Report - mseventsportal.azurewebsites.net/

Report Overview

Submitted URL
mseventsportal.azurewebsites.net/
IP
52.173.87.130
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2023-02-03 23:51:17
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
46

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
js.monitor.azure.com	3838	2020-04-24T21:32:44Z	2023-03-13T05:23:42Z	399 B	1.0 kB	13.107.238.53
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
c.s-microsoft.com	10166	2013-11-06T16:56:27Z	2023-03-13T05:23:42Z	1.5 kB	83 kB	23.38.201.156
ajax.aspnetcdn.com	693	2012-05-24T15:35:31Z	2023-03-13T05:15:11Z	402 B	32 kB	152.199.19.160
mwf-service.akamaized.net	23159	2018-05-15T23:47:39Z	2023-03-13T09:23:36Z	897 B	92 kB	23.36.76.163
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	66 kB	34.120.237.76
mseventsportal.azurewebsites.net	unknown	2020-09-18T10:05:23Z	2023-03-11T15:47:02Z	9.6 kB	251 kB	52.173.87.130
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.149.129.99
browser.events.data.microsoft.com	290	2018-05-25T08:23:05Z	2023-03-13T05:23:44Z	3.0 kB	2.3 kB	51.11.192.49
img-prod-cms-rt-microsoft-com.akamaized.net	1197	2017-01-30T06:18:05Z	2023-03-13T05:23:42Z	472 B	4.6 kB	23.36.76.200
statics-marketingsites-wcus-ms-com.akamaized.net	10251	2017-04-15T14:02:28Z	2023-03-13T07:53:32Z	435 B	924 B	23.36.76.96
www.microsoft.com	302	2012-05-21T06:29:41Z	2023-03-13T05:23:42Z	2.0 kB	81 kB	23.38.201.156
wcpstatic.microsoft.com	5007	2020-09-15T19:02:29Z	2023-03-13T05:23:42Z	402 B	82 kB	13.107.238.53
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	95.101.11.115
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-03 23:51:44	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook
2023-02-03	medium	mseventsportal.azurewebsites.net/	Outlook

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-03	medium	mseventsportal.azurewebsites.net/	Phishing
2023-02-03	medium	mseventsportal.azurewebsites.net/	Phishing
2023-02-03	medium	mseventsportal.azurewebsites.net/en-us/trainingdays/Content/css/style.css?v=13	Phishing
2023-02-03	medium	mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/contact-icon1.jpeg	Phishing
2023-02-03	medium	mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/contact-icon3.jpeg	Phishing
2023-02-03	medium	mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/contact-icon2.jpeg	Phishing
2023-02-03	medium	mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/contact-icon4.jpeg	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js	279 kB	2023-03-07	2024-04-24
Pretty URL wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js IP 13.107.238.53 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:35 Last Seen2024-04-24 08:59:37 Times Seen7688 Hash 5f524e20ce61f542125454baf867c47b 7e9834fd30dcfd27532ce79165344a438c31d78b c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9 Loading...

	mseventsportal.azurewebsites.net/	484 B	2023-03-13	2023-08-05
Pretty URL mseventsportal.azurewebsites.net/ IP 52.173.87.130 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:05:17 Last Seen2023-08-05 00:33:12 Times Seen4 Hash 04d2ad3bfa86fdae7685e828237cb418 f4a6258705667527299cf6012c639ee668cd766f 62fef0560876a589d6d62d3fc9a6137a69890d6d0e2ac5206ee6a0c75d2882c0 Loading...

	mseventsportal.azurewebsites.net/	491 B	2023-03-12	2023-05-16
Pretty URL mseventsportal.azurewebsites.net/ IP 52.173.87.130 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 12:41:05 Last Seen2023-05-16 02:51:27 Times Seen794 Hash 53c4b5771467cbd55167276f7e1ea8b1 29aa5727e45c8321e33f773368d2f7c03202ea6c f19f2018a7701579df16c460055d04a77010856d2509a06c9c80f280ae19ca8b Loading...

	mseventsportal.azurewebsites.net/	1.4 kB	2023-03-13	2023-08-05
Pretty URL mseventsportal.azurewebsites.net/ IP 52.173.87.130 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:05:17 Last Seen2023-08-05 00:33:12 Times Seen4 Hash 78db5ca7c6e30aa611f5d73f349e17e5 ef1c142bca2b7787b6bff8f62b364b99b53be31c bdc215c18d4dfea8457cb03315036226e3c5d1e20dd0e0f443db169cc8ed8ee0 Loading...

	mwf-service.akamaized.net/mwf/js/bundle/1.58.3/mwf-auto-init-main.var.min.js	379 kB	2023-03-13	2023-03-13
Pretty URL mwf-service.akamaized.net/mwf/js/bundle/1.58.3/mwf-auto-init-main.var.min.js IP 23.36.76.163 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:05:17 Last Seen2023-03-13 16:11:52 Times Seen1 Hash b4612c3212b52184d7c52ea4caf39986 d79cb8f574fee3ffdc8fcf6ad6c76700614648ab b142ebd43c701d644acf240e289bb40c4bdf1bd2aee4246a3464c82edc78c208 Loading...

	ajax.aspnetcdn.com/ajax/jQuery/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-04-24
Pretty URL ajax.aspnetcdn.com/ajax/jQuery/jquery-3.6.0.min.js IP 152.199.19.160 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-24 11:53:09 Times Seen260926 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1	137 kB	2023-03-13	2023-04-05
Pretty URL www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1 IP 23.38.201.156 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:27:52 Last Seen2023-04-05 02:12:08 Times Seen357 Hash 2cc02dc1fb567abe4b05d266eb06d922 6dcbdeb8033539e29ca4d11975bee63bfabbfdad 14bc892aff22a1998743df7de326750231ec0592917c70c5a9e5478fea456409 Loading...

	js.monitor.azure.com/scripts/c/ms.jsll-3.min.js	183 kB	2023-03-08	2023-03-14
Pretty URL js.monitor.azure.com/scripts/c/ms.jsll-3.min.js IP 13.107.238.53 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:27:41 Last Seen2023-03-14 03:54:41 Times Seen1 Hash cab91ff466755efcfa1d8382745fe74f 62eb6f132eb7f324bd3aab6de2cdf61925deb553 cacd215430aa66f1391abd136f23ddb729b3fe44c6385a43b62d7a9e8479ea03 Loading...

HTTP Transactions (54)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16245
Expires: Sat, 04 Feb 2023 04:21:51 GMT
Date: Fri, 03 Feb 2023 23:51:06 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3398
Expires: Sat, 04 Feb 2023 00:47:44 GMT
Date: Fri, 03 Feb 2023 23:51:06 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 23:36:12 GMT
content-type: application/json
age: 894
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

mseventsportal.azurewebsites.net/

52.173.87.130

301 Moved Permanently

0 B

URL HTTP/1.1
mseventsportal.azurewebsites.net/
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Outlook
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Date: Fri, 03 Feb 2023 23:51:05 GMT
Location: https://mseventsportal.azurewebsites.net/

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11097
Expires: Sat, 04 Feb 2023 02:56:03 GMT
Date: Fri, 03 Feb 2023 23:51:06 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: cpeOLWagBRDV3cuVkQaAtkEy6vPwkS4n8uZNtJtjTH+XkRyANU/b70PnUqFF4Ec/sntjgIBPGCQ=
x-amz-request-id: KDGNR4R100H6CMJ6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 23:23:46 GMT
age: 1640
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 23:51:06 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 23:49:06 GMT
age: 120
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21249
Expires: Sat, 04 Feb 2023 05:45:15 GMT
Date: Fri, 03 Feb 2023 23:51:06 GMT
Connection: keep-alive

push.services.mozilla.com/

54.149.129.99

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.129.99:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: M9pY8AxzUJ9nw2z7Ojg0wQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BQt3gPqM1AKB0o0w5zKz8FIUQoM=

mseventsportal.azurewebsites.net/

52.173.87.130

200 OK

19 kB

URL HTTP/1.1
mseventsportal.azurewebsites.net/
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4971), with CRLF, LF line terminators
Size
19 kB (18963 bytes)
Hash
2ced14018adb522a2246d17b2b48022c
9e43e4e2ce203a364111cbfbba0d7851eb25062c
bc3c11ba1563e0bb30eef8c6209dd313cef0ee16085200fe91b6d358dfd2cae2

Detections

Analyzer	Verdict	Alert
openphish	Outlook
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Content-Length: 18963
Content-Type: text/html; charset=utf-8
Date: Fri, 03 Feb 2023 23:51:07 GMT
Server: Microsoft-IIS/10.0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df;Path=/;HttpOnly;Secure;Domain=mseventsportal.azurewebsites.net
ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df;Path=/;HttpOnly;SameSite=None;Secure;Domain=mseventsportal.azurewebsites.net
Vary: Accept-Encoding
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Frame-Options: DENY

ajax.aspnetcdn.com/ajax/jQuery/jquery-3.6.0.min.js

152.199.19.160

200 OK

31 kB

URL HTTP/2
ajax.aspnetcdn.com/ajax/jQuery/jquery-3.6.0.min.js
IP
152.199.19.160:0
ASN
#15133 EDGECAST

File type
ASCII text, with very long lines (65447)
Size
31 kB (30982 bytes)
Hash
9b0df0e2d00cb47a92ca0bb8a626a5ca
703ad8039c14079293957cdedacf800e9dab324b
5fc24a6ac6859491a9379b4aaa34017a02599e16cdb47a190993909a62be9dde

HTTP Headers

GET /ajax/jQuery/jquery-3.6.0.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 17451595
cache-control: public,max-age=31536000
content-type: application/javascript
date: Fri, 03 Feb 2023 23:51:07 GMT
etag: "803056b57d10d71:0"
last-modified: Wed, 03 Mar 2021 22:36:53 GMT
server: ECAcc (ska/F6B4)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30982
X-Firefox-Spdy: h2

img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31

23.36.76.200

200 OK

4.1 kB

URL HTTP/2
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
IP
23.36.76.200:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4054 bytes)
Hash
9f14c20150a003d7ce4de57c298f0fba
daa53cf17cc45878a1b153f3c3bf47dc9669d78f
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

HTTP Headers

GET /cms/api/am/imageFileData/RE1Mu3b?ver=5c31 HTTP/1.1
Host: img-prod-cms-rt-microsoft-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
last-modified: Thu, 26 Jan 2023 21:50:57 GMT
x-source-length: 4054
x-datacenter: northeu
x-activityid: bd916f15-c663-4c8d-b996-0582c67c774f
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 4054
cache-control: public, max-age=122444
expires: Sun, 05 Feb 2023 09:51:51 GMT
date: Fri, 03 Feb 2023 23:51:07 GMT
X-Firefox-Spdy: h2

mwf-service.akamaized.net/mwf/js/bundle/1.58.3/mwf-auto-init-main.var.min.js

23.36.76.163

200 OK

90 kB

URL HTTP/2
mwf-service.akamaized.net/mwf/js/bundle/1.58.3/mwf-auto-init-main.var.min.js
IP
23.36.76.163:0
ASN
#20940 Akamai International B.V.

File type
HTML document, ASCII text, with very long lines (46296)
Size
90 kB (89918 bytes)
Hash
9182dfdf1a80e9881c27fc2b497f8bee
becd6434a11e750b9162e6f4c73ec9e838bc86f9
252b83f45126737d483c69a5523c53a0458e71edbc83919f6e4b3ac3450b39e1

HTTP Headers

GET /mwf/js/bundle/1.58.3/mwf-auto-init-main.var.min.js HTTP/1.1
Host: mwf-service.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
last-modified: Wed, 05 Jan 2022 00:10:53 GMT
server: Microsoft-IIS/10.0
x-activity-id: ff8215fa-a446-4691-81af-8fc2a624687c
ms-cv: sfTttM1VPEyEd0hP.0
x-appversion: 1.0.8015.2375
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odeastus, dt: 2018-05-03T20:14:23.4188992Z, bt: 2021-12-11T09:19:10.0000000Z}
ms-operation-id: c99cc4884d9a1748bc0b787cfcd6ba34
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-s1: 2022-01-05T00:10:55
x-s2: 2022-01-05T00:10:55
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
content-length: 89918
cache-control: public, max-age=14589066
expires: Sat, 22 Jul 2023 20:22:13 GMT
date: Fri, 03 Feb 2023 23:51:07 GMT
X-Firefox-Spdy: h2

statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css

23.36.76.96

200 OK

473 B

URL HTTP/1.1
statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css
IP
23.36.76.96:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (342), with CRLF line terminators
Size
473 B (473 bytes)
Hash
a40589609d8e75c109e93abbff0dcf60
76ae9c943d54022e24b90467713a73a431eddd6d
2c959c2618be84448b26de18639db8a66126449c6ebb29f4f6d33e00adb5b069

HTTP Headers

GET /statics/override.css HTTP/1.1
Host: statics-marketingsites-wcus-ms-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 11 Jun 2019 23:22:13 GMT
ETag: 0x8D6EEC3A2D67C35
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0be3c9b2-601e-001b-2ec3-662498000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Vary: Accept-Encoding
Content-Encoding: gzip
Unused62: 8096267
Content-Length: 473
Date: Fri, 03 Feb 2023 23:51:07 GMT
Connection: keep-alive

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/css/style.css?v=13

52.173.87.130

200 OK

864 B

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/css/style.css?v=13
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
864 B (864 bytes)
Hash
b4da6a06d66b2563261d8218b66df4e0
d4896934aca16ba44423af9e857de57632898226
a72945943df7c13a91542ebf5a4fefd0d3f79a123c1008135b0472585a9428d6

Detections

Analyzer	Verdict	Alert
openphish	Outlook
fortinet	Phishing

HTTP Headers

GET /en-us/trainingdays/Content/css/style.css?v=13 HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 864
Content-Type: text/css
Date: Fri, 03 Feb 2023 23:51:07 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ETag: "2f3faf9e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
X-Frame-Options: DENY

www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1

23.38.201.156

200 OK

36 kB

URL HTTP/2
www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1
IP
23.38.201.156:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (42133)
Size
36 kB (35900 bytes)
Hash
d95e11ceb03f2345a320093cab78025e
61a86a14316100b63da779f7e173849643e687f5
e51a46060665f507a73982f7aa0a4088fc5b371023c237fefa0a1d806b56f6b0

HTTP Headers

GET /onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 24 Jan 2023 17:57:40 GMT
x-activity-id: afdd9be8-9abb-4122-ae9b-da02f28f8762
x-appversion: 1.0.8405.38376
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-01-06T05:19:12.0000000Z}
ms-operation-id: 6363f87892584147986ee80ae96eefc0
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2023-01-24T17:57:40
x-s2: 2023-01-24T17:57:41
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=30650793
expires: Wed, 24 Jan 2024 17:57:40 GMT
date: Fri, 03 Feb 2023 23:51:07 GMT
content-length: 35900
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV9ea9a166.0
ms-cv-esi: CASMicrosoftCV9ea9a166.0
x-rtag: RT
X-Firefox-Spdy: h2

www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231

23.38.201.156

200 OK

23 kB

URL HTTP/2
www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231
IP
23.38.201.156:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text, with very long lines (64241)
Size
23 kB (22729 bytes)
Hash
09800dff9a5770bdc368ae73ec89b229
52864194fec1b7fa70ba6e8bda68f0d8f27b21d1
d981d06eaec00bf7feef2b5dc799c3b50332ee867b8048109d45cb6a97e52557

HTTP Headers

GET /onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 13 Dec 2022 20:44:22 GMT
x-activity-id: 5970f663-607d-4b17-942b-7f6d6b6635bc
x-appversion: 1.0.8349.33967
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-11-11T02:52:14.0000000Z}
ms-operation-id: 2c52758a7ed38d4ba46d8133da4c1f83
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-12-13T20:44:22
x-s2: 2022-12-13T20:44:22
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 22729
cache-control: public, max-age=27031997
expires: Wed, 13 Dec 2023 20:44:24 GMT
date: Fri, 03 Feb 2023 23:51:07 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV9ea9a16f.0
ms-cv-esi: CASMicrosoftCV9ea9a16f.0
x-rtag: RT
X-Firefox-Spdy: h2

wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js

13.107.238.53

200 OK

82 kB

URL HTTP/2
wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
IP
13.107.238.53:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (63888), with no line terminators
Size
82 kB (81726 bytes)
Hash
e51f388b62281af5b4a9193cce419941
364f3d737462b7fd063107fe2c580fdb9781a45a
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

HTTP Headers

GET /mscc/lib/v2/wcp-consent.js HTTP/1.1
Host: wcpstatic.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: max-age=43200
content-length: 81726
content-type: application/javascript
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
age: 39826
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: bffeceb7-901e-0002-01cd-376177000000
x-ms-version: 2009-09-19
x-azure-ref: 0653dYwAAAACX7Mh0/mMAQJ+6VWnJEYTQQ1BIMzBFREdFMDQwOAAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
date: Fri, 03 Feb 2023 23:51:07 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15375
Expires: Sat, 04 Feb 2023 04:07:23 GMT
Date: Fri, 03 Feb 2023 23:51:08 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15375
Expires: Sat, 04 Feb 2023 04:07:23 GMT
Date: Fri, 03 Feb 2023 23:51:08 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15375
Expires: Sat, 04 Feb 2023 04:07:23 GMT
Date: Fri, 03 Feb 2023 23:51:08 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15375
Expires: Sat, 04 Feb 2023 04:07:23 GMT
Date: Fri, 03 Feb 2023 23:51:08 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15375
Expires: Sat, 04 Feb 2023 04:07:23 GMT
Date: Fri, 03 Feb 2023 23:51:08 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe387e59d-188b-44a0-b94c-033d7d635117.jpeg

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe387e59d-188b-44a0-b94c-033d7d635117.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6718 bytes)
Hash
45c6a062f8637e689819f505b019dc0e
61665688f1039c4fad848853a68e28d057718ad1
c9b14113eba535a2e1a6cbbf121a818ad0204fc6dd7b2ea9b592830ab927d6d1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe387e59d-188b-44a0-b94c-033d7d635117.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6718
x-amzn-requestid: 662f889b-4c25-4dec-85d4-ea9dfa8b8974
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7DE5boAMF_cA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-33ca99fc7b6eac8d5486d6c1;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WvNs1hPPXHBJs5rTIBqH3DbqLLX6si9jHF46KrsuT9BFB2N2V3zeUA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:06:20 GMT
age: 6288
etag: "61665688f1039c4fad848853a68e28d057718ad1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13065 bytes)
Hash
cf80667db0c35c9c6139eca4ba5d12fd
4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590
d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13065
x-amzn-requestid: 20c6f462-0f1f-44d1-9b6b-6afbc4e79e8b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpYpcELtIAMFvFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63da07d5-44cd803c0feba28919b0a9ec;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 06:33:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T3PhGRcHX1X2hn8K_4587fXBrEyuY5Em-b9Jg41uH4uyQXeFoRBIYg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:55:01 GMT
age: 6967
etag: "4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9500 bytes)
Hash
3ac51fd6789cbe19c2d484c9022b0e39
bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9
300b5e50cb910f9f4905ee7313d98763b68f85f5874db499cc94469fb14cabfe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9500
x-amzn-requestid: 8fe94388-e8d9-4329-b73a-e9a356df76bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9QEA1IAMF3Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8054-51f954ac4bec16d1055e38f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FkTJ6wQ4eFYBPDyS0l5vLeWvHHiQIx-cYyFzT4ggHJ8M5Gg3dozFxQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:59:51 GMT
age: 6677
etag: "bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F650fe1e4-0f8a-4306-9cff-2ad3248d13b1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.9 kB (3868 bytes)
Hash
77e225775154732b55c206faa6fce355
126bdaa18d9a1650b5e3a4e883d89188e8bbf136
af7fb0e6cfe7082af183bd2ba5ef43ab3ef3f9e6df2761ed4534bd48aa078798

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F650fe1e4-0f8a-4306-9cff-2ad3248d13b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3868
x-amzn-requestid: 5ae7dc8b-55a8-4500-84ef-938727459c1d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyDqqHskoAMFpyw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd7fdd-662f24ed24651faa2323de32;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:42:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mk-qCGW538M5F88fom6XC1UmuzHd7qqEDUQQBdu-tVFn7-I4r547sg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:42:12 GMT
age: 4136
etag: "126bdaa18d9a1650b5e3a4e883d89188e8bbf136"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0567732b-c9d0-4bac-89d8-3dc6a16e522c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8267 bytes)
Hash
99bf0073acf75f9e04b52a96bf47797b
fa68da2c92fa89ed3dafe9915e064fca022af21f
961b77616486483e5767f214d2417275b9c995614128acab3521b6cd2f8866e2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0567732b-c9d0-4bac-89d8-3dc6a16e522c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8267
x-amzn-requestid: 8bf1f9c3-4508-489e-9f45-3ce50df74b0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEW0HM6IAMFXog=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd80f8-2e7c768d54981cf1634830db;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:47:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ThTL_OlFd4yMELCmSzH4ziqxa8gdYgAAbxLY9VZPVaIldOUkvFVF_Q==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:12:43 GMT
age: 5905
etag: "fa68da2c92fa89ed3dafe9915e064fca022af21f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10253 bytes)
Hash
392b61306c346508d3ac4a2f28218f9c
d2de32b52e0d3f4fc6acaf687b3521294b01dc03
018712a4d6734b84ac1777124f97dae4d93b1e5b297a5dcfe0955b52710b8a35

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10253
x-amzn-requestid: a90cb6b3-8a72-4b4b-b4f5-6dafc8c6752a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7GGv5IAMFu8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-3ca59e7c52800a4e44bda8fd;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jBxNmhfAeUgxg8w4XpQHZ1QoN9GatdUV7V7r2tHd7YePJYPHpesd2Q==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:05:21 GMT
age: 6347
etag: "d2de32b52e0d3f4fc6acaf687b3521294b01dc03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

51.11.192.49

200 OK

0 B

URL HTTP/1.1
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP
51.11.192.49:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Referer: https://mseventsportal.azurewebsites.net/
Origin: https://mseventsportal.azurewebsites.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, 3600
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Max-Age: 3600
Access-Control-Allow-Origin: https://mseventsportal.azurewebsites.net
Date: Fri, 03 Feb 2023 23:51:08 GMT

browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

51.11.192.49

403 No events are from an allowed domain.

57 B

URL HTTP/1.1
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP
51.11.192.49:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with no line terminators
Size
57 B (57 bytes)
Hash
579ca008efd6b47440e2e963c054f869
b6158b981b9db9e94e299050b512f8509a33c552
007f9575d3d35f0c78a1de1293fdd9af540dd8de44a9fcca658336e0d1e73ea7

HTTP Headers

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Client-Id: NO_AUTH
client-version: 1DS-Web-JS-3.2.8
apikey: 1b706db4a2e245318119f8bd13b3bd17-f5a05525-6a4f-42de-b069-1eae82dbf325-7258
upload-time: 1675468301747
time-delta-to-apply-millis: use-collector-delta
cache-control: no-cache, no-store
content-type: application/x-json-stream
Content-Length: 853
Origin: https://mseventsportal.azurewebsites.net
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 403 No events are from an allowed domain.
Content-Length: 57
Content-Type: application/json
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Collector-Error: No events are from an allowed domain.
Access-Control-Allow-Headers: Collector-Error
Access-Control-Allow-Methods: POST
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mseventsportal.azurewebsites.net
Access-Control-Expose-Headers: Collector-Error
Date: Fri, 03 Feb 2023 23:51:08 GMT

www.microsoft.com/mwf/_h/v3.07/mwf.app/fonts/mwfmdl2-v3.07.woff2

23.38.201.156

200 OK

20 kB

URL HTTP/2
www.microsoft.com/mwf/_h/v3.07/mwf.app/fonts/mwfmdl2-v3.07.woff2
IP
23.38.201.156:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 19620, version 0.0\012- data
Size
20 kB (19620 bytes)
Hash
143a41dde12b15393bbfead7fa1d358d
329c4ba4044733f4846c5e04059a506774fcef61
f100dda9cac03b74f147ac43fc82c3f39db7f2a97772424795b98eb1a2a922d5

HTTP Headers

GET /mwf/_h/v3.07/mwf.app/fonts/mwfmdl2-v3.07.woff2 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mseventsportal.azurewebsites.net
Connection: keep-alive
Referer: https://mwf-service.akamaized.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Tue, 14 Jun 2022 13:27:38 GMT
x-activity-id: 94f142fe-a9b3-4c31-b101-a1616aec99bf
x-appversion: 1.0.8167.41521
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-05-13T07:04:02.0000000Z}
ms-operation-id: a1463ce4b2cc40448de4f10aa498df26
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 19620
cache-control: public, max-age=14256725
expires: Wed, 19 Jul 2023 00:03:14 GMT
date: Fri, 03 Feb 2023 23:51:09 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV9ea9eb63.0
ms-cv-esi: CASMicrosoftCV9ea9eb63.0
x-rtag: RT
X-Firefox-Spdy: h2

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/youtube.png

52.173.87.130

200 OK

332 B

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/youtube.png
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced\012- data
Size
332 B (332 bytes)
Hash
b9a1e843699fa17513f807bc78f774fb
599e12fcb9c0843c72832db6cd2a441797c79568
a7a52942c5ccb21d55b9fdbb5ba8261544c8aa5e2aa0d71b4e20126728e29ef1

Detections

Analyzer	Verdict	Alert
openphish	Outlook

HTTP Headers

GET /en-us/trainingdays/Content/images/youtube.png HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 332
Content-Type: image/png
Date: Fri, 03 Feb 2023 23:51:09 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
ETag: "e7ecbf9e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
X-Powered-By: ASP.NET
X-Frame-Options: DENY

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/twitter.png

52.173.87.130

200 OK

532 B

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/twitter.png
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced\012- data
Size
532 B (532 bytes)
Hash
b30436eb503a7ea8e77925f435df4671
3313c5fde8ec85b94547168b867efec0188f5987
0ac4630b76827b89ebea070a1beb6e5175d280eadc76b67fa886cf6068368ca3

Detections

Analyzer	Verdict	Alert
openphish	Outlook

HTTP Headers

GET /en-us/trainingdays/Content/images/twitter.png HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 532
Content-Type: image/png
Date: Fri, 03 Feb 2023 23:51:09 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
ETag: "c89ebf9e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
X-Powered-By: ASP.NET
X-Frame-Options: DENY

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/contact-icon1.jpeg

52.173.87.130

200 OK

1.9 kB

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/contact-icon1.jpeg
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.9 kB (1918 bytes)
Hash
373bce1b6270ef47fd41a2c7fe2a8e60
161147a0b7b7722eeece649959188004c0ef55f3
c1d718db00587bd2679ed7eba72c020cd29d0010f2e31339814439060a70e125

Detections

Analyzer	Verdict	Alert
openphish	Outlook
fortinet	Phishing

HTTP Headers

GET /en-us/trainingdays/Content/images/contact-icon1.jpeg HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 1918
Content-Type: image/jpeg
Date: Fri, 03 Feb 2023 23:51:09 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
ETag: "1fe2b49e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
X-Powered-By: ASP.NET
X-Frame-Options: DENY

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/maintop.jpg

52.173.87.130

200 OK

72 kB

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/maintop.jpg
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 630x472, components 3\012- data
Size
72 kB (71497 bytes)
Hash
c090e8bb70e6092825e8b7fc38ed7482
f4a6ecccd30ccb3fd82c7448bdcd4d014bc74d61
48be137a5e34a2e4f842950b9093f540004ef4544897a00b2a5c3a9c7016b4d3

Detections

Analyzer	Verdict	Alert
openphish	Outlook

HTTP Headers

GET /en-us/trainingdays/Content/images/maintop.jpg HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 71497
Content-Type: image/jpeg
Date: Fri, 03 Feb 2023 23:51:09 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
ETag: "3e12ba9e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
X-Powered-By: ASP.NET
X-Frame-Options: DENY

c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2

23.38.201.156

200 OK

34 kB

URL HTTP/2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
IP
23.38.201.156:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 34052, version 0.0\012- data
Size
34 kB (34052 bytes)
Hash
36397a3bc139c6e9f81d383f060f080a
3f4f86c10920d4ed345f4858b6cde9f93e1aeb81
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b

HTTP Headers

GET /static/fonts/segoe-ui/west-european/normal/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mseventsportal.azurewebsites.net
Connection: keep-alive
Referer: https://mwf-service.akamaized.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 34052
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "588d483e9c7d51:0"
cache-control: public, max-age=345023
expires: Tue, 07 Feb 2023 23:41:32 GMT
date: Fri, 03 Feb 2023 23:51:09 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/latest.woff2

23.38.201.156

200 OK

30 kB

URL HTTP/2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/latest.woff2
IP
23.38.201.156:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 30132, version 0.0\012- data
Size
30 kB (30132 bytes)
Hash
4c38c2a78502af8dfbfe0f71cc49a1ae
4b8c845263b3696e28cf3f313e0214e22688a750
1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b

HTTP Headers

GET /static/fonts/segoe-ui/west-european/Bold/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mseventsportal.azurewebsites.net
Connection: keep-alive
Referer: https://mwf-service.akamaized.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 30132
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:42 GMT
accept-ranges: bytes
etag: "83cce83e9c7d51:0"
cache-control: public, max-age=229041
expires: Mon, 06 Feb 2023 15:28:30 GMT
date: Fri, 03 Feb 2023 23:51:09 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/contact-icon3.jpeg

52.173.87.130

200 OK

1.8 kB

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/contact-icon3.jpeg
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.8 kB (1818 bytes)
Hash
6642bd87021bbe9a17d051a29988ce95
d2ebb3cd2c3817fcd2732677cc471a5d2d23192f
a6901bd0d07297225b1e460d0884dcabbc1b1349fc4a06b8ba4359210b02da4b

Detections

Analyzer	Verdict	Alert
openphish	Outlook
fortinet	Phishing

HTTP Headers

GET /en-us/trainingdays/Content/images/contact-icon3.jpeg HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 1818
Content-Type: image/jpeg
Date: Fri, 03 Feb 2023 23:51:09 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
ETag: "2d9b59e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
X-Powered-By: ASP.NET
X-Frame-Options: DENY

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/contact-icon2.jpeg

52.173.87.130

200 OK

1.2 kB

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/contact-icon2.jpeg
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.2 kB (1182 bytes)
Hash
013e6cf3e9a03ff3635cff728d2993b5
e3327474004c37f6586d744e47b8fa18b310c14e
15b63c7ec79cd33d8f5c95fad2ab954e2fc2b1acd37b4da7d9749ea422f3a7ef

Detections

Analyzer	Verdict	Alert
openphish	Outlook
fortinet	Phishing

HTTP Headers

GET /en-us/trainingdays/Content/images/contact-icon2.jpeg HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 1182
Content-Type: image/jpeg
Date: Fri, 03 Feb 2023 23:51:09 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
ETag: "2d9b59e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
X-Powered-By: ASP.NET
X-Frame-Options: DENY

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/contact-icon4.jpeg

52.173.87.130

200 OK

1.4 kB

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/contact-icon4.jpeg
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.4 kB (1436 bytes)
Hash
264799ab4715147ca325737c877c9ef8
5f2bd1f9f2c920513036eb9a57329dbf1dbe1e27
984e3de57d123fbd75f7e1ae994759442a32fc22889c124cb31d97a6634f2309

Detections

Analyzer	Verdict	Alert
openphish	Outlook
fortinet	Phishing

HTTP Headers

GET /en-us/trainingdays/Content/images/contact-icon4.jpeg HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 1436
Content-Type: image/jpeg
Date: Fri, 03 Feb 2023 23:51:09 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
ETag: "3f30b59e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
X-Powered-By: ASP.NET
X-Frame-Options: DENY

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/facebook.png

52.173.87.130

200 OK

265 B

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/facebook.png
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced\012- data
Size
265 B (265 bytes)
Hash
352637e02a377a29073aa9f65b1fba22
e5e2b07f777f47dcf158120b11d0b6bdeb0bc878
c77873c0c4a8499ba493832e950d41cbaee43020d5c99d702a1e9debbaf0db32

Detections

Analyzer	Verdict	Alert
openphish	Outlook

HTTP Headers

GET /en-us/trainingdays/Content/images/facebook.png HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 265
Content-Type: image/png
Date: Fri, 03 Feb 2023 23:51:09 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
ETag: "eeb6b69e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
X-Powered-By: ASP.NET
X-Frame-Options: DENY

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/blog.png

52.173.87.130

200 OK

591 B

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/blog.png
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
591 B (591 bytes)
Hash
16ad3bb83f7cf91d742eadb46335ecf4
c37baa6a8610c9839bf51154e254219ae32bfb2a
8ab66a1834c110d111a42f066ea33abe2590d5c4c73d9bb61609d3762ffc6fdd

Detections

Analyzer	Verdict	Alert
openphish	Outlook

HTTP Headers

GET /en-us/trainingdays/Content/images/blog.png HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 591
Content-Type: image/png
Date: Fri, 03 Feb 2023 23:51:09 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
ETag: "ebbb49e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
X-Powered-By: ASP.NET
X-Frame-Options: DENY

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/mainpageaz.jpg

52.173.87.130

200 OK

29 kB

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/mainpageaz.jpg
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 542x406, components 3\012- data
Size
29 kB (29146 bytes)
Hash
ab76d1016d8ac7a3215b75c309231b8d
78e08bc7a42f899aa630ca3ad1d549f460268afb
96359531aa858c71dc08544d2f97194059588eb4e1935854f571f88d409e4e2a

Detections

Analyzer	Verdict	Alert
openphish	Outlook

HTTP Headers

GET /en-us/trainingdays/Content/images/mainpageaz.jpg HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 29146
Content-Type: image/jpeg
Date: Fri, 03 Feb 2023 23:51:09 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
ETag: "f94eb99e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
X-Powered-By: ASP.NET
X-Frame-Options: DENY

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/mainpageba.jpg

52.173.87.130

200 OK

43 kB

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/mainpageba.jpg
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 542x406, components 3\012- data
Size
43 kB (43145 bytes)
Hash
71256f52e01e7a421348a6bc07c2d666
24b74e3e5bbf1c3a4ef69c0bdd84190beac8fb0e
d8d6e55dcc7da61e3c132f884b88e0970c510cff8e529c1ce200c4b91f4a0bca

Detections

Analyzer	Verdict	Alert
openphish	Outlook

HTTP Headers

GET /en-us/trainingdays/Content/images/mainpageba.jpg HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 43145
Content-Type: image/jpeg
Date: Fri, 03 Feb 2023 23:51:09 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
ETag: "1c9db99e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
X-Powered-By: ASP.NET
X-Frame-Options: DENY

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/mainpagesec.jpg

52.173.87.130

200 OK

42 kB

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/mainpagesec.jpg
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 542x406, components 3\012- data
Size
42 kB (41954 bytes)
Hash
68d13d44fcbdf24b1f877d55e08041e8
d4dcbcf620c653ae583daade9cb71f963e50e4a6
07c2039b6225cca04f561237d4d93bd644fd4a75102d2f61b336c27024aba276

Detections

Analyzer	Verdict	Alert
openphish	Outlook

HTTP Headers

GET /en-us/trainingdays/Content/images/mainpagesec.jpg HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 41954
Content-Type: image/jpeg
Date: Fri, 03 Feb 2023 23:51:09 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
ETag: "38ebb99e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
X-Powered-By: ASP.NET
X-Frame-Options: DENY

mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/mainpage365.jpg

52.173.87.130

200 OK

30 kB

URL HTTP/1.1
mseventsportal.azurewebsites.net/en-us/trainingdays/Content/images/mainpage365.jpg
IP
52.173.87.130:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 542x406, components 3\012- data
Size
30 kB (30036 bytes)
Hash
f502f4e75ce00aab1888057a786dac76
4a85dd7e0577aa39ef5f8ed57f1ac8defca21c8a
6f62ace665afd32d56786a6a5ae28b8c00d847b8776ea13823d228d093123a7d

Detections

Analyzer	Verdict	Alert
openphish	Outlook

HTTP Headers

GET /en-us/trainingdays/Content/images/mainpage365.jpg HTTP/1.1
Host: mseventsportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Cookie: ARRAffinity=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df; ARRAffinitySameSite=62840ac4edc83ae086997573640c86993420cce251066a83b6af994b1e5472df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Length: 30036
Content-Type: image/jpeg
Date: Fri, 03 Feb 2023 23:51:09 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
ETag: "b737b99e343dd81:0"
Last-Modified: Mon, 21 Mar 2022 15:02:01 GMT
X-Powered-By: ASP.NET
X-Frame-Options: DENY

c.s-microsoft.com/favicon.ico?v2

23.38.201.156

200 OK

17 kB

URL HTTP/2
c.s-microsoft.com/favicon.ico?v2
IP
23.38.201.156:0
ASN
#16625 AKAMAI-AS

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

GET /favicon.ico?v2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 17174
content-type: image/x-icon
last-modified: Mon, 12 Dec 2022 20:57:12 GMT
accept-ranges: bytes
etag: "1D90E6C4E79C400"
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-credentials: true
x-frame-options: SAMEORIGIN
x-sitemuse-origin: Azure
x-azure-ref: 0E43GYwAAAAAqTo06ukSDR51cOC0NwdGYQU1TMDRFREdFMTkxOAAxYjJiMjJjMS1jYjBjLTQ5NTAtODg3OS1kMjEyZjJhYzVhNGI=
cache-control: public, max-age=162425
expires: Sun, 05 Feb 2023 20:58:15 GMT
date: Fri, 03 Feb 2023 23:51:10 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

51.11.192.49

403 No events are from an allowed domain.

57 B

URL HTTP/1.1
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP
51.11.192.49:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with no line terminators
Size
57 B (57 bytes)
Hash
579ca008efd6b47440e2e963c054f869
b6158b981b9db9e94e299050b512f8509a33c552
007f9575d3d35f0c78a1de1293fdd9af540dd8de44a9fcca658336e0d1e73ea7

HTTP Headers

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Client-Id: NO_AUTH
client-version: 1DS-Web-JS-3.2.8
apikey: 1b706db4a2e245318119f8bd13b3bd17-f5a05525-6a4f-42de-b069-1eae82dbf325-7258
upload-time: 1675468304177
cache-control: no-cache, no-store
content-type: application/x-json-stream
Content-Length: 2685
Origin: https://mseventsportal.azurewebsites.net
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 403 No events are from an allowed domain.
Content-Length: 57
Content-Type: application/json
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Collector-Error: No events are from an allowed domain.
Access-Control-Allow-Headers: Collector-Error
Access-Control-Allow-Methods: POST
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mseventsportal.azurewebsites.net
Access-Control-Expose-Headers: Collector-Error
Date: Fri, 03 Feb 2023 23:51:10 GMT

browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

51.11.192.49

403 No events are from an allowed domain.

57 B

URL HTTP/1.1
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP
51.11.192.49:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with no line terminators
Size
57 B (57 bytes)
Hash
579ca008efd6b47440e2e963c054f869
b6158b981b9db9e94e299050b512f8509a33c552
007f9575d3d35f0c78a1de1293fdd9af540dd8de44a9fcca658336e0d1e73ea7

HTTP Headers

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Client-Id: NO_AUTH
client-version: 1DS-Web-JS-3.2.8
apikey: 1b706db4a2e245318119f8bd13b3bd17-f5a05525-6a4f-42de-b069-1eae82dbf325-7258
upload-time: 1675468305178
cache-control: no-cache, no-store
content-type: application/x-json-stream
Content-Length: 1020
Origin: https://mseventsportal.azurewebsites.net
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 403 No events are from an allowed domain.
Content-Length: 57
Content-Type: application/json
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Collector-Error: No events are from an allowed domain.
Access-Control-Allow-Headers: Collector-Error
Access-Control-Allow-Methods: POST
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mseventsportal.azurewebsites.net
Access-Control-Expose-Headers: Collector-Error
Date: Fri, 03 Feb 2023 23:51:11 GMT

34.120.237.76

200 OK

7.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e70636-fb7d-4a6e-9742-a039e4d7253d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.1 kB (7101 bytes)
Hash
41580a501cc07c328e6ab6b167a110dc
a4dfa0f479b5f9a036b75b2eea6dffabd3a3486e
0fa45161e563101b3f1293f951a3edf84c88c9f3b29bed9b54f952ca325bf21d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e70636-fb7d-4a6e-9742-a039e4d7253d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 7101
x-amzn-requestid: 479d8004-430a-45b9-99fa-11cbcc605a7c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EHxqoAMFaug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-25ac3c54427748bc191fd1ba;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1-NjCSeyrUAwvL2BDl1JXYK0WY0ze5FZz5-chZ6x2IEnDQBw9rEv6w==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:11:51 GMT
age: 5964
etag: "a4dfa0f479b5f9a036b75b2eea6dffabd3a3486e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

js.monitor.azure.com/scripts/c/ms.jsll-3.min.js

13.107.238.53

200 OK

0 B

URL HTTP/2
js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
IP
13.107.238.53:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /scripts/c/ms.jsll-3.min.js HTTP/1.1
Host: js.monitor.azure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=1800, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: yrkf9GZ1Xvz6HYOCdF/nTw==
last-modified: Wed, 02 Nov 2022 19:31:15 GMT
etag: 0x8DABD08CF2EB3C0
x-cache: TCP_HIT
x-ms-request-id: ed128db0-201e-00f0-2a29-383dde000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.8
x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-3.2.8.min.js
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0cJ3dYwAAAAC8ByFcbim6QYpTLvkfZ+0dRlJBMjMxMDUwNDE4MDIxAGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng==
x-azure-ref: 0653dYwAAAAD8gSQajqkmQboV5BmPQG3XQ1BIMzBFREdFMDQwOABmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Fri, 03 Feb 2023 23:51:07 GMT
X-Firefox-Spdy: h2

mwf-service.akamaized.net/mwf/css/bundle/1.57.5/west-european/default/mwf-west-european-default.min.css

23.36.76.163

200 OK

0 B

URL HTTP/2
mwf-service.akamaized.net/mwf/css/bundle/1.57.5/west-european/default/mwf-west-european-default.min.css
IP
23.36.76.163:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /mwf/css/bundle/1.57.5/west-european/default/mwf-west-european-default.min.css HTTP/1.1
Host: mwf-service.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mseventsportal.azurewebsites.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
server: Microsoft-IIS/10.0
x-activity-id: dd3a5e0c-4a45-4cf7-bb29-46fd057339d8
ms-cv: mXcjn7xSCEGPuDEd.0
x-appversion: 1.0.8420.1412
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-01-20T08:47:04.0000000Z}
ms-operation-id: a4ec615102edfd4c89574bc7324ff110
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-s1: 2023-02-03T23:51:08
x-s2: 2023-02-03T23:51:09
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
expires: Fri, 03 Feb 2023 23:51:09 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 03 Feb 2023 23:51:09 GMT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML