK

42342

URL GET HTTP/3

microsoft-windows.pages.dev/main.css
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

ASCII text, with CRLF line terminators

Size

42342
Hash

f73e9f820d9138cb46a55163a3ec6eaf

72480ea093355bbd96aab0a74b5db83b57fa5454

339dd40f10d73faf8b622e1f3a84dc6fc6e1566b8f9dbeee1bdf619353e8f0dd

HTTP Headers

                                        GET /main.css HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b5453415f90e3b617f36f5fc8d58b721"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1MJo%2F%2BX4swbiA8u3RXCFbwS4ElK3as6N36Z2WJ7Soqq5tefCeVc5xYG1VFALTSo9%2FPrt%2BTHKSqGTo3mAN%2BUCV3klNyVxhxyAExgadpYORbnNrcObEMQGn62JHGgptZv%2F1sv%2BzRuOMCYS7D6XYQE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54ced5b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

104.18.10.207

200 OK

66624

URL GET HTTP/3

maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
IP

104.18.10.207:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A

ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

Magic

Web Open Font Format (Version 2), TrueType, length 66624, version 4.262\012- data

Size

66624
Hash

db812d8a70a4e88e888744c1c9a27e89

638c652d623280a58144f93e7b552c66d1667a11

ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

HTTP Headers

                                        GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://microsoft-windows.pages.dev
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:57 GMT
content-type: font/woff2
content-length: 66624
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "db812d8a70a4e88e888744c1c9a27e89"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 08/15/2022 13:52:58
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: bede1086fb59f133877b8c730cc05197
cdn-cache: HIT
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7b9aac57ae6bb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/wa0lDErtm0s.mp3

188.114.97.1

200 OK

200832

URL GET HTTP/3

microsoft-windows.pages.dev/wa0lDErtm0s.mp3
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural\012- data

Size

200832
Hash

0116152611dd51432e852781f8cc7e82

2408d3d281b25649894f78a4e19f7f8a8ac735f9

fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wa0lDErtm0s.mp3 HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://microsoft-windows.pages.dev/
Range: bytes=0-
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:57 GMT
content-type: audio/mpeg
content-length: 200832
access-control-allow-origin: *
etag: "8ed7622fbdd15ff1b20ee9c97316f31c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QMnNelusKf5tFh9AjXVJ1LAQtQuNHKhEjh23ev15xqBXWWU8dx2LalTEUfzuFHrRDf2JxgQeblGcpV%2FkL6%2FOaW8ymwuZzBHh70zdkirej6A676fri3WILceLl13iOMQMMZXq7cPd389PzZN2%2FAY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac57aa60b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/xham.webp

188.114.97.1

200 OK

97646

URL GET HTTP/3

microsoft-windows.pages.dev/xham.webp
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

RIFF (little-endian) data, Web/P image, VP8 encoding, 1884x1080, Scaling: [none]x[none], YUV color, decoders should clamp\012- data

Size

97646
Hash

0439f76589490c4ab862e9f2f79bb309

9c552c7240e582c1b6534bc30a8db0030f343512

a052fb437fc9dcce0e360d688dc362ccca897dd0fcfd6c0366edb1ccf4529395

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /xham.webp HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:57 GMT
content-type: image/webp
content-length: 97646
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "51fbf4c0f284b7efc3d3dc33540720ce"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H0GJxB%2F4xkEClHYHvtteobFC%2B0EWbK4gp2ngim8HH%2FoidfauOljw6RsOl3hXFR9L8DpANj9ZelIPEBkFbj5whbiTFu10kfFE09t7TPFc%2FENtCbyUx0JMc%2F353Of0OOyi1IzwvfbeJx0O5EYpZj0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac586b32b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/1.png

188.114.97.1

200 OK

99519

URL GET HTTP/3

microsoft-windows.pages.dev/1.png
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

PNG image data, 999 x 482, 8-bit/color RGBA, non-interlaced\012- data

Size

99519
Hash

80e3e464402c3d174d37070cff84a426

b3ffc7d1a292a5858bc14001df1e025605d05731

9ff74ac6d1875a5b7b14754d8921043442f80d5f5fe6642839fb2f10cab5de8c

HTTP Headers

                                        GET /1.png HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/main.css
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:57 GMT
content-type: image/png
content-length: 99519
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "ae43958bf2cf509d22106459e4404ddb"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RW%2FZnZ8Z%2FS65mk2ApXQSeCpYgmOl1ikiTXSPK142DqsqxsKBTXkZHLGTuED6VMpdPalzkxoFrzSkDm8%2FftkYeuFui2KAjT4HZlzn3V3TOM%2FUH2xM%2FOQTeIWuDf%2BfLGrN%2BWNY7FtkZ3qGS%2F1LDzg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac586b33b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/style.css?1665074482

188.114.97.1

200 OK

1811

URL GET HTTP/3

microsoft-windows.pages.dev/style.css?1665074482
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

ASCII text, with very long lines (2033), with no line terminators

Size

1811
Hash

7eaf21fd066ad8d9ace23521f538a974

0cf315d78f12cfa40c9fb24da6e2684757d52448

19427665d6f482dfd185c05ad9b1909301f6e83d0a0089ae726f7eddb761f58a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /style.css?1665074482 HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"a289f834523ac0b42594d4a5134e58de"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sHZ50NuKt75iiNdQ6AV1mpXMzNflbqLdoauvzpIXIg9ewVEhkJwnXpPJfkx3dyB8tx08YwL8X%2FvP6HHIDHDkA1J%2BccbWuxfMUOF1czUktMyy2EGpHdIBGyBGXc1wTFmaXGEMsrMVQiilnpeeBkM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54beceb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/js/interactive89e5.js?1665074482

188.114.97.1

200 OK

23753

URL GET HTTP/3

microsoft-windows.pages.dev/js/interactive89e5.js?1665074482
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

ASCII text, with very long lines (23751), with CRLF line terminators

Size

23753
Hash

6eb0bc946c565fdbc3aa0a63e872d10e

aed373d678239bc63a572636a44ec269b6355421

e5364687b339f0b590c8daa7fff5f423936d54dd0b2a332a433fd8c45bfe60b6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /js/interactive89e5.js?1665074482 HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"2b986f3ebbb3124d81031aeaa9089096"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2F6Bdrhb6enpc4lFRnMoEs84Fa2lwmKVmHJz8JKpEody3Pg4SfcAbKkl093xjSEGXESgomSAtOa1%2BfiLH%2BsTuUTYR2XcbVAocJZLCrsejLD8JL73z0Wb80%2BufXxcwI16KSpA4ONaf9ux%2BVCmpNs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54bed0b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/modernizr.js

188.114.97.1

200 OK

URL GET HTTP/3

microsoft-windows.pages.dev/modernizr.js
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /modernizr.js HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"36d6924d9b4e37ab5e03641019ef70dc"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6krC%2FFJFAMHeyw2KxDkvxsfXiNsAZpi4J6OLVudpi36d%2F%2F%2FpF6Pgs%2BtOmALMdghW8y%2FzCJg5tWOCqoqexSovb7YbpJqqZ2zbRwXaYVzIJV77Cb5nxrr3TZ8l66Gm6ygCCzKXyinUSOtnZrTm%2B0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54ef06b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/fullscreen.js

188.114.97.1

200 OK

245

URL GET HTTP/3

microsoft-windows.pages.dev/fullscreen.js
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

ASCII text, with no line terminators

Size

245
Hash

e70e5bc6acccc111d1016ccb1de66c20

b75154dabdb11f3c546fe085efdd740a8b88ea90

c8988f92f8e1a825f5f34ed45ca542b25eab1b845c5a0f459dff5045a4ee486e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /fullscreen.js HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"970171d0b5647b73e4f0ab08c9b3d82a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ojKhc47oqTh87nyhYekZngSxePQiEcqN01gi5sHF9t09Gfd0dSNYjKE29XcvTIomdkxfeCgPbNlkcWZ7uLLIaHhvFQDn5gtaPIe%2BCqFQ0AKOKiVMIciBfOVn2RnMC4BzsjFdCnbVX%2Bah1PdswPM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54ef0bb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn.pushalert.co/integrate_6000caa177c2e27a72b940e8472069bc.js

151.139.128.10

200 OK

221121

URL GET HTTP/2

cdn.pushalert.co/integrate_6000caa177c2e27a72b940e8472069bc.js
IP

151.139.128.10:443
ASN

#20446 STACKPATH-CDN

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerSectigo Limited

Subject*.pushalert.co

FingerprintD5:47:58:F7:39:30:35:58:A6:7C:00:66:EB:5F:A4:AC:4D:2D:05:61

ValidityThu, 28 Apr 2022 00:00:00 GMT - Sat, 06 May 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (7961)

Size

221121
Hash

66ea9bb8011084dca50bad621bb4c90b

173a63f8ccaa82ac911f821bbb4d0f2c6f6ee8ef

275611db4d76925c0db5520033a0ba441d71fc4844284692f6eb5c79e012857f

HTTP Headers

                                        GET /integrate_6000caa177c2e27a72b940e8472069bc.js HTTP/1.1
Host: cdn.pushalert.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Tue, 18 Apr 2023 05:57:57 GMT
etag: "1673898395"
content-encoding: gzip
content-length: 39653
content-type: application/javascript
last-modified: Mon, 16 Jan 2023 19:46:35 GMT
accept-ranges: bytes
server: Apache/2.4.10 (Debian)
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=8640000, public
x-hw: 1681797477.cds244.sk1.hn,1681797477.cds253.sk1.c
X-Firefox-Spdy: h2

microsoft-windows.pages.dev/favicon.ico

188.114.97.1

200 OK

29659

URL GET HTTP/3

microsoft-windows.pages.dev/favicon.ico
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (504), with CRLF line terminators

Size

29659
Hash

c468944c462b0777ab5e6f0a24d6b613

5b9294089e51624d89044fab7dd75a0a1bd57237

adc875dd1c7ffb92a68332627f33f610595ac597de0d76e2df5de02b49505ff4

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:57 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"36d6924d9b4e37ab5e03641019ef70dc"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D2TABxY8iotWmPKtakl%2FGZjlHZ6Jpah%2BE6ieYyvr%2BgtkNw1jGx1%2BwbaS1yUPO4m73JuzWPe8iGTtiWtKEWvixDda8QkYCdxRpW5M6KtwXKdvF%2BQOvrhT3jO9Pc9dj1JUL0pGApbFveFl950%2F7iQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac599c57b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/before.js

188.114.97.1

200 OK

366

URL GET HTTP/3

microsoft-windows.pages.dev/before.js
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

ASCII text, with very long lines (380), with no line terminators

Size

366
Hash

30ab0fccfb4c857f608e51c255c26796

5923f53a21825d79b436e2c98e6ab53068370ad3

92e7f01957ef9660eb84aa2d821d4fff017b66659f7a74b900fad60053a1c88c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /before.js HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"026063519afe3b7556ecd042295feae5"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5xK1r%2BtAMHJADw3%2BX%2FQh19HruDFz3DbliRVoKIHaYnIokSjHTA5dPrkO2LWGywQ7FiXyt21kSmXBCHH4ExH7xYEPSb6PPRwQTQedVwip0kHAKv5ooqisNtSZ693dC1nR7c2FcC4L6YjKNa%2FPGkE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54ef0fb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdnhst.xyz/code?code=b049fe04941a742ca9167d53a7c135be

104.21.57.38

200 OK

URL GET HTTP/2

cdnhst.xyz/code?code=b049fe04941a742ca9167d53a7c135be
IP

104.21.57.38:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint30:CD:C0:E1:64:2F:FA:4D:C0:FA:11:1D:C4:A2:1A:7B:F7:76:3A:32

ValiditySun, 12 Mar 2023 00:00:00 GMT - Mon, 11 Mar 2024 23:59:59 GMT

Magic

ASCII text, with no line terminators

Size

32
Hash

4cf09a531c260f6f06378fd2521c1b24

cd708e55317c517e02c97c54d62e1f99952c5773

d8637afc3e6a2a5512a1d6914980ba597263c1d015c8c6940ed04f59447f9d0e

HTTP Headers

                                        GET /code?code=b049fe04941a742ca9167d53a7c135be HTTP/1.1
Host: cdnhst.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Tue, 18 Apr 2023 05:57:57 GMT
content-type: text/javascript;charset=UTF-8
content-location: code.php
vary: negotiate,accept,Accept-Encoding,User-Agent
tcn: choice
x-powered-by: PHP/7.4.33
p3p: CP="CAO PSA OUR"
expires: Tue, 03 Jul 2001 06:00:00 GMT
pragma: no-cache
cache-control: max-age=3600, s-max-age=84600
set-cookie: user_country=no; expires=Tue, 17 Oct 2023 20:52:20 +0000;path=/; SameSite=None; Secure
last-modified: Tue, 18 Apr 2023 05:57:57 GMT
access-control-allow-origin: *
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z2IEXS3JQrYmqsyZ4FRbqYaYg5pcBv6vL1rBuZiaLzSAqHdTB8y5%2BRcj%2BMPpxe3cxzVNhuRj0O1L9OMBXKEM%2FKPfpIc3c9MMJbD5CnI1KR4O2dKIa0Hhd7BjaPWv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b9aac573e470b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

microsoft-windows.pages.dev/modernizr.js

188.114.97.1

200 OK

URL GET HTTP/3

microsoft-windows.pages.dev/modernizr.js
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /modernizr.js HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:57 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"36d6924d9b4e37ab5e03641019ef70dc"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JtUvgnUN62IGA4%2BRcOtHxciY0mVyqlla23JbmEDFm4pK3AWti4LjAV1QkVOWMxWE5evb15JKBFoK5Bk8Z4R2Pqhd5plSsf6Xlx66qjJ9n2Cpex2lgbU3T8PiHU6Fu0QC82rsl1wBd1HDpel6y0A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac57aa58b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css

185.244.209.62

200 OK

161409

URL GET HTTP/2

cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP

185.244.209.62:443
ASN

#58286 Electric-IT Business S.R.L.

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerSectigo Limited

Subjectcdn.jsdelivr.net

Fingerprint95:B3:FD:0C:F5:9E:0C:6C:F5:81:AB:DD:5D:6D:67:BF:FF:4A:FD:CC

ValiditySat, 01 Oct 2022 00:00:00 GMT - Fri, 20 Oct 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (65326)

Size

161409
Hash

d432e4222814b62dd30c9513dcc29440

2cac4afc120983921411296bd4e8fd8a94ba237e

4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601

HTTP Headers

                                        GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Origin: https://microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
server: nginx
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34"
content-encoding: br
cache: HIT, HIT
x-cached-since: 2023-03-14T12:14:47+00:00, 2023-03-14T12:17:59+00:00
x-id: am3-up-gc89, osix-up-gc4
x-nginx: nginx-be, nginx-be
X-Firefox-Spdy: h2

microsoft-windows.pages.dev/bootstrap.js

188.114.97.1

200 OK

84378

URL GET HTTP/3

microsoft-windows.pages.dev/bootstrap.js
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

ASCII text, with very long lines (65299)

Size

84378
Hash

f81d0a1705048649befc8b595e455a94

aec551e4d573463088fca7d14fb644eb389f1839

b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /bootstrap.js HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"4f31336b52b18c91e3052341d85138e3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6%2FQMww3V8z908cIxO9DLtj2pxh%2FdSsjbzfHlmlAc0POq4LI4WZ8HURagA8Dofj2k6VDND6z7qENyvO2aca%2FTX4dSIdxZ6tPIyPd%2FDBiOfm5TeID3XkAl1q9zAxvtiFnDIKe4pvd3ful7SWuQca4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54ef09b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/main.js

188.114.97.1

200 OK

1290

URL GET HTTP/3

microsoft-windows.pages.dev/main.js
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

ASCII text, with very long lines (1440), with no line terminators

Size

1290
Hash

7ef64d7f959d59b092c4609201f02166

1d83f91236cfd5722e710234e17125a232dd16ea

a5a2eb108c5af78c9b9d7354a27aedce905b5da1cf052aff27eeee73ca07ebc6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /main.js HTTP/1.1
Host: microsoft-windows.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-windows.pages.dev/
Alt-Used: microsoft-windows.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Tue, 18 Apr 2023 05:57:56 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"f5ad7345697ff323b75dee4393175644"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y0kSQL7myDPMQ4vkRtfT60a1qqHBXnrBkm0eB82KEtG%2FGuL7orxdMcUlvwa%2BvE79vwaChvREocz%2Bn8oWBeyu2j5f90Mm6yvYu2EkB6PVjD0Vq0LQ%2FqrZTN1HniOrrOiEtQqzU0MQ6NNnb8dVvxo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b9aac54ef0db529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

microsoft-windows.pages.dev/light.js

188.114.97.1

200 OK

503

URL GET HTTP/3

microsoft-windows.pages.dev/light.js
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://microsoft-windows.pages.dev/
Certificate

IssuerGoogle Trust Services LLC

Subject*.microsoft-windows.pages.dev

FingerprintCB:17:0D:A7:AE:1E:52:47:03:38:E2:C0:7A:ED:E5:3E:CD:91:29:7B

ValidityThu, 16 Mar 2023 15:13:28 GMT - Wed, 14 Jun 2023 15:13:27 GMT

Magic

ASCII text, with very long lines (545), with no line terminators

Size

503
Hash

d64718a85daf432be5f8d3c9fe3a45bd

d1b2721f29e5a1a6e6344a53162f32c53eb98e1e

de0997f0917e44e1840ce9d82cc86fd7f6cae542f906c62d78ae71c6af0ee303

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (37)

#1 JS:Script (size: 84355)

#2 JS:Script (size: 64)

#3 JS:Script (size: 155)

#4 JS:Script (size: 96)

#5 JS:Script (size: 411)

#6 JS:Script (size: 54)

#7 JS:Script (size: 32)

#8 JS:Script (size: 241)

#9 JS:Script (size: 147)

#10 JS:Script (size: 4691)

#11 JS:Script (size: 403)

#12 JS:Script (size: 947)

#13 JS:Script (size: 36)

#14 JS:Script (size: 19)

#15 JS:Script (size: 300)

#16 JS:Script (size: 248)

#17 JS:Script (size: 114916)

#18 JS:Script (size: 114916)

#19 JS:Script (size: 503)

#20 JS:Script (size: 21)

#21 JS:Script (size: 221121)

#22 JS:Script (size: 366)

#23 JS:Script (size: 554)

#24 JS:Script (size: 466)

#25 JS:Script (size: 4069)

#26 JS:Script (size: 301)

#27 JS:Script (size: 158)

#28 JS:Script (size: 282)

#29 JS:Script (size: 23753)

#30 JS:Script (size: 797)

#31 JS:Script (size: 94)

#32 JS:Script (size: 84378)

#33 JS:Script (size: 245)

#34 JS:Script (size: 149)

#35 JS:Script (size: 144)

#36 JS:Script (size: 1290)

#1 JS:Write (size: 0)

HTTP Transactions (35)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers