Report - t.infomail.microsoft.com/r/?id=hb2587504,57274842,57274848&e=b2NpZD1jbW1qNmxlN2s1bg&s=v76RfHJGvW42MQSvfHcRWtDWkSSe2-Yew18Xc9

Report Overview

Visited public
2025-05-19 14:06:27
Tags
suspicious
Submit Tags
URL
t.infomail.microsoft.com/r/?id=hb2587504,57274842,57274848&e=b2NpZD1jbW1qNmxlN2s1bg&s=v76RfHJGvW42MQSvfHcRWtDWkSSe2-Yew18Xc9_3mFg
Finishing URL
login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1
IP / ASN
20.97.219.252
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Title
Sign in
Suspicious - Anti-debugging code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
browser.events.data.microsoft.com	290	1991-05-02	2018-05-25	2025-05-15	1.5 kB	1.7 kB	52.182.143.213
t.infomail.microsoft.com	unknown	1991-05-02	2021-11-10	2025-04-30	655 B	31 kB	20.97.219.252
onedrive.live.com	2251	1994-12-28	2014-02-19	2025-05-15	603 B	32 kB	13.107.137.11
logincdn.msauth.net	2330	2018-10-25	2019-04-23	2025-05-14	1.9 kB	2.0 MB	13.107.246.53
login.live.com	79	1994-12-28	2012-05-21	2025-05-15	2.3 kB	34 kB	40.126.53.18
fpt.live.com	58693	1994-12-28	2017-01-31	2025-05-17	3.1 kB	25 kB	52.167.30.171
df.cfp.microsoft.com	unknown	1991-05-02	2025-02-06	2025-05-17	1.1 kB	2.6 kB	52.167.30.171

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (15)

	URL	From	Size	First Seen	Last Seen
	login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1	ScriptElement	305 B	2024-06-28	2025-07-01
Pretty URL login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1 IP 40.126.53.18 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-28 09:11 Last Seen2025-07-01 03:22 Times Seen344 Hash cbe7b18bda13dbacb66eb8e2c444878a 337412296a63c982a3f612ea9f5d670bfd672d48 d65701172b38290d0e8cb97b145cd2e02cde593a6bd1a0811b84231dc7ef97f4 Loading...

	login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1	ScriptElement	250 B	2023-03-07	2025-07-01
Pretty URL login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1 IP 40.126.53.18 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:25 Last Seen2025-07-01 03:22 Times Seen1259 Hash 31726b85324d5d02fb7c6d8ea96988e3 e25a6e3372944a3788df8f36982700d9a7c552c4 6bb4231b11dd1282c63397c375c3b33bf2e35e61012989d98945f4046a8652ee Loading...

	logincdn.msauth.net/shared/5/js/login-fluent_en_yNTNpDyuLV2GSSromdPgmA2.js	ScriptElement	1.9 MB	2025-05-17	2025-05-19
Pretty URL logincdn.msauth.net/shared/5/js/login-fluent_en_yNTNpDyuLV2GSSromdPgmA2.js IP 13.107.246.53 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-17 10:03 Last Seen2025-05-19 14:06 Times Seen2 Hash c8d4cda43cae2d5d86492ae899d3e098 a9f55bca634c3d13ae47983a9060f2cb7c788e6f 55fc1617f08704cd3e5dfa11089fdb4402f8afb1ab0ba742efbfea83f4b87692 Loading...

	df.cfp.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=a192d83853554038b6e4cd271edf4ae8&id=e00a8657-4df2-9b54-c73b-48a336ceac77&w=8DD96DE4CD5D024&tkt=taBcrIH61PuCVH7eNCyH0F58uBDuZFZOunQHZt3FuglwWjgNqfnfwVSh%252bPx6Ap0SsniA26Ul89oxe0cgUzoR8rQ%252fwasL7C6%252bnHzqYpX0YHIxruvT%252fr6JowAOzobWtokcphfJuyzoa28gD3zFCVdeeORZwSRYwpc%252brMJGSjgEu%252bNtMjGhtDmyFFiXigNWZy2xlCtonX5ptDIHHbk3BZSHhrpSo9w4wLkAOzC4n6R2xSTOngSlCfD6O%252fRC8A3IccmqfrgpJn3OBZ4ttso2q1v%252fiw1fak%252f27yEJ2r5ET0FEMlwNJUrSttMopN29wp6Ppcro&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d	ScriptElement	2.1 kB	2025-05-19	2025-05-19
Pretty URL df.cfp.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=a192d83853554038b6e4cd271edf4ae8&id=e00a8657-4df2-9b54-c73b-48a336ceac77&w=8DD96DE4CD5D024&tkt=taBcrIH61PuCVH7eNCyH0F58uBDuZFZOunQHZt3FuglwWjgNqfnfwVSh%252bPx6Ap0SsniA26Ul89oxe0cgUzoR8rQ%252fwasL7C6%252bnHzqYpX0YHIxruvT%252fr6JowAOzobWtokcphfJuyzoa28gD3zFCVdeeORZwSRYwpc%252brMJGSjgEu%252bNtMjGhtDmyFFiXigNWZy2xlCtonX5ptDIHHbk3BZSHhrpSo9w4wLkAOzC4n6R2xSTOngSlCfD6O%252fRC8A3IccmqfrgpJn3OBZ4ttso2q1v%252fiw1fak%252f27yEJ2r5ET0FEMlwNJUrSttMopN29wp6Ppcro&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d IP 52.167.30.171 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-19 14:06 Last Seen2025-05-19 14:06 Times Seen1 Hash 0e10ba1d6dbb6bb0f862f7f9e4acbba5 e958a900bab969176a617a6fa9203e01534177c8 1be772e4553e4fac1e3fbab67a9ac1a547e09153775f49b38a63d751ccea8943 Loading...

	moz-extension://d85e0647-e326-4e89-b5cc-587e31d351d3/injections/js/bug1731825-office365-email-handling-prompt-autohide.js		995 B	2023-04-11	2025-07-01
Pretty URL moz-extension://d85e0647-e326-4e89-b5cc-587e31d351d3/injections/js/bug1731825-office365-email-handling-prompt-autohide.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 22:15 Last Seen2025-07-01 05:55 Times Seen52179 Hash 7c873167b5d35fd9f6690071701d4669 f897afe9818a00a80e98bdbc67e7f67343f89378 014e00e9c71f02f5892cda29da8fd08058817ebd57a12cfee75236874f4e889a Loading...

	login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1	ScriptElement	19 kB	2025-05-19	2025-05-19
Pretty URL login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1 IP 40.126.53.18 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-19 14:06 Last Seen2025-05-19 14:06 Times Seen1 Hash 55237763c5db5067e52753fa3f686b11 91f6bd9886669c7eace85d1de3dc1183650cd9d1 12405f3c42f8c20bb6c44a432924cf7a5d058a160c3c2c82d683b27ba7dfddba Loading...

	login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1	ScriptElement	5.0 kB	2025-05-03	2025-06-27
Pretty URL login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1 IP 40.126.53.18 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-03 17:01 Last Seen2025-06-27 20:09 Times Seen174 Hash 3a60f361aab57676d9eb787f5417b735 5220b03d8615f2368ebefec65d99a739e19f7689 3c1c75756e3807c8d874aeead34cbfcd442854572a1ee3296c53969c226aac40 Loading...

	login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1	ScriptElement	234 B	2025-05-19	2025-05-19
Pretty URL login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1 IP 40.126.53.18 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-19 14:06 Last Seen2025-05-19 14:06 Times Seen1 Hash 1395c4af25affbcf47f845237fd5ba4e c3ca9bb9b062ed210c5fd6e5d11d6540ed15dc6f d70f99f00b644bc5808435402764ee9f6249988842359421b4a2b8f19e60f2a6 Loading...

	logincdn.msauth.net/shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js	ScriptElement	91 kB	2024-09-28	2025-06-28
Pretty URL logincdn.msauth.net/shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js IP 13.107.246.53 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-28 07:41 Last Seen2025-06-28 11:03 Times Seen48 Hash 0babaf1d46acdfadc9fe4afa5c0354c3 3407bd2ee6afb10acd3dab966cf05c42fe4b1dcc 23ef819e5c8868fffb2c9c99201da945887de5ed5b260a81646be624f681ebf2 Loading...

	fpt.live.com/?session_id=a192d83853554038b6e4cd271edf4ae8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI	ScriptElement	24 kB	2025-05-19	2025-05-19
Pretty URL fpt.live.com/?session_id=a192d83853554038b6e4cd271edf4ae8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI IP 52.167.30.171 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-19 14:06 Last Seen2025-05-19 14:06 Times Seen1 Hash 649b842f620e6280034a4ef8ad61c848 97dfddba7f8ea36703852ca3ec55ac7ce203b960 84db202e49cc0c2fe25bf418124a81bcc783288781d588a270d1312152d2a31d Loading...

	fpt.live.com/?session_id=a192d83853554038b6e4cd271edf4ae8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI	ScriptElement	65 B	2024-09-13	2025-06-30
Pretty URL fpt.live.com/?session_id=a192d83853554038b6e4cd271edf4ae8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI IP 52.167.30.171 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-13 04:12 Last Seen2025-06-30 10:45 Times Seen541 Hash ea2a7fab47f70f4176924476503173e0 4d7eb33398294b7e29656f129fec293d539ef163 aa044ae300b85a34a814b20d122a0f26b288d2cf59e861f93b6f491110523a8a Loading...

	login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1	ScriptElement	896 B	2023-03-07	2025-07-01
Pretty URL login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1 IP 40.126.53.18 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-07-01 03:22 Times Seen864 Hash ea11dc29cc107ad5cddc5c6c6cb9b7d7 2663e82c5ee7b5a261668e2130983c774e15a1d8 da7c2ce0351c80a1f61bf9c04b316e5dbfdd15d9c107614f3581bde880ef5997 Loading...

	login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1	ScriptElement	1.6 kB	2025-05-01	2025-07-01
Pretty URL login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1 IP 40.126.53.18 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-01 11:12 Last Seen2025-07-01 03:22 Times Seen32 Hash b7188d9761ade13b41a8566366285230 b40990ca018253cedb67f548beafeed1ccbd11d2 a7db0e4b691edb007126d9f3dbd33aaa7d038cd6a1918502f94418cd3c307e58 Loading...

	moz-extension://d85e0647-e326-4e89-b5cc-587e31d351d3/injections/js/bug1731825-office365-email-handling-prompt-autohide.js		995 B	2023-04-11	2025-07-01
Pretty URL moz-extension://d85e0647-e326-4e89-b5cc-587e31d351d3/injections/js/bug1731825-office365-email-handling-prompt-autohide.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 22:15 Last Seen2025-07-01 05:55 Times Seen52179 Hash 7c873167b5d35fd9f6690071701d4669 f897afe9818a00a80e98bdbc67e7f67343f89378 014e00e9c71f02f5892cda29da8fd08058817ebd57a12cfee75236874f4e889a Loading...

		Size	First Seen	Last Seen
	#1 Write - 17f9348502ec1258ea8f0f5d8de86f2f	115 B	2025-05-19 14:06	2025-05-19 14:06
Pretty Observations First Seen2025-05-19 14:06 Last Seen2025-05-19 14:06 Times Seen1 Hash 17f9348502ec1258ea8f0f5d8de86f2f c15cdf597b45586d484d1cc3870c0e13809c6a2a fe3183b9fe6fc5f5da1a95cfac598263caccc8fe2faf35f500dfdef66cd20f4b Loading...

HTTP Transactions (13)

URL IP Response Size

GET logincdn.msauth.net/shared/5/images/fluent_web_light_57fee22710b04cebe1d5.svg

13.107.246.53

200 OK

44 kB

URL GET
logincdn.msauth.net/shared/5/images/fluent_web_light_57fee22710b04cebe1d5.svg
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
FingerprintDC:19:07:B7:F6:C4:4B:9C:0D:4F:8E:DF:40:A0:4A:C3:11:C4:95:50
ValidityMon, 24 Feb 2025 00:32:34 GMT - Sat, 23 Aug 2025 00:32:34 GMT

File type
SVG Scalable Vector Graphics image
Size
44 kB (44327 bytes)
Hash
57fee22710b04cebe1d5fccfc40a2850
63f32442fd8c75956896b9677efb45c342fbc87d
e122dfeee73db9cb846feea1467b85edb1ae624556c643a9c9cc41056508901b

HTTP Headers

GET /shared/5/images/fluent_web_light_57fee22710b04cebe1d5.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 19 May 2025 14:06:06 GMT
content-type: image/svg+xml
content-length: 6213
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Sat, 15 Mar 2025 01:20:06 GMT
etag: "0x8DD635F852A6C38"
x-ms-request-id: 017e81ad-a01e-0000-2df5-c6c356000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-Range,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
x-azure-ref: 20250519T140606Z-15f95fb758cnmf9nhC1SVG56ws0000000600000000006yky
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

POST login.live.com/GetExperimentAssignments.srf

40.126.53.18

200 OK

227 B

URL POST
login.live.com/GetExperimentAssignments.srf
IP
40.126.53.18:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1
Certificate
IssuerDigiCert Inc
Subjectlogin.live.com
FingerprintF3:FC:DC:56:81:70:0E:4E:C8:7F:DC:C8:C1:9C:29:48:47:7F:1B:08
ValiditySun, 16 Mar 2025 00:00:00 GMT - Tue, 16 Sep 2025 23:59:59 GMT

File type
JSON text data
Size
227 B (227 bytes)
Hash
22bffb87e0cce2509fe84baa27a70089
c943727523b5640cd56188090a45e4aff0502f1a
869130cfe53597643d715b12432d0435fe7bf24946552fb035e89fb25ba70f6e

HTTP Headers

POST /GetExperimentAssignments.srf HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1
hpgid: 33
hpgact: 0
correlationId: a192d83853554038b6e4cd271edf4ae8
client-request-id: a192d83853554038b6e4cd271edf4ae8
Content-Type: application/json; charset=utf-8
Content-Length: 1046
Origin: https://login.live.com
DNT: 1
Connection: keep-alive
Cookie: uaid=a192d83853554038b6e4cd271edf4ae8; MSPRequ=id=250206&lt=1747663565&co=1; MSCC=91.90.42.154-NO; MSPOK=$uuid-e719972e-4313-406c-980b-746b835de97c; OParams=11O.Dt1sC0e9Xx*zJ7qC1jWnxmdQxSsFANsWPQiz0uB0USXpF2BdqS7jBL5hobKr4hLojYuCvz2EnZZJG!lvZ0vDAsHGsDVw!D7jJAT075Xa6k1PLed8J8vTWsAgmto9SDa!Ua5LKhadu6yXyd1bqZPj7cxBJlpCNmss2r5OFp1odGcqs5!NQTRl*CXaczSVxnSDJcf5iImB0I!Qmvlua4xxIPR6HUlP2Rom!Q8CCrPAeDn27rrEDTM!r7Eq0Brh9Bcr7yEM4nyT1dv53*tPAHekag1nLkn6sma4imKUvRGeGRO1QBhrH!mRrukimamOgUFJ*8An6!ZHUVEmLRGc!qwhqXwTTlsSX*I*Q5iotheb42*k141wEKS8TWyL56DTSHD9DJyNy!p0paCjYD0nLfTGy5Y$
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: application/json
Expires: Mon, 19 May 2025 14:05:06 GMT
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C525_BAY
x-ms-request-id: 0841b848-2453-49cc-8a48-0e92e947f95c
PPServer: PPV: 30 H: PH1PEPF0001E313 V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Date: Mon, 19 May 2025 14:06:06 GMT
Content-Length: 227

GET fpt.live.com/Images/Clear.PNG?ctx=jscb1.0&session_id=a192d83853554038b6e4cd271edf4ae8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEzNC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEzNC4wJm9zPUxpbnV4IHg4Nl82NCZscHJvYz00OCZvbD10cnVlJnByb3N1Yj0yMDEwMDEwMSZvc2NwdT1MaW51eCB4ODZfNjQmZXZhbD0zNyZhcHB2PTUuMCAoWDExKSZscz10cnVlJm10cD0wJm5jPTM5JnByPTEmc3I9MTI4MHgxMDI0JnNjZD0yNCZhc3I9MTI4MHgxMDI0JnR6PTAmZHN0PTAmdHpvPTAmYmw9ZW4tVVMmbXRoPTI3ZjUxZDMxNDllNmJmMjA5YjY2YmQzODdiMGFmM2M0Jm10bj0yJnBuPTUmcGg9ZjNhYzIyYWM1OWM2ZGNiODc0MTA5ZDA5M2M1MjU1ZTgmcD1wbHVnaW5fZmxhc2glM0RmYWxzZSUyNnBsdWdpbl93aW5kb3dzX21lZGlhX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2Fkb2JlX2Fjcm9iYXQlM0RmYWxzZSUyNnBsdWdpbl9zaWx2ZXJsaWdodCUzRGZhbHNlJTI2cGx1Z2luX3F1aWNrdGltZSUzRGZhbHNlJTI2cGx1Z2luX3Nob2Nrd2F2ZSUzRGZhbHNlJTI2cGx1Z2luX3JlYWxwbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl92bGNfcGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fZGV2YWx2ciUzRGZhbHNlJTI2cGx1Z2luX3N2Z192aWV3ZXIlM0RmYWxzZSUyNnBsdWdpbl9qYXZhJTNEZmFsc2UmZmg9OTU1N2M0YTFjYWI0NDk5MTQxNjQ1Mzk0ZGJkMGJjMDEmZm49OSZsaD1odHRwcyUzQSUyRiUyRmZwdC5saXZlLmNvbSUyRiUzRnNlc3Npb25faWQlM0RhMTkyZDgzODUzNTU0MDM4YjZlNGNkMjcxZWRmNGFlOCUyNkN1c3RvbWVySWQlM0QzM2UwMTkyMS00ZDY0LTRmOGMtYTA1NS01YmRhZmZkNWUzM2QlMjZQYWdlSWQlM0RTSSZkcj1odHRwcyUzQSUyRiUyRmxvZ2luLmxpdmUuY29tJTJGJnc9OEREOTZERTRDRDVEMDI0JmlkPWUwMGE4NjU3LTRkZjItOWI1NC1jNzNiLTQ4YTMzNmNlYWM3NyZhPSZjPWVhOWRkNDcyNzdiNDQ2OTViMDI4MDEyZTFhMGI4NDFm&eci=eyJ1dmRyIjoiTWVzYSIsInVyZHIiOiJsbHZtcGlwZSIsInZkciI6Ik1vemlsbGEiLCJyZHIiOiJsbHZtcGlwZSIsImlkdWgiOiJmYzk5ZmY3ZjQ5OTEzMTRlMzBiODY5MzM0N2YyZWJmZCJ9&PageId=SI

52.167.30.171

200 OK

6 B

URL GET
fpt.live.com/Images/Clear.PNG?ctx=jscb1.0&session_id=a192d83853554038b6e4cd271edf4ae8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEzNC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEzNC4wJm9zPUxpbnV4IHg4Nl82NCZscHJvYz00OCZvbD10cnVlJnByb3N1Yj0yMDEwMDEwMSZvc2NwdT1MaW51eCB4ODZfNjQmZXZhbD0zNyZhcHB2PTUuMCAoWDExKSZscz10cnVlJm10cD0wJm5jPTM5JnByPTEmc3I9MTI4MHgxMDI0JnNjZD0yNCZhc3I9MTI4MHgxMDI0JnR6PTAmZHN0PTAmdHpvPTAmYmw9ZW4tVVMmbXRoPTI3ZjUxZDMxNDllNmJmMjA5YjY2YmQzODdiMGFmM2M0Jm10bj0yJnBuPTUmcGg9ZjNhYzIyYWM1OWM2ZGNiODc0MTA5ZDA5M2M1MjU1ZTgmcD1wbHVnaW5fZmxhc2glM0RmYWxzZSUyNnBsdWdpbl93aW5kb3dzX21lZGlhX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2Fkb2JlX2Fjcm9iYXQlM0RmYWxzZSUyNnBsdWdpbl9zaWx2ZXJsaWdodCUzRGZhbHNlJTI2cGx1Z2luX3F1aWNrdGltZSUzRGZhbHNlJTI2cGx1Z2luX3Nob2Nrd2F2ZSUzRGZhbHNlJTI2cGx1Z2luX3JlYWxwbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl92bGNfcGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fZGV2YWx2ciUzRGZhbHNlJTI2cGx1Z2luX3N2Z192aWV3ZXIlM0RmYWxzZSUyNnBsdWdpbl9qYXZhJTNEZmFsc2UmZmg9OTU1N2M0YTFjYWI0NDk5MTQxNjQ1Mzk0ZGJkMGJjMDEmZm49OSZsaD1odHRwcyUzQSUyRiUyRmZwdC5saXZlLmNvbSUyRiUzRnNlc3Npb25faWQlM0RhMTkyZDgzODUzNTU0MDM4YjZlNGNkMjcxZWRmNGFlOCUyNkN1c3RvbWVySWQlM0QzM2UwMTkyMS00ZDY0LTRmOGMtYTA1NS01YmRhZmZkNWUzM2QlMjZQYWdlSWQlM0RTSSZkcj1odHRwcyUzQSUyRiUyRmxvZ2luLmxpdmUuY29tJTJGJnc9OEREOTZERTRDRDVEMDI0JmlkPWUwMGE4NjU3LTRkZjItOWI1NC1jNzNiLTQ4YTMzNmNlYWM3NyZhPSZjPWVhOWRkNDcyNzdiNDQ2OTViMDI4MDEyZTFhMGI4NDFm&eci=eyJ1dmRyIjoiTWVzYSIsInVyZHIiOiJsbHZtcGlwZSIsInZkciI6Ik1vemlsbGEiLCJyZHIiOiJsbHZtcGlwZSIsImlkdWgiOiJmYzk5ZmY3ZjQ5OTEzMTRlMzBiODY5MzM0N2YyZWJmZCJ9&PageId=SI
IP
52.167.30.171:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://fpt.live.com/?session_id=a192d83853554038b6e4cd271edf4ae8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
Certificate
IssuerMicrosoft Corporation
Subjectfpt.microsoft.com
FingerprintE3:2D:A0:55:0A:FC:68:AC:3F:C7:51:81:AF:31:3F:7F:09:E4:1F:5E
ValiditySat, 12 Apr 2025 18:57:19 GMT - Thu, 09 Oct 2025 18:57:19 GMT

File type
ASCII text, with no line terminators
Size
6 B (6 bytes)
Hash
aaab7a355103063d9eeb4824a3a6b374
e51555f02c32321f3e48f07a0fa5af46df835bfc
79ba862622d6fa84ac7e4f98eb95043a255fc2c81711e9400a8aa4d4b1608471

HTTP Headers

GET /Images/Clear.PNG?ctx=jscb1.0&session_id=a192d83853554038b6e4cd271edf4ae8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEzNC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEzNC4wJm9zPUxpbnV4IHg4Nl82NCZscHJvYz00OCZvbD10cnVlJnByb3N1Yj0yMDEwMDEwMSZvc2NwdT1MaW51eCB4ODZfNjQmZXZhbD0zNyZhcHB2PTUuMCAoWDExKSZscz10cnVlJm10cD0wJm5jPTM5JnByPTEmc3I9MTI4MHgxMDI0JnNjZD0yNCZhc3I9MTI4MHgxMDI0JnR6PTAmZHN0PTAmdHpvPTAmYmw9ZW4tVVMmbXRoPTI3ZjUxZDMxNDllNmJmMjA5YjY2YmQzODdiMGFmM2M0Jm10bj0yJnBuPTUmcGg9ZjNhYzIyYWM1OWM2ZGNiODc0MTA5ZDA5M2M1MjU1ZTgmcD1wbHVnaW5fZmxhc2glM0RmYWxzZSUyNnBsdWdpbl93aW5kb3dzX21lZGlhX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2Fkb2JlX2Fjcm9iYXQlM0RmYWxzZSUyNnBsdWdpbl9zaWx2ZXJsaWdodCUzRGZhbHNlJTI2cGx1Z2luX3F1aWNrdGltZSUzRGZhbHNlJTI2cGx1Z2luX3Nob2Nrd2F2ZSUzRGZhbHNlJTI2cGx1Z2luX3JlYWxwbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl92bGNfcGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fZGV2YWx2ciUzRGZhbHNlJTI2cGx1Z2luX3N2Z192aWV3ZXIlM0RmYWxzZSUyNnBsdWdpbl9qYXZhJTNEZmFsc2UmZmg9OTU1N2M0YTFjYWI0NDk5MTQxNjQ1Mzk0ZGJkMGJjMDEmZm49OSZsaD1odHRwcyUzQSUyRiUyRmZwdC5saXZlLmNvbSUyRiUzRnNlc3Npb25faWQlM0RhMTkyZDgzODUzNTU0MDM4YjZlNGNkMjcxZWRmNGFlOCUyNkN1c3RvbWVySWQlM0QzM2UwMTkyMS00ZDY0LTRmOGMtYTA1NS01YmRhZmZkNWUzM2QlMjZQYWdlSWQlM0RTSSZkcj1odHRwcyUzQSUyRiUyRmxvZ2luLmxpdmUuY29tJTJGJnc9OEREOTZERTRDRDVEMDI0JmlkPWUwMGE4NjU3LTRkZjItOWI1NC1jNzNiLTQ4YTMzNmNlYWM3NyZhPSZjPWVhOWRkNDcyNzdiNDQ2OTViMDI4MDEyZTFhMGI4NDFm&eci=eyJ1dmRyIjoiTWVzYSIsInVyZHIiOiJsbHZtcGlwZSIsInZkciI6Ik1vemlsbGEiLCJyZHIiOiJsbHZtcGlwZSIsImlkdWgiOiJmYzk5ZmY3ZjQ5OTEzMTRlMzBiODY5MzM0N2YyZWJmZCJ9&PageId=SI HTTP/1.1
Host: fpt.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fpt.live.com/?session_id=a192d83853554038b6e4cd271edf4ae8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
Cookie: fptctx2=taBcrIH61PuCVH7eNCyH0F58uBDuZFZOunQHZt3FuglwWjgNqfnfwVSh%252bPx6Ap0SsniA26Ul89oxe0cgUzoR8rQ%252fwasL7C6%252bnHzqYpX0YHIxruvT%252fr6JowAOzobWtokcphfJuyzoa28gD3zFCVdeeORZwSRYwpc%252brMJGSjgEu%252bNtMjGhtDmyFFiXigNWZy2xlCtonX5ptDIHHbk3BZSHhrpSo9w4wLkAOzC4n6R2xSTOngSlCfD6O%252fRC8A3IccmqfrgpJn3OBZ4ttso2q1v%252fiw1fak%252f27yEJ2r5ET0FEMlwNJUrSttMopN29wp6Ppcro; MUID=61ca16f2ad8247868278fb85ee105f6b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-encoding: gzip
set-cookie: fptctx2=taBcrIH61PuCVH7eNCyH0F58uBDuZFZOunQHZt3FuglwWjgNqfnfwVSh%252bPx6Ap0SsniA26Ul89oxe0cgUzoR8jJS88VOYJuORyvr48HKqpPsBF5LL14kFmE08xTEGiCwRCmTjlWpWSrT56OxlF%252bMs%252bKxGtZhB0NTbG8pAShxpa%252bJj62qzzcp%252bg2TlYo4s%252ftpBBQJ3TMt2qHB%252flwHxgqbrdiNtwZQhOb2PvBk2Nm2i%252byxN5KxXUc9ocl7pkjb8WKBS4KxkT1r7Qmu4Dtalfg0to3vscJeqNUSWeqeYWHS1LHfrqBWtQTkmdN7E0BLT5XPuMtRh%252f%252f6tM7JOyKw%252fTrZ1w%253d%253d; domain=.live.com; path=/; secure; httponly
vary: Accept-Encoding
server: Microsoft-HTTPAPI/2.0
access-control-allow-origin: *
date: Mon, 19 May 2025 14:06:07 GMT
X-Firefox-Spdy: h2

GET df.cfp.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=a192d83853554038b6e4cd271edf4ae8&id=e00a8657-4df2-9b54-c73b-48a336ceac77&w=8DD96DE4CD5D024&tkt=taBcrIH61PuCVH7eNCyH0F58uBDuZFZOunQHZt3FuglwWjgNqfnfwVSh%252bPx6Ap0SsniA26Ul89oxe0cgUzoR8rQ%252fwasL7C6%252bnHzqYpX0YHIxruvT%252fr6JowAOzobWtokcphfJuyzoa28gD3zFCVdeeORZwSRYwpc%252brMJGSjgEu%252bNtMjGhtDmyFFiXigNWZy2xlCtonX5ptDIHHbk3BZSHhrpSo9w4wLkAOzC4n6R2xSTOngSlCfD6O%252fRC8A3IccmqfrgpJn3OBZ4ttso2q1v%252fiw1fak%252f27yEJ2r5ET0FEMlwNJUrSttMopN29wp6Ppcro&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d

52.167.30.171

200 OK

2.3 kB

URL GET
df.cfp.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=a192d83853554038b6e4cd271edf4ae8&id=e00a8657-4df2-9b54-c73b-48a336ceac77&w=8DD96DE4CD5D024&tkt=taBcrIH61PuCVH7eNCyH0F58uBDuZFZOunQHZt3FuglwWjgNqfnfwVSh%252bPx6Ap0SsniA26Ul89oxe0cgUzoR8rQ%252fwasL7C6%252bnHzqYpX0YHIxruvT%252fr6JowAOzobWtokcphfJuyzoa28gD3zFCVdeeORZwSRYwpc%252brMJGSjgEu%252bNtMjGhtDmyFFiXigNWZy2xlCtonX5ptDIHHbk3BZSHhrpSo9w4wLkAOzC4n6R2xSTOngSlCfD6O%252fRC8A3IccmqfrgpJn3OBZ4ttso2q1v%252fiw1fak%252f27yEJ2r5ET0FEMlwNJUrSttMopN29wp6Ppcro&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d
IP
52.167.30.171:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://fpt.live.com/?session_id=a192d83853554038b6e4cd271edf4ae8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
Certificate
IssuerMicrosoft Corporation
Subjectfpt.microsoft.com
FingerprintE3:2D:A0:55:0A:FC:68:AC:3F:C7:51:81:AF:31:3F:7F:09:E4:1F:5E
ValiditySat, 12 Apr 2025 18:57:19 GMT - Thu, 09 Oct 2025 18:57:19 GMT

File type
HTML document, ASCII text, with very long lines (2154), with CRLF line terminators
Size
2.3 kB (2282 bytes)
Hash
292648426391c8e4e91d2037f4fc63c4
e174d6368791fe27f179639142ba2fd0e8f296b9
9419e47ba7e612a1a224e478caf4d2502bd766f52df5b83772f89e87fc78410f

HTTP Headers

GET /Clear.HTML?ctx=Ls1.0&wl=False&session_id=a192d83853554038b6e4cd271edf4ae8&id=e00a8657-4df2-9b54-c73b-48a336ceac77&w=8DD96DE4CD5D024&tkt=taBcrIH61PuCVH7eNCyH0F58uBDuZFZOunQHZt3FuglwWjgNqfnfwVSh%252bPx6Ap0SsniA26Ul89oxe0cgUzoR8rQ%252fwasL7C6%252bnHzqYpX0YHIxruvT%252fr6JowAOzobWtokcphfJuyzoa28gD3zFCVdeeORZwSRYwpc%252brMJGSjgEu%252bNtMjGhtDmyFFiXigNWZy2xlCtonX5ptDIHHbk3BZSHhrpSo9w4wLkAOzC4n6R2xSTOngSlCfD6O%252fRC8A3IccmqfrgpJn3OBZ4ttso2q1v%252fiw1fak%252f27yEJ2r5ET0FEMlwNJUrSttMopN29wp6Ppcro&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d HTTP/1.1
Host: df.cfp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fpt.live.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-encoding: gzip
set-cookie: dfpfpt=e00a86574df29b54c73b48a336ceac77; expires=Tue, 19 May 2026 14:06:08 GMT; domain=.cfp.microsoft.com; path=/; secure; httponly
vary: Accept-Encoding
server: Microsoft-HTTPAPI/2.0
access-control-allow-origin: *
date: Mon, 19 May 2025 14:06:07 GMT
X-Firefox-Spdy: h2

OPTIONS browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

52.182.143.213

200 OK

0 B

URL OPTIONS
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP
52.182.143.213:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1
Certificate
IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintF5:C5:9C:FC:72:A4:DB:47:FA:EA:58:85:58:B7:37:59:82:EA:58:E1
ValidityThu, 27 Mar 2025 08:39:34 GMT - Tue, 23 Sep 2025 08:39:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Referer: https://login.live.com/
Origin: https://login.live.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, 3600
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://login.live.com
date: Mon, 19 May 2025 14:06:09 GMT
X-Firefox-Spdy: h2

GET t.infomail.microsoft.com/r/?id=hb2587504,57274842,57274848&e=b2NpZD1jbW1qNmxlN2s1bg&s=v76RfHJGvW42MQSvfHcRWtDWkSSe2-Yew18Xc9_3mFg

20.97.219.252

302 Found

30 kB

URL User Request GET
t.infomail.microsoft.com/r/?id=hb2587504,57274842,57274848&e=b2NpZD1jbW1qNmxlN2s1bg&s=v76RfHJGvW42MQSvfHcRWtDWkSSe2-Yew18Xc9_3mFg
IP
20.97.219.252:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerMicrosoft Corporation
Subjectinfomail.microsoft.com
Fingerprint5E:72:B3:34:27:FB:04:03:35:F3:8B:29:4E:A6:65:78:8F:88:7F:43
ValidityThu, 10 Apr 2025 17:02:02 GMT - Sun, 05 Apr 2026 17:02:02 GMT

File type

Size
30 kB (30107 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /r/?id=hb2587504,57274842,57274848&e=b2NpZD1jbW1qNmxlN2s1bg&s=v76RfHJGvW42MQSvfHcRWtDWkSSe2-Yew18Xc9_3mFg HTTP/1.1
Host: t.infomail.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: MSCC=cid=qx7ft7mavj0leq4vylbl40vv-c1=1-c2=1-c3=1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Mon, 19 May 2025 14:06:04 GMT
Server: Apache
P3P: CP="CAO DSP COR CURa DEVa TAIa OUR BUS IND UNI COM NAV"
Location: https://onedrive.live.com?CLRTags=c_udf~$~Mod1Link1~$$~c_cmp~$~EmailCard~$$~c_type~$~TextHyperlink~$$~c_pos~$~3A_~_CLRTags_~_&ocid=cmmj6le7k5n
Connection: close
Set-Cookie: AMCV_EA76ADE95776D2EC7F000101%40AdobeOrg=MCMID%7C56064009249478369273743608359798964223; Domain=microsoft.com; Path=/; Expires=Tue, 18-Nov-2025 05:26:04 GMT
nlid=b2587504|57274842; Domain=microsoft.com; Path=/
Content-Length: 17
X-Robots-Tag: noindex
Content-Type: text/plain; charset=utf-8

GET login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1

40.126.53.18

200 OK

30 kB

URL User Request GET
login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1
IP
40.126.53.18:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerDigiCert Inc
Subjectlogin.live.com
FingerprintF3:FC:DC:56:81:70:0E:4E:C8:7F:DC:C8:C1:9C:29:48:47:7F:1B:08
ValiditySun, 16 Mar 2025 00:00:00 GMT - Tue, 16 Sep 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (28991)
Size
30 kB (30107 bytes)
Hash
9352adaf66c9b54258ea5d2c04eef9f5
b031580ca7613086087a559da35e189c4db676b5
5cc08b91e242c8849860caa9f54290ce1430fc3175b7dcb38baddd0ac1f1a0db

HTTP Headers

GET /login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1 HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Mon, 19 May 2025 14:05:05 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-Frame-Options: deny
X-DNS-Prefetch-Control: on
Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
Content-Security-Policy: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-ztR7qf3wwGr3QN9kXgTYGrxv1TnRBp0v4kflrbOnMd8=' https://js.monitor.azure.com https://logincdn.msauth.net https://logincdn.msftauth.net https://lgincdnvzeuno.azureedge.net https://lgincdnmsftuswe2.azureedge.net https://*.live.com https://*.microsoft.com https://*.office.net https://*.bing.com https://*.sharepointonline.com 'report-sample'; img-src 'self' https://js.monitor.azure.com https://logincdn.msauth.net https://logincdn.msftauth.net https://lgincdnvzeuno.azureedge.net https://lgincdnmsftuswe2.azureedge.net https://*.live.com https://*.microsoft.com https://*.office.net https://*.bing.com https://*.sharepointonline.com; report-uri https://csp.microsoft.com/report/MSA-UX-All
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C503_SN1
x-ms-request-id: 51e4b497-025c-4354-9e19-0155a3a89fbd
PPServer: PPV: 30 H: SN1PEPF0002F028 V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=a192d83853554038b6e4cd271edf4ae8; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=250206&lt=1747663565&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSCC=91.90.42.154-NO; expires=Sat, 13-Jun-2026 14:06:05 GMT; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPOK=$uuid-e719972e-4313-406c-980b-746b835de97c; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
OParams=11O.Dt1sC0e9Xx*zJ7qC1jWnxmdQxSsFANsWPQiz0uB0USXpF2BdqS7jBL5hobKr4hLojYuCvz2EnZZJG!lvZ0vDAsHGsDVw!D7jJAT075Xa6k1PLed8J8vTWsAgmto9SDa!Ua5LKhadu6yXyd1bqZPj7cxBJlpCNmss2r5OFp1odGcqs5!NQTRl*CXaczSVxnSDJcf5iImB0I!Qmvlua4xxIPR6HUlP2Rom!Q8CCrPAeDn27rrEDTM!r7Eq0Brh9Bcr7yEM4nyT1dv53*tPAHekag1nLkn6sma4imKUvRGeGRO1QBhrH!mRrukimamOgUFJ*8An6!ZHUVEmLRGc!qwhqXwTTlsSX*I*Q5iotheb42*k141wEKS8TWyL56DTSHD9DJyNy!p0paCjYD0nLfTGy5Y$; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Mon, 19 May 2025 14:06:04 GMT
Content-Length: 11967

GET logincdn.msauth.net/shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js

13.107.246.53

200 OK

91 kB

URL GET
logincdn.msauth.net/shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
FingerprintDC:19:07:B7:F6:C4:4B:9C:0D:4F:8E:DF:40:A0:4A:C3:11:C4:95:50
ValidityMon, 24 Feb 2025 00:32:34 GMT - Sat, 23 Aug 2025 00:32:34 GMT

File type
JavaScript source, ASCII text, with very long lines (65439)
Size
91 kB (90678 bytes)
Hash
0babaf1d46acdfadc9fe4afa5c0354c3
3407bd2ee6afb10acd3dab966cf05c42fe4b1dcc
23ef819e5c8868fffb2c9c99201da945887de5ed5b260a81646be624f681ebf2

HTTP Headers

GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com/
Origin: https://login.live.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 19 May 2025 14:06:06 GMT
content-type: application/x-javascript
content-length: 32811
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Thu, 31 Oct 2024 23:10:28 GMT
etag: "0x8DCFA0135C06828"
x-ms-request-id: da1cd4ec-101e-0016-65a3-c60a2c000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-Range,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
x-azure-ref: 20250519T140606Z-15f95fb758cnmf9nhC1SVG56ws0000000600000000006ykw
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET logincdn.msauth.net/16.000.30619.6/images/favicon.ico

13.107.246.53

200 OK

17 kB

URL GET
logincdn.msauth.net/16.000.30619.6/images/favicon.ico
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
FingerprintDC:19:07:B7:F6:C4:4B:9C:0D:4F:8E:DF:40:A0:4A:C3:11:C4:95:50
ValidityMon, 24 Feb 2025 00:32:34 GMT - Sat, 23 Aug 2025 00:32:34 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

GET /16.000.30619.6/images/favicon.ico HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 19 May 2025 14:06:07 GMT
content-type: image/x-icon
content-length: 17174
cache-control: public, max-age=31536000
last-modified: Sat, 10 May 2025 00:55:00 GMT
etag: "0x8DD8F5D4A9D0D38"
x-ms-request-id: 6d750f04-801e-0014-3c78-c6b494000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Length,Content-Range,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
x-azure-ref: 20250519T140607Z-15f95fb758cnmf9nhC1SVG56ws0000000600000000006ym6
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

POST browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

52.182.143.213

200 OK

153 B

URL POST
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP
52.182.143.213:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1
Certificate
IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintF5:C5:9C:FC:72:A4:DB:47:FA:EA:58:85:58:B7:37:59:82:EA:58:E1
ValidityThu, 27 Mar 2025 08:39:34 GMT - Tue, 23 Sep 2025 08:39:34 GMT

File type
JSON text data
Size
153 B (153 bytes)
Hash
3216d27746b3d9d8ac7bb6191238ef7e
f711349719e631b7505401f2f413af67357c27bc
cb3ee719d391b34fdac78e924bcd780a17a9e02b84e9bcf822963418a91a7966

HTTP Headers

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com/
Client-Id: NO_AUTH
client-version: 1DS-Web-JS-3.2.15
apikey: 69adc3c768bd4dc08c19416121249fcc-66f1668a-797b-4249-95e3-6c6651768c28-7293
upload-time: 1747663569309
time-delta-to-apply-millis: use-collector-delta
cache-control: no-cache, no-store
content-type: application/x-json-stream
Content-Length: 8475
Origin: https://login.live.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache

HTTP/2 200 OK
content-length: 153
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=168c55ebf813428fa47244df9eba9e6d&HASH=168c&LV=202505&V=4&LU=1747663569993; Domain=.microsoft.com; Expires=Tue, 19 May 2026 14:06:09 GMT; Path=/;Secure; SameSite=None
MS0=0ce13c805abf4da4b9cdd9a6c9b5b92e; Domain=.microsoft.com; Expires=Mon, 19 May 2025 14:36:09 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 684
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://login.live.com
access-control-expose-headers: time-delta-millis
date: Mon, 19 May 2025 14:06:09 GMT
X-Firefox-Spdy: h2

GET onedrive.live.com/?CLRTags=c_udf~$~Mod1Link1~$$~c_cmp~$~EmailCard~$$~c_type~$~TextHyperlink~$$~c_pos~$~3A_~_CLRTags_~_&ocid=cmmj6le7k5n

13.107.137.11

302 Found

30 kB

URL User Request GET
onedrive.live.com/?CLRTags=c_udf~$~Mod1Link1~$$~c_cmp~$~EmailCard~$$~c_type~$~TextHyperlink~$$~c_pos~$~3A_~_CLRTags_~_&ocid=cmmj6le7k5n
IP
13.107.137.11:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerMicrosoft Corporation
Subjectonedrive.com
Fingerprint56:23:C3:49:F5:AE:76:B1:61:F9:13:3B:75:E5:97:C6:57:99:7F:EE
ValidityWed, 30 Apr 2025 09:45:43 GMT - Sat, 25 Apr 2026 09:45:43 GMT

File type

Size
30 kB (30107 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?CLRTags=c_udf~$~Mod1Link1~$$~c_cmp~$~EmailCard~$$~c_type~$~TextHyperlink~$$~c_pos~$~3A_~_CLRTags_~_&ocid=cmmj6le7k5n HTTP/1.1
Host: onedrive.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
content-length: 451
content-type: text/html; charset=utf-8
expires: -1
location: https://login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: RpsContextCookie=UHJldmlvdXNSZXF1ZXN0Q29ycmVsYXRpb25JZD0wMDAwMDAwMCUyRDAwMDAlMkQwMDAwJTJEMDAwMCUyRDAwMDAwMDAwMDAwMCZSZXR1cm5Vcmw9JTJGJTNGdmlldyUzRDElMjZDTFJUYWdzJTNEYyU1RnVkZiU3RSUyNCU3RU1vZDFMaW5rMSU3RSUyNCUyNCU3RWMlNUZjbXAlN0UlMjQlN0VFbWFpbENhcmQlN0UlMjQlMjQlN0VjJTVGdHlwZSU3RSUyNCU3RVRleHRIeXBlcmxpbmslN0UlMjQlMjQlN0VjJTVGcG9zJTdFJTI0JTdFM0ElNUYlN0UlNUZDTFJUYWdzJTVGJTdFJTVGJTI2b2NpZCUzRGNtbWo2bGU3azVu; expires=Mon, 19-May-2025 14:16:05 GMT; path=/; SameSite=None; secure; HttpOnly
isocdi: 0
x-networkstatistics: 0,0,0,0,0,0,0,0
x-sharepointhealthscore: 1
x-aspnet-version: 4.0.30319
x-databoundary: EU
x-1dscollectorurl: https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/
x-ariacollectorurl: https://eu-mobile.events.data.microsoft.com/Collector/3.0
sprequestguid: a8b09fa1-80a7-9000-80a3-4019fd52d534
request-id: a8b09fa1-80a7-9000-80a3-4019fd52d534
ms-cv: oZ+wqKeAAJCAo0AZ/VLVNA.0
splogid: a8b09fa1-80a7-9000-80a3-4019fd52d534
report-to: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-SVG20r5a&frontEnd=AFD&RemoteIP=91.90.42.0"}]}
nel: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}
strict-transport-security: max-age=31536000
sprequestduration: 27
spiislatency: 32
x-powered-by: ASP.NET
microsoftsharepointteamservices: 16.0.0.26023
x-content-type-options: nosniff
x-ms-invokeapp: 1; RequireReadOnly
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: EAA607A31898417EAE6B974C409470FC Ref B: SVG20EDGE0222 Ref C: 2025-05-19T14:06:05Z
date: Mon, 19 May 2025 14:06:04 GMT
X-Firefox-Spdy: h2

GET logincdn.msauth.net/shared/5/js/login-fluent_en_yNTNpDyuLV2GSSromdPgmA2.js

13.107.246.53

200 OK

1.9 MB

URL GET
logincdn.msauth.net/shared/5/js/login-fluent_en_yNTNpDyuLV2GSSromdPgmA2.js
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
FingerprintDC:19:07:B7:F6:C4:4B:9C:0D:4F:8E:DF:40:A0:4A:C3:11:C4:95:50
ValidityMon, 24 Feb 2025 00:32:34 GMT - Sat, 23 Aug 2025 00:32:34 GMT

File type
JavaScript source, ASCII text, with very long lines (65463)
Size
1.9 MB (1870630 bytes)
Hash
c8d4cda43cae2d5d86492ae899d3e098
a9f55bca634c3d13ae47983a9060f2cb7c788e6f
55fc1617f08704cd3e5dfa11089fdb4402f8afb1ab0ba742efbfea83f4b87692

HTTP Headers

GET /shared/5/js/login-fluent_en_yNTNpDyuLV2GSSromdPgmA2.js HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com/
Origin: https://login.live.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 19 May 2025 14:06:06 GMT
content-type: application/x-javascript
content-length: 468859
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 14 May 2025 02:59:17 GMT
etag: "0x8DD9293514AAD83"
x-ms-request-id: 7c5145da-301e-003d-194b-c7b54d000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-Range,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
x-azure-ref: 20250519T140606Z-15f95fb758cnmf9nhC1SVG56ws0000000600000000006ykd
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET fpt.live.com/?session_id=a192d83853554038b6e4cd271edf4ae8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI

52.167.30.171

200 OK

24 kB

URL GET
fpt.live.com/?session_id=a192d83853554038b6e4cd271edf4ae8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
IP
52.167.30.171:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://login.live.com/login.srf?wa=wsignin1%2E0&rpsnv=175&ct=1747663565&rver=7%2E5%2E2146%2E0&wp=MBI%5FSSL&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%5Fforms%2Fdefault%2Easpx%3Fapr%3D1&lc=1033&id=250206&guests=1&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&aadredir=1
Certificate
IssuerMicrosoft Corporation
Subjectfpt.microsoft.com
FingerprintE3:2D:A0:55:0A:FC:68:AC:3F:C7:51:81:AF:31:3F:7F:09:E4:1F:5E
ValiditySat, 12 Apr 2025 18:57:19 GMT - Thu, 09 Oct 2025 18:57:19 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (23184), with CRLF line terminators
Size
24 kB (23648 bytes)
Hash
6852a96eed15bbf201554c4b2dae1537
d00475e0c02c0bd92343fb4de06fb218bb1b669d
b2f5587e12a4538a5690a41fc3d35323a0752941983461645d53ea074892d452

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /?session_id=a192d83853554038b6e4cd271edf4ae8&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI HTTP/1.1
Host: fpt.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-HTTPAPI/2.0
access-control-allow-origin: *
set-cookie: fptctx2=taBcrIH61PuCVH7eNCyH0F58uBDuZFZOunQHZt3FuglwWjgNqfnfwVSh%252bPx6Ap0SsniA26Ul89oxe0cgUzoR8rQ%252fwasL7C6%252bnHzqYpX0YHIxruvT%252fr6JowAOzobWtokcphfJuyzoa28gD3zFCVdeeORZwSRYwpc%252brMJGSjgEu%252bNtMjGhtDmyFFiXigNWZy2xlCtonX5ptDIHHbk3BZSHhrpSo9w4wLkAOzC4n6R2xSTOngSlCfD6O%252fRC8A3IccmqfrgpJn3OBZ4ttso2q1v%252fiw1fak%252f27yEJ2r5ET0FEMlwNJUrSttMopN29wp6Ppcro; domain=.live.com; path=/; secure; httponly
MUID=61ca16f2ad8247868278fb85ee105f6b; expires=Tue, 19 May 2026 14:06:07 GMT; domain=.live.com; path=/; secure; httponly
date: Mon, 19 May 2025 14:06:06 GMT
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML