Overview

URLlmox-login-microsoftonline.fileed.xyz/
IP 142.93.32.110 (United Kingdom)
ASN#14061 DIGITALOCEAN-ASN
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-28 16:13:22 UTC
StatusLoading report..
IDS alerts0
Blocklist alert2
urlquery alerts No alerts detected
Tags None

Domain Summary (12)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
r3.o.lencr.org (6) 344 No data No data 23.36.76.226
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
login.microsoftonline.com (2) 25 2017-02-19 07:06:40 UTC 2022-10-03 13:10:43 UTC 20.190.160.13
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 44.242.41.15
login.live.com (1) 79 2012-05-21 07:00:20 UTC 2020-04-15 21:10:08 UTC 20.190.160.12
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
lmox-login-microsoftonline.fileed.xyz (2) 0 No data No data 142.93.32.110 Unknown ranking
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-28 05:55:58 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-28 05:46:10 UTC 34.117.237.239
www.office.com (1) 2755 2014-02-12 01:02:36 UTC 2021-03-31 16:06:33 UTC 13.107.6.156
aadcdn.msftauth.net (13) 1455 No data No data 152.199.23.37

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-28 2 lmox-login-microsoftonline.fileed.xyz/ Phishing
2022-11-28 2 lmox-login-microsoftonline.fileed.xyz/ Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 142.93.32.110
Date UQ / IDS / BL URL IP
2022-11-28 16:13:22 +0000 0 - 0 - 2 lmox-login-microsoftonline.fileed.xyz/ 142.93.32.110


Last 5 reports on ASN: DIGITALOCEAN-ASN
Date UQ / IDS / BL URL IP
2023-01-30 17:49:21 +0000 2 - 4 - 1 onlinemobileauthorization.ddns.us/ 159.223.150.10
2023-01-30 17:35:16 +0000 0 - 0 - 1 www.noticiassudamerica.com/lp23/br/gina.php 137.184.2.54
2023-01-30 17:28:48 +0000 3 - 7 - 1 login-infinix.duckdns.org/ 68.183.230.172
2023-01-30 17:09:49 +0000 0 - 2 - 1 godenfasternow.com/ 178.62.57.180
2023-01-30 16:58:45 +0000 0 - 0 - 2 kalid.live/ 147.182.255.121


Last 1 reports on domain: fileed.xyz
Date UQ / IDS / BL URL IP
2022-11-28 16:13:22 +0000 0 - 0 - 2 lmox-login-microsoftonline.fileed.xyz/ 142.93.32.110


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-25 00:26:01 +0000 0 - 0 - 0 teams.live.com 52.113.194.132
2023-01-16 20:56:10 +0000 0 - 0 - 0 cxportal.b2clogin.com 40.126.32.73
2023-01-16 04:48:23 +0000 0 - 1 - 0 authv4.wirelesspaymentsystemabcde.buzz/?username= 31.220.50.62
2023-01-16 03:54:23 +0000 0 - 1 - 0 authv4.wirelesspaymentsystemabcde.buzz/?usern (...) 31.220.50.62
2023-01-12 15:55:06 +0000 0 - 0 - 0 iwgvu.xretive.click/?XWD=E4BMF0AGFSAWUUBGVYB3 (...) 172.67.216.22

JavaScript

Executed Scripts (10)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (38)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: lmox-login-microsoftonline.fileed.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         142.93.32.110
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Mon, 28 Nov 2022 16:13:10 GMT
Content-Length: 162
Connection: keep-alive
Location: https://lmox-login-microsoftonline.fileed.xyz/


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3657
Expires: Mon, 28 Nov 2022 17:14:08 GMT
Date: Mon, 28 Nov 2022 16:13:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1859
Cache-Control: max-age=154149
Date: Mon, 28 Nov 2022 16:13:11 GMT
Etag: "63848df9-1d7"
Expires: Wed, 30 Nov 2022 11:02:20 GMT
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12446
Expires: Mon, 28 Nov 2022 19:40:37 GMT
Date: Mon, 28 Nov 2022 16:13:11 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 15:19:32 GMT
cache-control: public,max-age=3600
age: 3219
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    567df7db606cf5d0871aa5bc9311b6da
Sha1:   4263faac7cbab2fcaf6661911dcad5091c06be17
Sha256: e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: v8VKD2epYgZg5Emryvd1n+T93VXuKUNc34fJvPFjMRJ7GRqbpGcl21aaUsIdOdJPQjXHHhpFsxc=
x-amz-request-id: JGMX2BACVDZDBRHZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 15:45:05 GMT
age: 1686
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 28 Nov 2022 16:13:11 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6664BD033B347A8FB34B57D2B082BF0489D35CD63686622832DDBD3B0DB85B1B"
Last-Modified: Mon, 28 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 28 Nov 2022 22:13:11 GMT
Date: Mon, 28 Nov 2022 16:13:11 GMT
Connection: keep-alive

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 16:11:12 GMT
cache-control: public,max-age=3600
age: 119
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2516
Cache-Control: max-age=149740
Date: Mon, 28 Nov 2022 16:13:11 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 09:48:51 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: login.microsoftonline.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: brcap=0; MSFPC=GUID=27491a5fca0c436896bdbf20a1588da0&HASH=2749&LV=202205&V=4&LU=1652883922743; ESTSSSOTILES=1; AADSSOTILES=1; buid=0.AXYAzDURqmg3O0SfFtEPw4psAQ4On6D8Zd9OspRugBbh3BlbAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrGjFelfLyRcO8FXJ3Uko9WHMKQikQGGBEX_Z7gGW0qMoZi1dpz7oI-S6lkBBFb2XcMpu2lFDuLynhwVdtW31zWKjIYiNO4Il5pk6oeKDi4osgAA; fpc=ApV4JmTdcc9Ov1ao0UwbW8unhCFWAQAAAPbMFtsOAAAAmYfW1wEAAACpzhbbDgAAAA; clrc={%2219325%22%3a[%221IBdcAHj%22%2c%22+SjF/0ga%22%2c%22GVi4Gr9C%22]}
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         20.190.160.13
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Encoding: gzip
Expires: -1
Location: https://www.office.com/login#
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 6a8b36c0-29c7-4b04-9d80-ebe224575601
x-ms-ests-server: 2.1.14167.14 - EUS ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: fpc=ApV4JmTdcc9Ov1ao0UwbW8s; expires=Wed, 28-Dec-2022 16:13:11 GMT; path=/; secure; HttpOnly; SameSite=None esctx=AQABAAAAAAD--DLA3VO7QrddgJg7Wevr1-B3gwhpHBACJuMJgRP4jii7w-6FV8fYkdK8To137IVE17SfTPBrUAjVb9VDayi3u9JMw0WnUgsuQZmRo-SEQ-JINu3F1IrzsQDP3z2ZokzfWdW4DGiE0JnNWPGJa7HVYJ3A0WCg2TmMWejZ-7BiufrQHWFQOExTZaJR9poslRHD1RabfGXDHak8VTouqo1SBB_ipKpqO4FiK8rp383SrlHuKD82z5-6eBLj5Cw7CGUgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Mon, 28 Nov 2022 16:13:11 GMT
Content-Length: 133


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   133
Md5:    0f59d549024b6b9406b7a05dd80f8d8f
Sha1:   abd563eae7b9c4790d68e44ae34328e5caeb5ede
Sha256: 7d50cd41fed772cb6c53eef0f477c6b7b1f3599d48f21d151de408b4be88762a
                                        
                                            GET /login HTTP/1.1 
Host: www.office.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         13.107.6.156
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
content-encoding: gzip
location: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052487920940247.NWY5NjU2MjktZmM4OS00ZDE3LWJlYzQtZDA0ZjU1YjVjZTNkMGRmMTE1OGEtYzlmMi00Y2M1LWE2NTQtYzA1YTM3N2FiNDll&ui_locales=en-US&mkt=en-US&state=iGXWiKB1YUPHBx1xYZru6pVa0SFjpI-9Q7t6AeYRgP-LhWrMel-SNAXCk8u3WIKmFeNOo38OyBrlSqtfs6YK0bNa5ADOb-bpEQCgPiBh1M2c-hoZcDmd9FFti_5O0yGenDCh0uZj89u54EnVDQePhtVAGLPFn27RXrlA2QN88lxReyU2O_DT6UPt1V0tQm4GBz_Z6hjyillZghUV3Q9X7J3AqiJO0mRY-V6OgpoNZwdwqTtrz67RjBcLfvIEo_FQR2MnYNGFbvNdN8lR7of4ww&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0
vary: Accept-Encoding
set-cookie: OH.DCAffinity=OH-noe; expires=Tue, 29 Nov 2022 00:13:12 GMT; path=/; secure; samesite=none; httponly OH.FLID=7151c320-b654-4ca0-97c1-c72b650b54b3; expires=Tue, 28 Nov 2023 16:13:12 GMT; path=/; secure; samesite=none; httponly OH.SID=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/ .AspNetCore.OpenIdConnect.Nonce.prqjFqJzUdJr-rGda54QrsOv34SJ3vpNcQhkOG88BRpTQIlMVVevtMEgz5Fms_UjV3h81k_qsktUO09JgYBjPlgq_a7049Pr9Foz2MkXIaSkH8cdw9ZZbK499REATAWdlaGLPCHHT7VHmQ7bGmMHZOuBSt9gNw6Qty-DY35mfNfrHlL2Xnw5MwuydpWGfj4JFU_WtK2cBrs1Gd6rMw53eC2TbIqvrjbnbPyqb8w8c4dnu_8n-JulM0xXcIV9LWkW=N; expires=Mon, 28 Nov 2022 16:28:12 GMT; path=/; secure; samesite=none; httponly .AspNetCore.Correlation.OpenIdConnectV2.AovPTCW2iyNBciMLcVaWlT4Ns-DBstk1WXa8bM1Q49g=N; expires=Mon, 28 Nov 2022 16:28:12 GMT; path=/; secure; samesite=none; httponly MUID=1DCB58C0CACF66BA0E854AAACBC1671C; path=/; secure; expires=Sat, 23-Dec-2023 16:13:12 GMT; domain=office.com
request-context: appId=
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge,chrome=1
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: CE8018EC941E45A0BB9A20EF4BDE13E4 Ref B: SVG20EDGE0312 Ref C: 2022-11-28T16:13:12Z
date: Mon, 28 Nov 2022 16:13:11 GMT
content-length: 0
X-Firefox-Spdy: h2

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xlQFu4HrnfGqI8/Pk/Hb8Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         44.242.41.15
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: MleaHgXf2mxAiL0ze17TLhfah/g=

                                        
                                            GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638052487920940247.NWY5NjU2MjktZmM4OS00ZDE3LWJlYzQtZDA0ZjU1YjVjZTNkMGRmMTE1OGEtYzlmMi00Y2M1LWE2NTQtYzA1YTM3N2FiNDll&ui_locales=en-US&mkt=en-US&state=iGXWiKB1YUPHBx1xYZru6pVa0SFjpI-9Q7t6AeYRgP-LhWrMel-SNAXCk8u3WIKmFeNOo38OyBrlSqtfs6YK0bNa5ADOb-bpEQCgPiBh1M2c-hoZcDmd9FFti_5O0yGenDCh0uZj89u54EnVDQePhtVAGLPFn27RXrlA2QN88lxReyU2O_DT6UPt1V0tQm4GBz_Z6hjyillZghUV3Q9X7J3AqiJO0mRY-V6OgpoNZwdwqTtrz67RjBcLfvIEo_FQR2MnYNGFbvNdN8lR7of4ww&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0 HTTP/1.1 
Host: login.microsoftonline.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: brcap=0; MSFPC=GUID=27491a5fca0c436896bdbf20a1588da0&HASH=2749&LV=202205&V=4&LU=1652883922743; ESTSSSOTILES=1; AADSSOTILES=1; buid=0.AXYAzDURqmg3O0SfFtEPw4psAQ4On6D8Zd9OspRugBbh3BlbAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrGjFelfLyRcO8FXJ3Uko9WHMKQikQGGBEX_Z7gGW0qMoZi1dpz7oI-S6lkBBFb2XcMpu2lFDuLynhwVdtW31zWKjIYiNO4Il5pk6oeKDi4osgAA; fpc=ApV4JmTdcc9Ov1ao0UwbW8s; clrc={%2219325%22%3a[%221IBdcAHj%22%2c%22+SjF/0ga%22%2c%22GVi4Gr9C%22]}; esctx=AQABAAAAAAD--DLA3VO7QrddgJg7Wevr1-B3gwhpHBACJuMJgRP4jii7w-6FV8fYkdK8To137IVE17SfTPBrUAjVb9VDayi3u9JMw0WnUgsuQZmRo-SEQ-JINu3F1IrzsQDP3z2ZokzfWdW4DGiE0JnNWPGJa7HVYJ3A0WCg2TmMWejZ-7BiufrQHWFQOExTZaJR9poslRHD1RabfGXDHak8VTouqo1SBB_ipKpqO4FiK8rp383SrlHuKD82z5-6eBLj5Cw7CGUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         20.190.160.13
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msftauth.net>; rel=dns-prefetch, <https://aadcdn.msauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 6a8b36c0-29c7-4b04-9d80-ebe22c575601
x-ms-ests-server: 2.1.14167.14 - EUS ProdSlices
x-ms-clitelem: 1,0,0,,
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: buid=0.AXYAzDURqmg3O0SfFtEPw4psAQ4On6D8Zd9OspRugBbh3BlbAAA.AQABAAEAAAD--DLA3VO7QrddgJg7Wevr9NPlPMxrvjCT6zADbgrAhjk2VsJyps6mXF177FYJdg1VrYYdiuE5Dp95ky5XLwjlnYrXXM8anw8Va8a-IeWpDD_x4pDYFirTXyUVz5vH7SggAA; expires=Wed, 28-Dec-2022 16:13:12 GMT; path=/; secure; HttpOnly; SameSite=None fpc=ApV4JmTdcc9Ov1ao0UwbW8u8Ae7AAQAAABjVFtsOAAAA; expires=Wed, 28-Dec-2022 16:13:12 GMT; path=/; secure; HttpOnly; SameSite=None x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Mon, 28 Nov 2022 16:13:11 GMT
Content-Length: 17371


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28154), with CRLF, LF line terminators
Size:   17371
Md5:    85bcbc295893bf1a38c7bd7ad952be1f
Sha1:   9e9df833d95b0955203a6fea564766792a5f7854
Sha256: 4f6d34603a5921f3db689bc06238349ac35d4a382a34bc677dc4730d0ba432f8
                                        
                                            GET /ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: text/css
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 9931855
cache-control: public, max-age=31536000
content-md5: 9K2/nGCj75WAmmAI9nZNCA==
date: Mon, 28 Nov 2022 16:13:12 GMT
etag: 0x8DA7650B375AC9B
last-modified: Thu, 04 Aug 2022 19:37:00 GMT
server: ECAcc (ska/F7A0)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 5ecbd986-101e-0042-39ef-a82f4a000000
x-ms-version: 2009-09-19
content-length: 19970
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (61177)
Size:   19970
Md5:    f4adbf9c60a3ef95809a6008f6764d08
Sha1:   b55c98c403b111b494c1ece263dc06eabc0ab075
Sha256: 6a59a4f890ea26ef050b83d0722aafc3ad70ddbce706806381c4f159a5db7497
                                        
                                            GET /shared/1.0/content/js/ConvergedLogin_PCore_EmlqNhFd4o9dNZnCs3B4hA2.js HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: application/x-javascript
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 2762438
cache-control: public, max-age=31536000
content-md5: +5bQBhtTNpy0BtTIipcZHA==
date: Mon, 28 Nov 2022 16:13:12 GMT
etag: 0x8DAB3057C32C9F7
last-modified: Fri, 21 Oct 2022 01:42:16 GMT
server: ECAcc (ska/F69D)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 25d5a612-e01e-005b-3324-ea4940000000
x-ms-version: 2009-09-19
content-length: 112063
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64616)
Size:   112063
Md5:    fb96d0061b53369cb406d4c88a97191c
Sha1:   3f3a46be2aa9359d5dbcc139690ead7b2b9d3c3f
Sha256: 30d9721830a3e3fd6081d1c1697749498d884a7ddde2b2067b4dc0f316b073c4
                                        
                                            GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_d3vy5lccydbbvezk63apaq2.js HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: application/x-javascript
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 2762438
cache-control: public, max-age=31536000
content-md5: o2ZNOmwkgYqrPHmIZyrIjQ==
date: Mon, 28 Nov 2022 16:13:12 GMT
etag: 0x8DAB3044406C103
last-modified: Fri, 21 Oct 2022 01:33:32 GMT
server: ECAcc (ska/F68E)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 168e8020-b01e-009c-6a24-ea556b000000
x-ms-version: 2009-09-19
content-length: 14031
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (32022)
Size:   14031
Md5:    a3664d3a6c24818aab3c7988672ac88d
Sha1:   bcad829282d0d484c4310f30174ed003c3f85703
Sha256: 12294b12dbece57376bb417a6baa255de77953e773dc684a48db6f31bab2eab4
                                        
                                            GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: image/x-icon
                                        
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 15687484
cache-control: public, max-age=31536000
content-md5: EuPayFgGHQiAI7K9SOL6lg==
date: Mon, 28 Nov 2022 16:13:12 GMT
etag: 0x8D8731240E548EB
last-modified: Sun, 18 Oct 2020 03:02:30 GMT
server: ECAcc (ska/F738)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 99c0ded5-501e-0046-2297-74c4e6000000
x-ms-version: 2009-09-19
content-length: 17174
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Size:   17174
Md5:    12e3dac858061d088023b2bd48e2fa96
Sha1:   e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
Sha256: 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
                                        
                                            GET /ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
X-Moz: prefetch
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: text/css
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 9931855
cache-control: public, max-age=31536000
content-md5: 9K2/nGCj75WAmmAI9nZNCA==
date: Mon, 28 Nov 2022 16:13:12 GMT
etag: 0x8DA7650B375AC9B
last-modified: Thu, 04 Aug 2022 19:37:00 GMT
server: ECAcc (ska/F7A0)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 5ecbd986-101e-0042-39ef-a82f4a000000
x-ms-version: 2009-09-19
content-length: 19970
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (61177)
Size:   19970
Md5:    f4adbf9c60a3ef95809a6008f6764d08
Sha1:   b55c98c403b111b494c1ece263dc06eabc0ab075
Sha256: 6a59a4f890ea26ef050b83d0722aafc3ad70ddbce706806381c4f159a5db7497
                                        
                                            GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_d3vy5lccydbbvezk63apaq2.js HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
X-Moz: prefetch
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: application/x-javascript
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 2762438
cache-control: public, max-age=31536000
content-md5: o2ZNOmwkgYqrPHmIZyrIjQ==
date: Mon, 28 Nov 2022 16:13:12 GMT
etag: 0x8DAB3044406C103
last-modified: Fri, 21 Oct 2022 01:33:32 GMT
server: ECAcc (ska/F68E)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 168e8020-b01e-009c-6a24-ea556b000000
x-ms-version: 2009-09-19
content-length: 14031
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (32022)
Size:   14031
Md5:    a3664d3a6c24818aab3c7988672ac88d
Sha1:   bcad829282d0d484c4310f30174ed003c3f85703
Sha256: 12294b12dbece57376bb417a6baa255de77953e773dc684a48db6f31bab2eab4
                                        
                                            GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_bc2482665b7aae7b068e.js HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: application/x-javascript
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 6944806
cache-control: public, max-age=31536000
content-md5: 4Xt/SF4lC+Zsg96sCtMl3A==
date: Mon, 28 Nov 2022 16:13:12 GMT
etag: 0x8DA911B3D45D5FD
last-modified: Wed, 07 Sep 2022 21:52:20 GMT
server: ECAcc (ska/F75B)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: a2de98c6-901e-0088-131a-c401ef000000
x-ms-version: 2009-09-19
content-length: 5531
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (14775)
Size:   5531
Md5:    e17b7f485e250be66c83deac0ad325dc
Sha1:   3704b2bccccfdb8f1cf8ece34cde6cb2f09f5543
Sha256: 468935656f3fc735096c50dbf5244755bc9bfd805a4445c9fc1019d83e6df1bd
                                        
                                            GET /shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: image/gif
                                        
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 11969946
cache-control: public, max-age=31536000
content-md5: Fm3lNHEmUlOrOkVt7+baIw==
date: Mon, 28 Nov 2022 16:13:12 GMT
etag: 0x8D79A1B9F2C6EC8
last-modified: Thu, 16 Jan 2020 00:32:52 GMT
server: ECAcc (ska/F6F5)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: a3948ce7-501e-0003-5f66-962de5000000
x-ms-version: 2009-09-19
content-length: 2672
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 352 x 3\012- data
Size:   2672
Md5:    166de53471265253ab3a456defe6da23
Sha1:   17c6df4d7ccf1fa2c9efd716fbae0fc2c71c8d6d
Sha256: a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
                                        
                                            GET /shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: image/gif
                                        
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 8002999
cache-control: public, max-age=31536000
content-md5: tUCo5RgDcZLjLE/li/Lbqw==
date: Mon, 28 Nov 2022 16:13:12 GMT
etag: 0x8D79A1B9F8A840E
last-modified: Thu, 16 Jan 2020 00:32:52 GMT
server: ECAcc (ska/F76F)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 50c05674-b01e-0072-057a-baee33000000
x-ms-version: 2009-09-19
content-length: 3620
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 352 x 3\012- data
Size:   3620
Md5:    b540a8e518037192e32c4fe58bf2dbab
Sha1:   3047c1db97b86f6981e0ad2f96af40cdf43511af
Sha256: 8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
                                        
                                            GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8dc1586f19519d6b618f.js HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: application/x-javascript
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 6951789
cache-control: public, max-age=31536000
content-md5: xYMsa398BlO7oQWNFlhVpg==
date: Mon, 28 Nov 2022 16:13:12 GMT
etag: 0x8DA911B3D1A0EB6
last-modified: Wed, 07 Sep 2022 21:52:20 GMT
server: ECAcc (ska/F6E6)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: cb34e272-401e-000f-570a-c4e166000000
x-ms-version: 2009-09-19
content-length: 32180
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (33036)
Size:   32180
Md5:    c5832c6b7f7c0653bba1058d165855a6
Sha1:   76aa9a35af65314340a4626c6c59007abbf4a825
Sha256: e57c3e8430a632f0eed33f4fff534698bab803b69fabaa095f585ae490c18ec1
                                        
                                            GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: image/svg+xml
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 8953436
cache-control: public, max-age=31536000
content-md5: DhdidjYrlCeaRJJRG/y9mA==
date: Mon, 28 Nov 2022 16:13:12 GMT
etag: 0x8D7B007297AE131
last-modified: Wed, 12 Feb 2020 22:01:50 GMT
server: ECAcc (ska/F795)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 82e0eb20-701e-0011-72d5-b19fa0000000
x-ms-version: 2009-09-19
content-length: 673
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1864), with no line terminators
Size:   673
Md5:    0e176276362b94279a4492511bfcbd98
Sha1:   389fe6b51f62254bb98939896b8c89ebeffe2a02
Sha256: 9a2c174ae45cac057822844211156a5ed293e65c5f69e1d211a7206472c5c80c
                                        
                                            GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: image/svg+xml
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 27460130
cache-control: public, max-age=31536000
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
date: Mon, 28 Nov 2022 16:13:12 GMT
etag: 0x8D79A1B9F5E121A
last-modified: Thu, 16 Jan 2020 00:32:52 GMT
server: ECAcc (ska/F7B5)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 88a9f18f-c01e-0086-2c84-09c001000000
x-ms-version: 2009-09-19
content-length: 1435
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators
Size:   1435
Md5:    9f368bc4580fed907775f31c6b26d6cf
Sha1:   e393a40b3e337f43057eee3de189f197ab056451
Sha256: 7ecbba946c099539c3d9c03f4b6804958900e5b90d48336eea7e5a2ed050fa36
                                        
                                            GET /Me.htm?v=3 HTTP/1.1 
Host: login.live.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         20.190.160.12
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: max-age=315360000
Content-Encoding: gzip
Expires: Thu, 25 Nov 2032 16:13:12 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: R3_BL2
x-ms-request-id: 4aecd91d-1a5b-49d8-a49d-006b5ccb7e93
PPServer: PPV: 30 H: BL02EPF000066FF V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=6eb50693d35d4be2b2748c465f51a6c7; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly MSPRequ=id=N&lt=1669651992&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Mon, 28 Nov 2022 16:13:12 GMT
Content-Length: 1132


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
Size:   1132
Md5:    9c08f0f5b411918572bb176b56d4b747
Sha1:   12814f1ffd1c414337cfc57da7561f4386ec8b67
Sha256: d9f196403747ff4bbf6c3d61c7319f51e33be05825ac3b5200665e6e5ee26c0e
                                        
                                            GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: image/svg+xml
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 14570708
cache-control: public, max-age=31536000
content-md5: R2FAVxfpONfnQAuxVxXbHg==
date: Mon, 28 Nov 2022 16:13:13 GMT
etag: 0x8D8852A740F01B9
last-modified: Tue, 10 Nov 2020 03:41:05 GMT
server: ECAcc (ska/F695)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 61d031c2-901e-008e-5cbf-7ee72e000000
x-ms-version: 2009-09-19
content-length: 621
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1592), with no line terminators
Size:   621
Md5:    4761405717e938d7e7400bb15715db1e
Sha1:   76fed7c229d353a27db3257f5927c1eaf0ab8de9
Sha256: f7ed91a1dab5bb2802a7a3b3890df4777588ccbe04903260fba83e6e64c90ddf
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8455
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 16:13:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8455
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 16:13:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8455
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 16:13:13 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8885
x-amzn-requestid: 71b8367f-f79f-42a7-bcb8-c441a154babf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEFSeIAMF3rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-631b775d3430a8c30c3b4420;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jsmd6yxjJxLMEgv1jDa87iEoZXL2OuALsmUZ9Nxx1rUN-xOTdtN1-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 08:11:39 GMT
age: 28894
etag: "70c2a238f06ca7e56ef80c83738e081bf0de3330"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8885
Md5:    3a1a4e00f1f15827cf651f373863c379
Sha1:   70c2a238f06ca7e56ef80c83738e081bf0de3330
Sha256: 3d936e1f0c96297f121faece12d6f8173e12eed5087165cd4eefc0fab368419f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa78e81d9-dbc4-4911-9711-219f64026531.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10944
x-amzn-requestid: 8f48c27c-bbec-46f5-9c08-1cc804b9aff7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIbJ_FyvIAMFhrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63800bd9-2ffa8521241a5e5b0afc0935;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 00:27:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4YiBUU3kS0VrcVOwKXUHgIRygLLeXGp1TjBYDi6WwWWm6WMKktzfHg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:36:32 GMT
age: 63401
etag: "a23fd98701ac35cd8740d1f7a832118c770e20c8"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10944
Md5:    5e586c141835f4ac8819c55dcb811b4d
Sha1:   a23fd98701ac35cd8740d1f7a832118c770e20c8
Sha256: 4296f391f755a649897a2211f9072c69a0510e43a313674908bb0a771b12650e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I6egDH0h7D08HhaoQHQ0vgghBhPfje2lGIbnWD-t7p4txzHsFxmZfg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 16:15:23 GMT
age: 86270
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8817
Md5:    741ddfb19764ac9a77509e7e87cfbfb2
Sha1:   308c08784ce4a0757cbd112807555b83e17a1d56
Sha256: e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:43 GMT
age: 66090
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10199
Md5:    2cd887044e91d7ed0f1a8d7119ff7dd0
Sha1:   ae8aa4ce6ddaccba771fe65446926b60fc5628da
Sha256: bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:16 GMT
age: 65517
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9430
Md5:    1f434933b5bd6377d299ada22d1ae7ef
Sha1:   075531f525e625b117b2497f31139c9824d0e9c5
Sha256: b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:26 GMT
age: 65507
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6376
Md5:    78b1389f425425d0450c94d900404dc4
Sha1:   53b12a8702f7c5b7cc697e2a24da824d9434be65
Sha256: 0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
                                        
                                            GET / HTTP/1.1 
Host: lmox-login-microsoftonline.fileed.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         142.93.32.110
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Mon, 28 Nov 2022 16:13:11 GMT
location: https://login.microsoftonline.com
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing