Report - hada-dot-sharepoint-azure.nn.r.appspot.com/

Report Overview

Submitted URL
hada-dot-sharepoint-azure.nn.r.appspot.com/
IP
142.250.74.52
ASN
#15169 GOOGLE
Submitted
2022-12-06 00:10:53
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
hada-dot-sharepoint-azure.nn.r.appspot.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	846 B	15 kB	142.250.74.52
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
aadcdn.msftauth.net	1455	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	123 kB	152.199.23.37
outlook.office365.com	51	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	587 B	2.7 kB	132.245.230.0
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.202.70.174
www.office.com	2755	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	537 B	10 kB	13.107.6.156
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
res-1.cdn.office.net	1093	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	434 B	82 kB	23.36.79.11
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	686 B	1.4 kB	216.58.211.3
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
logincdn.msauth.net	2330	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	480 B	2.1 kB	192.229.221.185
outlook.office.com	77	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	598 B	9.4 kB	132.245.230.0
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	26 kB	34.120.237.76
webshell.suite.office.com	540	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	574 B	7.0 kB	52.111.209.6
www.microsoft365.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	541 B	986 B	13.107.6.156

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-05	medium	hada-dot-sharepoint-azure.nn.r.appspot.com/	Outlook
2022-12-05	medium	hada-dot-sharepoint-azure.nn.r.appspot.com/	Outlook
2022-11-04	medium	www.microsoft365.com/	Office365

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-06	medium	hada-dot-sharepoint-azure.nn.r.appspot.com/	Phishing
2022-12-06	medium	hada-dot-sharepoint-azure.nn.r.appspot.com/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	webshell.suite.office.com/iframe/TokenFactoryIframe/Logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363	95 B	2023-03-07	2023-04-05
Pretty URL webshell.suite.office.com/iframe/TokenFactoryIframe/Logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363 IP 52.111.209.6 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:03 Last Seen2023-04-05 02:01:19 Times Seen35 Hash 2962df8aaa34aeb564fd275105291e8b 6e955defba659ec5907c731f39701adf86191830 2d59e8a555cbcb6d35c1ae1f8041f89b2c68513e12379901cbf6d2e21d9e03d3 Loading...

	hada-dot-sharepoint-azure.nn.r.appspot.com/	12 kB	2023-03-07	2023-04-05
Pretty URL hada-dot-sharepoint-azure.nn.r.appspot.com/ IP 142.250.74.52 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:03 Last Seen2023-04-05 02:01:19 Times Seen35 Hash a53b6ebab4076b789fbcb02418f11080 7dbb535eb5bd39a31ae9b27307ad0b8fc9715b43 55aa762de83e926e3209fc2c9fe9bf3f86a57f96c3f0304e32211358a3737c96 Loading...

	aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_ynywyfekfmsp3ljup2epra2.js	180 kB	2023-03-07	2024-04-04
Pretty URL aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_ynywyfekfmsp3ljup2epra2.js IP 152.199.23.37 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:06:17 Last Seen2024-04-04 19:22:34 Times Seen170 Hash 6276306057a47e6b29dcb8d4a7612944 79388d53786849c4e522f423a47cf1e3f519ec89 4a3c3d489ffcf962a1279ebe7e1ba3582e4debffdde6ef9a0ff2b4bd839a53b9 Loading...

	hada-dot-sharepoint-azure.nn.r.appspot.com/	324 B	2023-03-07	2023-04-05
Pretty URL hada-dot-sharepoint-azure.nn.r.appspot.com/ IP 142.250.74.52 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:03 Last Seen2023-04-05 02:01:19 Times Seen35 Hash c3f1b439f15bee63982d1919e5a3f882 76007122f247e3a7502520a762040c6bbbc2e010 c00a8e6ee07c602a8aae30e6d60c64e541cb431bc583ebf692933bad871e6cb4 Loading...

	hada-dot-sharepoint-azure.nn.r.appspot.com/	2.3 kB	2023-03-07	2023-04-05
Pretty URL hada-dot-sharepoint-azure.nn.r.appspot.com/ IP 142.250.74.52 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:03 Last Seen2023-04-05 02:01:19 Times Seen35 Hash cb391bf0a6b8036f9265872540440b32 7d2ecf4f827a2648be53f50955e3763620670341 1bc38b8303fea7e168c6e3bd07461331693cf274b93df7da9d685c10d3a0e4ee Loading...

	hada-dot-sharepoint-azure.nn.r.appspot.com/	121 B	2023-03-07	2023-04-12
Pretty URL hada-dot-sharepoint-azure.nn.r.appspot.com/ IP 142.250.74.52 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:03 Last Seen2023-04-12 02:16:50 Times Seen36 Hash f4ee4c9b66372aa6b552b604eba43f9b e61dedaeecb59cdc1d79045a4e9ba5a08edca32a 63839b9f868fe79148349ae318d93f31eb4c7745e72eb23a24e5c0f97e87f7f6 Loading...

	hada-dot-sharepoint-azure.nn.r.appspot.com/	4.7 kB	2023-03-07	2023-04-05
Pretty URL hada-dot-sharepoint-azure.nn.r.appspot.com/ IP 142.250.74.52 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:03 Last Seen2023-04-05 02:01:19 Times Seen35 Hash cd7c94fecd0c22f307c3af6a546144b8 11d287630618ad2179502c55aa314726f52c71c8 b6345d9d8ae49f21d37751e8643581074f3502c41b5537970d5f658616e14fc8 Loading...

	www.office.com/logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363	1.1 kB	2023-03-08	2023-04-05
Pretty URL www.office.com/logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363 IP 13.107.6.156 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:19:26 Last Seen2023-04-05 02:01:19 Times Seen35 Hash d69a9605c07890e2c0a494b61f5fe9f3 e8a94fe55864d2e2b300433a8f3d9caa3bc73a52 13fa7ad49b40e68e4cba5501415d1d2db664f446dbc3281294780673efba1f05 Loading...

	res-1.cdn.office.net/shellux/suiteux.shell.msaltokenfactoryiframe.c8ed55a2f40c1d5f04e9.js	422 kB	2023-03-08	2023-03-26
Pretty URL res-1.cdn.office.net/shellux/suiteux.shell.msaltokenfactoryiframe.c8ed55a2f40c1d5f04e9.js IP 23.36.79.11 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:30:36 Last Seen2023-03-26 09:09:28 Times Seen2 Hash 431b23585d4da4a5d3062cb2fcd051d2 bc087393373f1720be672495e11905edf486b4ce 9702145dfffa1b5feb266f9eafedf55d39d9825d00a46793f0e1a4bb7dfe3062 Loading...

	hada-dot-sharepoint-azure.nn.r.appspot.com/	53 kB	2023-03-08	2023-03-12
Pretty URL hada-dot-sharepoint-azure.nn.r.appspot.com/ IP 142.250.74.52 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:55:51 Last Seen2023-03-12 12:53:56 Times Seen1 Hash ef7949a30454c26ef3724bb6741343e3 8d4c79f03d3d74395252ba0bcab9828623dce771 1b11187a66011c59b96f19a7e57940f6bc2d6b948da8ac15dc40880b882d3484 Loading...

	hada-dot-sharepoint-azure.nn.r.appspot.com/	9.9 kB	2023-03-07	2023-04-05
Pretty URL hada-dot-sharepoint-azure.nn.r.appspot.com/ IP 142.250.74.52 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:03 Last Seen2023-04-05 02:01:19 Times Seen34 Hash 812bae5457c6110086ec1e0450765245 24548b66960b4140966f39ac612e46841108f08d 3aca5fc8a2db312a4e4cd68421d3547a43b4a1ffacaad33f901fdc75562748bc Loading...

	aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.1.11.min__yok_chwseypwbmuffnnaa2.js	112 kB	2023-03-07	2024-01-27
Pretty URL aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.1.11.min__yok_chwseypwbmuffnnaa2.js IP 152.199.23.37 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:03 Last Seen2024-01-27 05:00:29 Times Seen71 Hash e7a346c4c18ebb88c3b495bc26be0248 de09298fdb7b4f0279a93a887dae1480fb9796b5 f82a57ff1a575f8b34eb69a1fdc4df48d3da854088ba75ec828cf5e672fbde5a Loading...

		Size	First Seen	Last Seen
	#1 Write - 6cba01c379f20e80e79ef293df8c40cf	34 kB	2023-03-08	2023-03-12
Pretty Observations First Seen2023-03-08 19:55:51 Last Seen2023-03-12 12:53:56 Times Seen1 Hash 6cba01c379f20e80e79ef293df8c40cf b91a4d196af7775bb5f877ad161c29eabb4c09d2 0ed50ccc5db024244f6e03e58072d1d4ee75c5cd77fc803a29d5294068cae4af Loading...

HTTP Transactions (32)

URL IP Response Size

hada-dot-sharepoint-azure.nn.r.appspot.com/

142.250.74.52

302 Found

0 B

URL HTTP/1.1
hada-dot-sharepoint-azure.nn.r.appspot.com/
IP
142.250.74.52:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Outlook
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: hada-dot-sharepoint-azure.nn.r.appspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Location: https://hada-dot-sharepoint-azure.nn.r.appspot.com/
X-Cloud-Trace-Context: 6c92a7ef47eac5f5a36f6ebfe62a279f
Date: Tue, 06 Dec 2022 00:10:41 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10264
Expires: Tue, 06 Dec 2022 03:01:46 GMT
Date: Tue, 06 Dec 2022 00:10:42 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1747
Cache-Control: max-age=125384
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 00:10:42 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 11:00:26 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12755
Expires: Tue, 06 Dec 2022 03:43:17 GMT
Date: Tue, 06 Dec 2022 00:10:42 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 23:18:31 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3131
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: sjBLD/p9yzgvo5OlZTWEZqpcKZ2OyWIAni2xZtndFAWv5KRC3tv9FbMjpQ9TfuwRRwdZXLFI3YQ=
x-amz-request-id: 6P234JKE9PM7A77D
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 23:46:52 GMT
age: 1430
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c820a1a94ebf289760de4ba4c5b0b58c
d7a3e823d445cdd0a63e6613699f64d457771fd7
18a6ba2be680be6585364a23a8704030d8de3c1f8a4844a84eae135733da7359

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 00:10:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 00:10:42 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

hada-dot-sharepoint-azure.nn.r.appspot.com/

142.250.74.52

200 OK

15 kB

URL HTTP/2
hada-dot-sharepoint-azure.nn.r.appspot.com/
IP
142.250.74.52:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (52801)
Size
15 kB (14563 bytes)
Hash
62c9adf69c7e76e3f0a813d1786baa28
4d7bd647768c3adb2eb0e887ee56ae435904489f
715cb305b9567ba72e0f7b6135a4fd6843c51d3e5463fa3712bc53b9f30785e6

Detections

Analyzer	Verdict	Alert
openphish	Outlook
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: hada-dot-sharepoint-azure.nn.r.appspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html
content-encoding: gzip
x-cloud-trace-context: 6a0cc35c4369556fe2674373e2afa30c
vary: Accept-Encoding
date: Tue, 06 Dec 2022 00:10:42 GMT
server: Google Frontend
cache-control: private
content-length: 14563
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8ace002fd6bb2277ece7bc9ca8095679
b6dde9ca9189901f7dddcdca90bb93f01b9cb7e1
77a06a2bd687d6cf4b8b871d1871ced4a40f81c30dc7059564d0ab98cf9d5e00

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 00:10:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_59_uuouser7hrkmvbaz1jw2.css

152.199.23.37

200 OK

20 kB

URL HTTP/2
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_59_uuouser7hrkmvbaz1jw2.css
IP
152.199.23.37:0
ASN
#15133 EDGECAST

File type
ASCII text, with very long lines (61177)
Size
20 kB (19771 bytes)
Hash
6e3a82201f6b30464003c4eb38a44681
3962e31e0672345e8a2061dd8f99400d07c53fe6
1a22cd11ac7403823fd6dad25dfafeb65bb1dd01eed1723dcbf59c8de9b3d8fd

HTTP Headers

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_59_uuouser7hrkmvbaz1jw2.css HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hada-dot-sharepoint-azure.nn.r.appspot.com
Connection: keep-alive
Referer: https://hada-dot-sharepoint-azure.nn.r.appspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 12089114
cache-control: public, max-age=31536000
content-md5: bjqCIB9rMEZAA8TrOKRGgQ==
content-type: text/css
date: Tue, 06 Dec 2022 00:10:42 GMT
etag: 0x8D872D16C711C33
last-modified: Sat, 17 Oct 2020 19:18:26 GMT
server: ECAcc (ska/F6B6)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: ab49b811-201e-0093-2914-9b6a88000000
x-ms-version: 2009-09-19
content-length: 19771
X-Firefox-Spdy: h2

aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_ynywyfekfmsp3ljup2epra2.js

152.199.23.37

200 OK

44 kB

URL HTTP/2
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_ynywyfekfmsp3ljup2epra2.js
IP
152.199.23.37:0
ASN
#15133 EDGECAST

File type
ASCII text, with very long lines (778)
Size
44 kB (44333 bytes)
Hash
ed9aff44730dcc78628c87358c3610ff
ee6296bdabe0e49f8378e3a318c0e3d5fac641f4
bb55d26b0410b346e0e9f9cfa8756db707a341a2f37143bd2f8cf30467611949

HTTP Headers

GET /ests/2.1/content/cdnbundles/aad.login.min_ynywyfekfmsp3ljup2epra2.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hada-dot-sharepoint-azure.nn.r.appspot.com
Connection: keep-alive
Referer: https://hada-dot-sharepoint-azure.nn.r.appspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 25654816
cache-control: public, max-age=31536000
content-md5: 7Zr/RHMNzHhijIc1jDYQ/w==
content-type: application/x-javascript
date: Tue, 06 Dec 2022 00:10:42 GMT
etag: 0x8D876CB187B0320
last-modified: Thu, 22 Oct 2020 20:43:13 GMT
server: ECAcc (ska/F773)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 08295444-a01e-0090-05b2-1f99e8000000
x-ms-version: 2009-09-19
content-length: 44333
X-Firefox-Spdy: h2

aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.1.11.min__yok_chwseypwbmuffnnaa2.js

152.199.23.37

200 OK

39 kB

URL HTTP/2
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.1.11.min__yok_chwseypwbmuffnnaa2.js
IP
152.199.23.37:0
ASN
#15133 EDGECAST

File type
ASCII text, with very long lines (733)
Size
39 kB (38927 bytes)
Hash
ae1fda14627a551f3d68375367b86875
473fa18585c4dd69703a8c090b1684996ff368bc
e6ba42dfe48539973b5e161e172e1ee66fa648c2483edf3ab39933ebdd2b2b1b

HTTP Headers

GET /ests/2.1/content/cdnbundles/jquery.1.11.min__yok_chwseypwbmuffnnaa2.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hada-dot-sharepoint-azure.nn.r.appspot.com
Connection: keep-alive
Referer: https://hada-dot-sharepoint-azure.nn.r.appspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 13161121
cache-control: public, max-age=31536000
content-md5: rh/aFGJ6VR89aDdTZ7hodQ==
content-type: application/x-javascript
date: Tue, 06 Dec 2022 00:10:42 GMT
etag: 0x8D876CB2080AB77
last-modified: Thu, 22 Oct 2020 20:43:26 GMT
server: ECAcc (ska/F7B9)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 36fc386b-b01e-0072-3e54-91ee33000000
x-ms-version: 2009-09-19
content-length: 38927
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 00:08:58 GMT
cache-control: public,max-age=3600
age: 104
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

192.229.221.185

200 OK

1.4 kB

URL HTTP/2
logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
IP
192.229.221.185:0
ASN
#15133 EDGECAST

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators
Size
1.4 kB (1435 bytes)
Hash
9f368bc4580fed907775f31c6b26d6cf
e393a40b3e337f43057eee3de189f197ab056451
7ecbba946c099539c3d9c03f4b6804958900e5b90d48336eea7e5a2ed050fa36

HTTP Headers

GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hada-dot-sharepoint-azure.nn.r.appspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 28093599
cache-control: public, max-age=31536000
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
content-type: image/svg+xml
date: Tue, 06 Dec 2022 00:10:42 GMT
etag: 0x8D79ED29CF0C29A
last-modified: Wed, 22 Jan 2020 00:32:50 GMT
server: ECAcc (ska/F7B5)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 19798150-401e-0009-5a84-0907a7000000
x-ms-version: 2009-09-19
content-length: 1435
X-Firefox-Spdy: h2

aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

152.199.23.37

200 OK

17 kB

URL HTTP/2
aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
IP
152.199.23.37:0
ASN
#15133 EDGECAST

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hada-dot-sharepoint-azure.nn.r.appspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 16320934
cache-control: public, max-age=31536000
content-md5: EuPayFgGHQiAI7K9SOL6lg==
content-type: image/x-icon
date: Tue, 06 Dec 2022 00:10:42 GMT
etag: 0x8D8731240E548EB
last-modified: Sun, 18 Oct 2020 03:02:30 GMT
server: ECAcc (ska/F738)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 99c0ded5-501e-0046-2297-74c4e6000000
x-ms-version: 2009-09-19
content-length: 17174
X-Firefox-Spdy: h2

outlook.office365.com/owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363

132.245.230.0

302 Found

264 B

URL HTTP/1.1
outlook.office365.com/owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363
IP
132.245.230.0:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
264 B (264 bytes)
Hash
52bcded6ad060df3b7f25c411ea490d4
98bae55e192c1cc5b6bea81d6450136dbacf66e2
dcf760270ec58313134c7b9d11b4def7a1e3a840e6a294700736ea622c8b10e7

HTTP Headers

GET /owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363 HTTP/1.1
Host: outlook.office365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hada-dot-sharepoint-azure.nn.r.appspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://outlook.office.com/owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363&pngSites=none
Server: Microsoft-IIS/10.0
request-id: 047b3687-0fe7-0430-cfde-76e47777d965
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: UserContext=; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
DefaultAnchorMailbox=; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
O365Consumer=; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
HostSwitchPrg=; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
SdfV2LDomain=; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
OptInPrg=; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
LI=; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
UserContext=; domain=outlook.office365.com; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
SuiteServiceProxyKey=; domain=outlook.office365.com; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
DefaultAnchorMailbox=; domain=outlook.office365.com; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
O365Consumer=; domain=outlook.office365.com; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
HostSwitchPrg=; domain=outlook.office365.com; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
SdfV2LDomain=; domain=outlook.office365.com; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
OptInPrg=; domain=outlook.office365.com; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
LI=; domain=outlook.office365.com; expires=Sun, 06-Dec-1992 00:10:42 GMT; path=/; secure
RPSAuth=; domain=outlook.office365.com; expires=Thu, 30-Oct-1980 16:00:00 GMT; path=/;SameSite=None
RPSSecAuth=; domain=outlook.office365.com; expires=Thu, 30-Oct-1980 16:00:00 GMT; path=/;SameSite=None; secure
RPSClearCT=; domain=outlook.office365.com; expires=Thu, 30-Oct-1980 16:00:00 GMT; path=/;SameSite=None; secure
X-FirstHopCafeEFZ: GVX
X-FEProxyInfo: GV2PEPF00000106.SWEP280.PROD.OUTLOOK.COM
X-FEEFZInfo: GVX
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:10:42 GMT
Content-Length: 264

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1722
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 00:10:43 GMT
Last-Modified: Mon, 05 Dec 2022 23:42:01 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

res-1.cdn.office.net/shellux/suiteux.shell.msaltokenfactoryiframe.c8ed55a2f40c1d5f04e9.js

23.36.79.11

200 OK

82 kB

URL HTTP/2
res-1.cdn.office.net/shellux/suiteux.shell.msaltokenfactoryiframe.c8ed55a2f40c1d5f04e9.js
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (26620)
Size
82 kB (81797 bytes)
Hash
c438664aefe6f39e9e79e30513eee672
61d872081606a15de43d77b9a5a5491a0371ba61
345bb60d7a84f2719080ccaf1e48d24880ab07594ffc2f91b2df380a6217238a

HTTP Headers

GET /shellux/suiteux.shell.msaltokenfactoryiframe.c8ed55a2f40c1d5f04e9.js HTTP/1.1
Host: res-1.cdn.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webshell.suite.office.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 81797
last-modified: Tue, 18 Oct 2022 19:50:00 GMT
x-ms-request-id: 0ce728c6-e01e-0049-71e1-e7bd7c000000
content-encoding: br
cache-control: max-age=630720000
date: Tue, 06 Dec 2022 00:10:43 GMT
x-content-type-options: nosniff
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
x-cdn-provider: Akamai
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.202.70.174

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.202.70.174:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: YqKA45wODd7BFy3VN58tlw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: H4XNhgDEfSQjA3J86vNKVX0B+aE=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10155
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 00:10:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10155
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 00:10:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10155
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 00:10:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10155
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 00:10:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10155
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 00:10:44 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6352 bytes)
Hash
ebd3528452aecd80e39bbf82d3f71f2c
eaa956309d27052d466f7c4bd75b3bdf8443f251
680066dadbddc2cd7179ad5bdfbf9b2014ea601561e585d18dfcda73512ae84a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6352
x-amzn-requestid: cd970b83-2a99-4e38-afed-580d733040a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuWF1bIAMFcpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-1ba552306e857bb37424d679;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: P9Yc2Lh9Kw4AEDZyc9R9WExLdUnCitDeuy0NjttQM-EL1cdVndZxFA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:30:36 GMT
age: 6008
etag: "eaa956309d27052d466f7c4bd75b3bdf8443f251"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.office.com/logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363

13.107.6.156

200 OK

9.2 kB

URL HTTP/2
www.office.com/logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363
IP
13.107.6.156:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
data
Size
9.2 kB (9236 bytes)
Hash
52719b094b2a083e3c3d967d66a31ecb
3f905e83cf56b368d203f674f295a6bfc9fecb2c
7fb316872dc22510447202ffe2e9529ca84118720bc639d57639c540f7dd966e

HTTP Headers

GET /logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363 HTTP/1.1
Host: www.office.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hada-dot-sharepoint-azure.nn.r.appspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
set-cookie: OH.SID=9548160c-1776-432a-84ed-ab97aac6a1ce; path=/; secure; samesite=none; httponly
OH.DCAffinity=OH-noe; expires=Tue, 06 Dec 2022 08:10:42 GMT; path=/; secure; samesite=none; httponly
OH.FLID=2d563d8e-2bf0-4d26-a203-6148c9218f9f; expires=Wed, 06 Dec 2023 00:10:42 GMT; path=/; secure; samesite=none; httponly
UserIndex=; expires=Mon, 05 Dec 2022 00:10:42 GMT; path=/; secure; samesite=none; httponly
request-context: appId=
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 76C3B801EAF14F2499F270AAC669BAD5 Ref B: SVG20EDGE0315 Ref C: 2022-12-06T00:10:42Z
date: Tue, 06 Dec 2022 00:10:42 GMT
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5273 bytes)
Hash
49c08cd33e41826af9dd4a8a912e0ddf
bde85bd98858e4b13484a9cc3263b4db7fb5d348
43471e7b4da8e4e58b842d05cb073ef150ff119eaa6890c86162f03a140459cf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5273
x-amzn-requestid: 5ab71aaf-6757-46dc-86fc-0a866958d22f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSz2EqfIAMFqng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e5-15ae9d330e005f547161b4df;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xcEI729NEfORs3fT_fHi-BkyqA1sHl0dA6fAGd9hYkJNePUlM4vKQg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:05:52 GMT
age: 7492
etag: "bde85bd98858e4b13484a9cc3263b4db7fb5d348"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

webshell.suite.office.com/iframe/TokenFactoryIframe/Logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363

52.111.209.6

200 OK

6.4 kB

URL HTTP/2
webshell.suite.office.com/iframe/TokenFactoryIframe/Logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363
IP
52.111.209.6:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
data
Size
6.4 kB (6416 bytes)
Hash
779820974726ab12ded685710bfc35e9
0bacaf5f370b7e458b2fb71b15378c78dce1bdbe
74a333528b4db0e341258acbb634d225338131907fada9b0f5101cdc9246672b

HTTP Headers

GET /iframe/TokenFactoryIframe/Logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363 HTTP/1.1
Host: webshell.suite.office.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hada-dot-sharepoint-azure.nn.r.appspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html; charset=utf-8
date: Tue, 06 Dec 2022 00:10:42 GMT
server: Kestrel
cache-control: private,max-age=3600
x-content-type-options: nosniff
strict-transport-security: max-age=2592000
content-security-policy: default-src 'none'; frame-src *; script-src https://res-1.cdn.office.net https://shell.cdn.office.net 'nonce-+e8CtRFME8QUONXjWPM3jAmALr9WqaLTY8g1v4xK4qs=' 'unsafe-inline'; connect-src *;
cross-origin-resource-policy: cross-origin
x-o365suiteuxshell-correlationid: e30567c3-7aa4-49aa-ba89-87ce0f335546
X-Firefox-Spdy: h2

outlook.office.com/owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363&pngSites=none

132.245.230.0

200 OK

7.2 kB

URL HTTP/2
outlook.office.com/owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363&pngSites=none
IP
132.245.230.0:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
GIF image data, version 89a, 16 x 16\012- data
Size
7.2 kB (7183 bytes)
Hash
90d59ebff19cfb584cff7f80364b4da6
e013ec8e96161c85ef1c8628fa6f1fce46e695b9
0cd7fd58e43c84d6d8c45412eb23fe050eb91415bfa7b39708bb6ef759a0d09c

HTTP Headers

GET /owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363&pngSites=none HTTP/1.1
Host: outlook.office.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hada-dot-sharepoint-azure.nn.r.appspot.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: private
content-type: image/gif
server: Microsoft-IIS/10.0
request-id: c74b3a35-5c42-5f07-fbab-20f02800e201
strict-transport-security: max-age=31536000; includeSubDomains; preload
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
x-aspnet-version: 4.0.30319
set-cookie: UserContext=; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
DefaultAnchorMailbox=; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
O365Consumer=; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
HostSwitchPrg=; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
SdfV2LDomain=; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
OptInPrg=; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
LI=; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
UserContext=; domain=outlook.office.com; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
SuiteServiceProxyKey=; domain=outlook.office.com; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
DefaultAnchorMailbox=; domain=outlook.office.com; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
O365Consumer=; domain=outlook.office.com; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
HostSwitchPrg=; domain=outlook.office.com; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
SdfV2LDomain=; domain=outlook.office.com; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
OptInPrg=; domain=outlook.office.com; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
LI=; domain=outlook.office.com; expires=Sun, 06-Dec-1992 00:10:43 GMT; path=/; secure
RPSAuth=; domain=outlook.office.com; expires=Thu, 30-Oct-1980 16:00:00 GMT; path=/;SameSite=None
RPSSecAuth=; domain=outlook.office.com; expires=Thu, 30-Oct-1980 16:00:00 GMT; path=/;SameSite=None; secure
RPSClearCT=; domain=outlook.office.com; expires=Thu, 30-Oct-1980 16:00:00 GMT; path=/;SameSite=None; secure
x-firsthopcafeefz: GVX
x-feproxyinfo: GV2PEPF000000F2.SWEP280.PROD.OUTLOOK.COM
x-feefzinfo: GVX
x-powered-by: ASP.NET
date: Tue, 06 Dec 2022 00:10:42 GMT
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11224 bytes)
Hash
b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 6455
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.microsoft365.com/logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363&from=logout

13.107.6.156

200 OK

0 B

URL HTTP/2
www.microsoft365.com/logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363&from=logout
IP
13.107.6.156:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

GET /logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363&from=logout HTTP/1.1
Host: www.microsoft365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.office.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
set-cookie: OH.SID=89ec2b50-c568-47b3-905c-73b04e4bd133; path=/; secure; samesite=none; httponly
OH.DCAffinity=OH-noe; expires=Tue, 06 Dec 2022 08:10:43 GMT; path=/; secure; samesite=none; httponly
OH.FLID=b037c687-a594-494a-adaf-5353bee1ea6b; expires=Wed, 06 Dec 2023 00:10:43 GMT; path=/; secure; samesite=none; httponly
UserIndex=; expires=Mon, 05 Dec 2022 00:10:43 GMT; path=/; secure; samesite=none; httponly
request-context: appId=
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 6D7188DAD2224272A6CC0FE9EB2AB9FA Ref B: SVG20EDGE0315 Ref C: 2022-12-06T00:10:43Z
date: Tue, 06 Dec 2022 00:10:42 GMT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations