| jamefloor.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l8i1wwom7wbodda4l9b6dw2.js |  81.19.140.68 | 200 OK | 59 kB |
URL GET jamefloor.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l8i1wwom7wbodda4l9b6dw2.js IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
Requested byhttps://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw== CertificateIssuerLet's Encrypt Subjectjamefloor.com Fingerprint6C:ED:01:F4:5E:F0:49:3B:D0:58:C1:FF:AE:78:EE:B1:C6:4F:F2:25 ValidityMon, 21 Apr 2025 11:34:39 GMT - Sun, 20 Jul 2025 11:34:38 GMT
File typeUnicode text, UTF-8 text, with very long lines (32061) Hashddc82cb7a3eec1d5b564dd5694764514 d7a5a957f1c6ded3a7a96376edd20053ef3afdbf a7848e892e92f97db64e04d0ed4174e58531dcdfcb372a3a3195e83f252ad3b6
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook | | urlquery | phishing | Phishing - NakedPages Phishing Kit |
GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l8i1wwom7wbodda4l9b6dw2.js HTTP/1.1
Host: jamefloor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw==
DNT: 1
Connection: keep-alive
Cookie: qPdM=JBOeDxviop9j; qPdM.sig=VIhKWoAJ7WmIuyYw1ST-yUEF57g; ClientId=3A71B63060404FD7837A854EFAB96FF4; msal.cache.encryption=%7B%22id%22%3A%220196d009-5b9b-7515-93e4-978552ef4c0e%22%2C%22key%22%3A%2204ILwx27VsXG8LQ-RNxaMeHHI_WForHynt_0fmD-Vn4%22%7D; OIDC=1; OpenIdConnect.nonce.v3.Feo3b4zv__usr2W0XevPMEhBSy53YkxH6BEf4J5CKsw=638828437982083102.1642c110-f031-4899-bf2d-b67fc464fe88; X-OWA-RedirectHistory=ArLym14BHvhWZhST3Qg; buid=1.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA1AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEI_oY-RaMGCKtQhajwpOtLKF_e2PKYj7lREnuw5xgfty_hmGirWhFHwPaLCs7i67n6daHGMLlWaCju235WmK72pu1Sdnyae0ieTTVLc57esAgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEiFd0Ki_YTNvMQxoG7_3sFoG9_u1RwCh0f99D3QgNBR_RKrI8fnjeejzwxtTtRc7D_ES3SmxYpkXlxbWE0jNNqCTuijS4wa2IqHBxPu2H1cfDTgzGzVTKzt7fFw5t1pN6FvWMbt2JAGwtfhr-z38eJ1Pu2zXvbD3RXYuO-mJ-lMUgAA; esctx-4DlO0DQDtFI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEoQTGQFgdsk4v9F-GotuFURXvBoZYdEjgwhqg3IxhKBmzLiRwgom5GxMqLaOa09c6a4tkCC2xs96O-aSm31l3veL0H2_bn7MbAt8aR9b0xhx_sg111tU6kdVxtVPkj6hRMN38kedFw8uScEcJWodLaSAA; fpc=AoFg4BOQauVPiOIwGq-ct2aerOTJAQAAAJbWtt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 14 May 2025 18:23:19 GMT
Content-Type: application/x-javascript
content-length: 59299
Connection: close
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 27 Mar 2025 19:08:48 GMT
ETag: 0x8DD6D62CDCA7C7B
x-ms-request-id: b7722526-b01e-001f-5e95-c34fff000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20250514T182319Z-16c4c6b95d9ngjgnhC1YMQedkw00000005g00000000010q4
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_HIT
Accept-Ranges: bytes
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| jamefloor.com/aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico | 81.19.140.68 | 200 OK | 17 kB |
URL GET jamefloor.com/aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
Requested byhttps://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw== CertificateIssuerLet's Encrypt Subjectjamefloor.com Fingerprint6C:ED:01:F4:5E:F0:49:3B:D0:58:C1:FF:AE:78:EE:B1:C6:4F:F2:25 ValidityMon, 21 Apr 2025 11:34:39 GMT - Sun, 20 Jul 2025 11:34:38 GMT
File typeMS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors Hash12e3dac858061d088023b2bd48e2fa96 e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook | | urlquery | phishing | Phishing - NakedPages Phishing Kit |
GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: jamefloor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw%3D%3D
DNT: 1
Connection: keep-alive
Cookie: qPdM=JBOeDxviop9j; qPdM.sig=VIhKWoAJ7WmIuyYw1ST-yUEF57g; ClientId=3A71B63060404FD7837A854EFAB96FF4; msal.cache.encryption=%7B%22id%22%3A%220196d009-5b9b-7515-93e4-978552ef4c0e%22%2C%22key%22%3A%2204ILwx27VsXG8LQ-RNxaMeHHI_WForHynt_0fmD-Vn4%22%7D; OIDC=1; OpenIdConnect.nonce.v3.Feo3b4zv__usr2W0XevPMEhBSy53YkxH6BEf4J5CKsw=638828437982083102.1642c110-f031-4899-bf2d-b67fc464fe88; X-OWA-RedirectHistory=ArLym14BHvhWZhST3Qg; buid=1.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA1AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEI_oY-RaMGCKtQhajwpOtLKF_e2PKYj7lREnuw5xgfty_hmGirWhFHwPaLCs7i67n6daHGMLlWaCju235WmK72pu1Sdnyae0ieTTVLc57esAgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEiFd0Ki_YTNvMQxoG7_3sFoG9_u1RwCh0f99D3QgNBR_RKrI8fnjeejzwxtTtRc7D_ES3SmxYpkXlxbWE0jNNqCTuijS4wa2IqHBxPu2H1cfDTgzGzVTKzt7fFw5t1pN6FvWMbt2JAGwtfhr-z38eJ1Pu2zXvbD3RXYuO-mJ-lMUgAA; esctx-4DlO0DQDtFI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEoQTGQFgdsk4v9F-GotuFURXvBoZYdEjgwhqg3IxhKBmzLiRwgom5GxMqLaOa09c6a4tkCC2xs96O-aSm31l3veL0H2_bn7MbAt8aR9b0xhx_sg111tU6kdVxtVPkj6hRMN38kedFw8uScEcJWodLaSAA; fpc=AoFg4BOQauVPiOIwGq-ct2aerOTJAQAAAJbWtt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 14 May 2025 18:23:20 GMT
Content-Type: image/x-icon
Content-Length: 17174
Connection: close
Cache-Control: public, max-age=31536000
Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT
ETag: 0x8D8731230C851A6
x-ms-request-id: 842f8900-b01e-0051-555a-c25eda000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20250514T182320Z-174fc647fd5hqf6whC1YTOxn1s00000008k0000000003dey
x-fd-int-roxy-purgeid: 4554691
X-Cache: TCP_HIT
Accept-Ranges: bytes
|
|
| csp.microsoft.com/report/ESTS-UX-All |  13.107.246.53 | 200 OK | 2 B |
URL POST csp.microsoft.com/report/ESTS-UX-All IP13.107.246.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw== CertificateIssuerDigiCert, Inc. Subjectcsp.microsoft.com Fingerprint96:0D:12:76:CF:F6:7A:E4:FE:C4:A3:34:C5:CF:AF:DE:55:EC:D1:99 ValidityWed, 01 Jan 2025 00:00:00 GMT - Tue, 01 Jul 2025 23:59:59 GMT
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /report/ESTS-UX-All HTTP/1.1
Host: csp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 2995
Origin: https://jamefloor.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 14 May 2025 18:23:25 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
request-context: appId=cid-v1:5c791ad2-9c50-4271-a8a5-5c74d929f3ed
x-azure-ref: 20250514T182320Z-15f95fb758cqphrbhC1SVG7qqs000000041g000000009p07
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/93fc6c9b3a8fb518/1747246980810/klxzwb1TaDJWdh9 |  104.18.94.41 | 200 OK | 370 B |
URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/93fc6c9b3a8fb518/1747246980810/klxzwb1TaDJWdh9 IP104.18.94.41:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/ CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File typePNG image data, 14 x 81, 8-bit/color RGBA, non-interlaced Hash92bc80162b0be0071a7ffc16309d03fd e79eaf84fcac738ab4e70bc69b89a618b081e980 92ad37d2eb2ff20501fc4b32b372edb2dad2279537a9fe47ff57a7c26698c7c8
GET /cdn-cgi/challenge-platform/h/g/d/93fc6c9b3a8fb518/1747246980810/klxzwb1TaDJWdh9 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 14 May 2025 18:23:05 GMT
content-type: image/png
content-length: 370
priority: u=4,i=?0
server: cloudflare
cf-ray: 93fc6cb8fc9cb518-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1521639760:1747243075:TykmB6BAqTa0IPAHS7XKvS7ovH0It2pn2T0byfUfJhw/93fc6c9b3a8fb518/kSUjOALU4w8bNCoymbDuCoSU6RNv5sMkWJNUnR_rHFM-1747246980-1.2.1.1-CLD0RU7AozeTUd3LBBu2NqkiKtNNSXmtt3t56p533gPr6v0eW.AbyRDsYxSBkvbL | 104.18.94.41 | 200 OK | 4.8 kB |
URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1521639760:1747243075:TykmB6BAqTa0IPAHS7XKvS7ovH0It2pn2T0byfUfJhw/93fc6c9b3a8fb518/kSUjOALU4w8bNCoymbDuCoSU6RNv5sMkWJNUnR_rHFM-1747246980-1.2.1.1-CLD0RU7AozeTUd3LBBu2NqkiKtNNSXmtt3t56p533gPr6v0eW.AbyRDsYxSBkvbL IP104.18.94.41:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/ CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File typeASCII text, with very long lines (4796), with no line terminators Hash2dd9ee410913a9ad39743d53fcd72a6d 60c6d5ca4cafcc7f992a5c408cbfcc40a01ba2e7 f22f24e67cf102b500e2233da3e44c508df4574a1dadc9a6bb130dbf9d636797
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1521639760:1747243075:TykmB6BAqTa0IPAHS7XKvS7ovH0It2pn2T0byfUfJhw/93fc6c9b3a8fb518/kSUjOALU4w8bNCoymbDuCoSU6RNv5sMkWJNUnR_rHFM-1747246980-1.2.1.1-CLD0RU7AozeTUd3LBBu2NqkiKtNNSXmtt3t56p533gPr6v0eW.AbyRDsYxSBkvbL HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/
cf-chl: kSUjOALU4w8bNCoymbDuCoSU6RNv5sMkWJNUnR_rHFM-1747246980-1.2.1.1-CLD0RU7AozeTUd3LBBu2NqkiKtNNSXmtt3t56p533gPr6v0eW.AbyRDsYxSBkvbL
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 44134
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 14 May 2025 18:23:12 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: uHXGyJ5ZTRLU4kyu7aBo4l6dqy/pPhMNT0uOMknPQM1t3jno24tlyQ/s5kGRZqeojXgB5KutpttH1dy11DCtsKZSIij3COQDmFYbiKRJE9Na4vrGL+yfj7DC+6n15AKfvYAtchg1gFxjej3IZ+wJfvWAwNZk6duEco+tAwioUW5wP8nQttmS07kYtGL1ez+XijCz8ifPug29hki+7F3NkrMdV/hbk+yPVIde3KtZ4MXZmE+4FpmzLD/4gsS2WJRl6z7T+hmqO0qrimZ8HCOs6TMUk2jg3SIYFRs4oMAJ2MLefTclvsD5rhMl4vPXG2xSi/VNoOchMyehdfZJx9sis159hBZeYCfPmb3tu+VyAQsdjcfIYIJRr69bU+E3viqMTxdANFCcADzMdz0m4Xao4gtsTBJx0a/V2GAMKogBqPhKSZPlp8ZobFIGOXfuEK54pBSTNsEaEm+unjwFbWH0EmpavYKyCr4SnCEOq3DCrFoP/9iEK5FD29ezp01n9gAKM27SN3XRGzEjeYG33l16TGukmzBaC3VLsH9oK0P50YinePx3IQ+fp6vSl5ArYTWHQl5X84wH6mGYaoamJiQebZEm89iyJqbBW/FAFW0C5B2hSq3iD8mkpQpOPKKhRq/HDqWpuDvtbTOG9kqJkH8ViZqWVfnC1aORuoUoj/2QVFAwHiuFavVvqHnupcJ7pUJW1EB4QZgS4rLCCTbKFKSS75+Psv4XLU1HGRTcDp/HUBA3i6LGbmTISOAc7f/tPRNEglQrH386B1VmxhhfwC/zpi/lUZNCDo3Da+cKaLtJx5gUUwKmRa93tVyPk9NZ9I/ilp+QdPfvwlEN2ENKyF8EQ4HqmohNiiM28dUUeLT+kreIJutb6Ptvrn7Y7Y9p9AQHIV5y1CXhoq+puD9eHl4AeLauEYxix859fZcqCrEU6hnnHoLnh2FiEQYwFHe1GctLOVZIWvRJrdUddw6JQxlKXbRogR37DnTljk4nfx1x0J2ucyPU9m4DNvqnFHzjqUegepKvgv8Avny9RJ0lHUiZaE7lt7wXDsEqB9xVAJkHwsPjfGb68NXVYT+zgu33ech5sww2y7lnczPr53p13KoEboGEXVsbL9Oeiy7Lko+p6g3ATW6KGEeFntS06YUPDY4BRUoQBCgM1JnNoJiqYl7owg==$MNLlhxZE0zqIxxiysXwTFQ==
cf-chl-out: VrNdf1hwhcA4WeUTpxoEt46ZM2ugA3Vqf/PvMU91XKxoN8NnZaW+yQHrYuGzLao+rshaU+10fb+HRNoRC3HzJeYqgUP3vUOJm9IgE1xxyaM=$NrX7btaPdbtBuubIaO664A==
priority: u=3,i=?0
server: cloudflare
cf-ray: 93fc6ce87827b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| jamefloor.com/mail/?login_hint=test%40slurpmail.net&bO=4&authRedirect=true&state=0 | 81.19.140.68 | 302 Found | 43 kB |
URL User Request GET jamefloor.com/mail/?login_hint=test%40slurpmail.net&bO=4&authRedirect=true&state=0 IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
CertificateIssuerLet's Encrypt Subjectjamefloor.com Fingerprint6C:ED:01:F4:5E:F0:49:3B:D0:58:C1:FF:AE:78:EE:B1:C6:4F:F2:25 ValidityMon, 21 Apr 2025 11:34:39 GMT - Sun, 20 Jul 2025 11:34:38 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook | | urlquery | phishing | Phishing - NakedPages Phishing Kit |
GET /mail/?login_hint=test%40slurpmail.net&bO=4&authRedirect=true&state=0 HTTP/1.1
Host: jamefloor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=JBOeDxviop9j; qPdM.sig=VIhKWoAJ7WmIuyYw1ST-yUEF57g; ClientId=3A71B63060404FD7837A854EFAB96FF4; msal.cache.encryption=%7B%22id%22%3A%220196d009-5b9b-7515-93e4-978552ef4c0e%22%2C%22key%22%3A%2204ILwx27VsXG8LQ-RNxaMeHHI_WForHynt_0fmD-Vn4%22%7D; OIDC=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Location: https://jamefloor.com/owa/?login_hint=test%40slurpmail.net&bO=4&state=1&redirectTo=aHR0cHM6Ly9vdXRsb29rLm9mZmljZS5jb20vbWFpbC8_Yk89NA
request-id: b2cd1472-38de-9c7e-0caa-6f80ce3999b0
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-PreferredRoutingKeyDiagnostics: 0
X-CalculatedFETarget: YQBPR0101CU011.internal.outlook.com
X-BackEndHttpStatus: 302, 302
X-CalculatedBETarget: YQBPR0101MB4780.CANPRD01.PROD.OUTLOOK.COM
x-web-server-version: 25.5.5.4
X-Clique: CLCANPRD01YQB01
x-besku: UNKNOWN
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 302
X-BEPartition: Clique/CLCANPRD01YQB01
X-FEEFZInfo: YYZ
MS-CV: chTNst44fpwMqm+AzjmZsA.1.1
X-FEServer: YQBPR0101CA0308, YT4PR01CA0472
Alt-Svc: ":443";ma=2592000,h3-29=":443";ma=2592000
X-FirstHopCafeEFZ: YYZ
X-FEProxyInfo: YT4PR01CA0472.CANPRD01.PROD.OUTLOOK.COM
X-Powered-By: ASP.NET
Date: Wed, 14 May 2025 18:23:17 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| jamefloor.com/aadcdn.msauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js | 81.19.140.68 | 200 OK | 190 kB |
URL GET jamefloor.com/aadcdn.msauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
Requested byhttps://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw== CertificateIssuerLet's Encrypt Subjectjamefloor.com Fingerprint6C:ED:01:F4:5E:F0:49:3B:D0:58:C1:FF:AE:78:EE:B1:C6:4F:F2:25 ValidityMon, 21 Apr 2025 11:34:39 GMT - Sun, 20 Jul 2025 11:34:38 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size190 kB (190151 bytes) Hash5423589bece24019692486034da1076b 73e8b8d253ab670e8f8f26885977447d4bfc83be d4ea1a07b23257f411af4f8c20aa528d23c4dadbd4c81d5db454f5d82351adc4
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook | | urlquery | phishing | Phishing - NakedPages Phishing Kit |
GET /aadcdn.msauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js HTTP/1.1
Host: jamefloor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw%3D%3D
DNT: 1
Connection: keep-alive
Cookie: qPdM=JBOeDxviop9j; qPdM.sig=VIhKWoAJ7WmIuyYw1ST-yUEF57g; ClientId=3A71B63060404FD7837A854EFAB96FF4; msal.cache.encryption=%7B%22id%22%3A%220196d009-5b9b-7515-93e4-978552ef4c0e%22%2C%22key%22%3A%2204ILwx27VsXG8LQ-RNxaMeHHI_WForHynt_0fmD-Vn4%22%7D; OIDC=1; OpenIdConnect.nonce.v3.Feo3b4zv__usr2W0XevPMEhBSy53YkxH6BEf4J5CKsw=638828437982083102.1642c110-f031-4899-bf2d-b67fc464fe88; X-OWA-RedirectHistory=ArLym14BHvhWZhST3Qg; buid=1.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA1AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEI_oY-RaMGCKtQhajwpOtLKF_e2PKYj7lREnuw5xgfty_hmGirWhFHwPaLCs7i67n6daHGMLlWaCju235WmK72pu1Sdnyae0ieTTVLc57esAgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEiFd0Ki_YTNvMQxoG7_3sFoG9_u1RwCh0f99D3QgNBR_RKrI8fnjeejzwxtTtRc7D_ES3SmxYpkXlxbWE0jNNqCTuijS4wa2IqHBxPu2H1cfDTgzGzVTKzt7fFw5t1pN6FvWMbt2JAGwtfhr-z38eJ1Pu2zXvbD3RXYuO-mJ-lMUgAA; esctx-4DlO0DQDtFI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEoQTGQFgdsk4v9F-GotuFURXvBoZYdEjgwhqg3IxhKBmzLiRwgom5GxMqLaOa09c6a4tkCC2xs96O-aSm31l3veL0H2_bn7MbAt8aR9b0xhx_sg111tU6kdVxtVPkj6hRMN38kedFw8uScEcJWodLaSAA; fpc=AoFg4BOQauVPiOIwGq-ct2aerOTJAQAAAJbWtt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 14 May 2025 18:23:20 GMT
Content-Type: application/x-javascript
content-length: 190151
Connection: close
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 27 Oct 2022 14:24:13 GMT
ETag: 0x8DAB826EBE74413
x-ms-request-id: 267f77ea-401e-0046-6b92-c2c87c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20250514T182320Z-r15d8f49c9b7zs9thC1YTOzh1n0000000as0000000004632
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_HIT
Accept-Ranges: bytes
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback | 104.18.94.41 | 302 Found | 48 kB |
URL GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP104.18.94.41:443
Requested byhttps://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/?qrc=test@slurpmail.net CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 14 May 2025 18:23:00 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/6fab0cec561d/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 93fc6c9a3be456c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=93fc6c9b3a8fb518&lang=auto | 104.18.94.41 | 200 OK | 106 kB |
URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=93fc6c9b3a8fb518&lang=auto IP104.18.94.41:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/ CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size106 kB (106516 bytes) Hashbda4397c79937868e651cc4c2d298739 aeaf618493753d1403ff395ecd04fe7d7ca978e4 7778a3231d72795c8aa62d83958d453c8d94eb65d1065d867b37f200a0c855cb
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=93fc6c9b3a8fb518&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 14 May 2025 18:23:00 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
priority: u=3,i=?0
server: cloudflare
cf-ray: 93fc6c9bec26b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| rmdrywalls.com/?akylwmds&qrc=test@slurpmail.net | 81.19.140.68 | 200 OK | 0 B |
URL OPTIONS rmdrywalls.com/?akylwmds&qrc=test@slurpmail.net IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
Requested byhttps://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/?qrc=test@slurpmail.net CertificateIssuerLet's Encrypt Subjectrmdrywalls.com Fingerprint7F:88:39:F3:D7:CB:2E:CC:84:73:33:C0:6E:EA:16:09:39:B2:91:C1 ValidityMon, 21 Apr 2025 11:35:25 GMT - Sun, 20 Jul 2025 11:35:24 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - NakedPages Phishing Kit |
OPTIONS /?akylwmds&qrc=test@slurpmail.net HTTP/1.1
Host: rmdrywalls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: qrc-auth
Referer: https://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/
Origin: https://1ceab2cf.6f94801be7c58a40c577135d.workers.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Date: Wed, 14 May 2025 18:23:13 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
|
|
| res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.mail.runtime.54b82a06.js |  23.36.76.120 | 200 OK | 229 kB |
URL GET res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.mail.runtime.54b82a06.js IP23.36.76.120:443 ASN#20940 Akamai International B.V.
Requested byhttps://jamefloor.com/mail/?login_hint=test%40slurpmail.net CertificateIssuerMicrosoft Corporation Subject*.public.onecdn.static.microsoft FingerprintDA:6B:54:51:45:33:19:15:88:0A:52:3C:DB:68:FC:AD:F9:44:BE:4A ValidityMon, 16 Dec 2024 20:47:14 GMT - Thu, 11 Dec 2025 20:47:14 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size229 kB (228924 bytes) Hash6e563c7bcf1da3fc5651d9ca6109b573 7900e3f185ed2f0eea684df7398942e7efebbc91 51208c4b13cfc73b21352c114e8938cde5d3a299b4598b9405be8bee015bbaa3
GET /owamail/hashed-v1/scripts/owa.mail.runtime.54b82a06.js HTTP/1.1
Host: res.public.onecdn.static.microsoft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 128260
last-modified: Tue, 13 May 2025 18:02:34 GMT
x-ms-request-id: aef9aea0-601e-0035-6169-c49383000000
content-encoding: br
cache-control: max-age=630720000
date: Wed, 14 May 2025 18:23:15 GMT
akamai-request-bc: [a=23.36.76.167,b=33008749,c=g,n=NO__OSLO,o=20940]
ak-network: FF
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=OSLO&ASN=20940&Country=NO&Region=&RequestIdentifier=0.a74c2417.1747246995.1f7ac6d&TotalRTCDNTime=3&CompressionType=br&FileSize=128260"}],"include_subdomains ":true}
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
server-timing: clientrtt; dur=3, clienttt; dur=, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
x-content-type-options: nosniff
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
|
|
| jamefloor.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css | 81.19.140.68 | 200 OK | 113 kB |
URL GET jamefloor.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
Requested byhttps://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw== CertificateIssuerLet's Encrypt Subjectjamefloor.com Fingerprint6C:ED:01:F4:5E:F0:49:3B:D0:58:C1:FF:AE:78:EE:B1:C6:4F:F2:25 ValidityMon, 21 Apr 2025 11:34:39 GMT - Sun, 20 Jul 2025 11:34:38 GMT
File typeASCII text, with very long lines (61177) Size113 kB (113424 bytes) Hashf3588c5412d4119f95e47073a4a5df72 3c4b1652e71c25e1ce7de611fbd17edbaae411d9 6cc79c59f00478ce5d8eaa982efdd8fc3cc205a7ea023a564bb2688fa206a087
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook | | urlquery | phishing | Phishing - NakedPages Phishing Kit |
GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1
Host: jamefloor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw==
DNT: 1
Connection: keep-alive
Cookie: qPdM=JBOeDxviop9j; qPdM.sig=VIhKWoAJ7WmIuyYw1ST-yUEF57g; ClientId=3A71B63060404FD7837A854EFAB96FF4; msal.cache.encryption=%7B%22id%22%3A%220196d009-5b9b-7515-93e4-978552ef4c0e%22%2C%22key%22%3A%2204ILwx27VsXG8LQ-RNxaMeHHI_WForHynt_0fmD-Vn4%22%7D; OIDC=1; OpenIdConnect.nonce.v3.Feo3b4zv__usr2W0XevPMEhBSy53YkxH6BEf4J5CKsw=638828437982083102.1642c110-f031-4899-bf2d-b67fc464fe88; X-OWA-RedirectHistory=ArLym14BHvhWZhST3Qg; buid=1.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA1AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEI_oY-RaMGCKtQhajwpOtLKF_e2PKYj7lREnuw5xgfty_hmGirWhFHwPaLCs7i67n6daHGMLlWaCju235WmK72pu1Sdnyae0ieTTVLc57esAgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEiFd0Ki_YTNvMQxoG7_3sFoG9_u1RwCh0f99D3QgNBR_RKrI8fnjeejzwxtTtRc7D_ES3SmxYpkXlxbWE0jNNqCTuijS4wa2IqHBxPu2H1cfDTgzGzVTKzt7fFw5t1pN6FvWMbt2JAGwtfhr-z38eJ1Pu2zXvbD3RXYuO-mJ-lMUgAA; esctx-4DlO0DQDtFI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEoQTGQFgdsk4v9F-GotuFURXvBoZYdEjgwhqg3IxhKBmzLiRwgom5GxMqLaOa09c6a4tkCC2xs96O-aSm31l3veL0H2_bn7MbAt8aR9b0xhx_sg111tU6kdVxtVPkj6hRMN38kedFw8uScEcJWodLaSAA; fpc=AoFg4BOQauVPiOIwGq-ct2aerOTJAQAAAJbWtt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 14 May 2025 18:23:19 GMT
Content-Type: text/css
Content-Length: 20410
Connection: close
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 08 Nov 2024 04:59:25 GMT
ETag: 0x8DCFFB21E496F3A
x-ms-request-id: 486c579e-501e-004a-0ca2-c35f74000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20250514T182319Z-16c4c6b95d9w2hjphC1YMQy6tg00000004wg00000000ptpk
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_HIT
Accept-Ranges: bytes
|
|
| res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.AppBoot.m.64ddd834.js | 23.36.76.120 | 200 OK | 1.9 MB |
URL GET res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.AppBoot.m.64ddd834.js IP23.36.76.120:443 ASN#20940 Akamai International B.V.
Requested byhttps://jamefloor.com/mail/?login_hint=test%40slurpmail.net CertificateIssuerMicrosoft Corporation Subject*.public.onecdn.static.microsoft FingerprintDA:6B:54:51:45:33:19:15:88:0A:52:3C:DB:68:FC:AD:F9:44:BE:4A ValidityMon, 16 Dec 2024 20:47:14 GMT - Thu, 11 Dec 2025 20:47:14 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size1.9 MB (1912550 bytes) Hash2e2b5a205f11e25befa492dbe8d41aae 54915a18774656f9f62ede06cb12d0c8f2e8c6be 9bd26211603304674300f94848805addbed2d0b6a0e41df18829d4d65e24975d
GET /owamail/hashed-v1/scripts/owa.AppBoot.m.64ddd834.js HTTP/1.1
Host: res.public.onecdn.static.microsoft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 523242
last-modified: Sat, 10 May 2025 16:50:23 GMT
x-ms-request-id: ca1c02db-201e-001b-1765-c3c194000000
content-encoding: br
cache-control: max-age=630720000
date: Wed, 14 May 2025 18:23:15 GMT
akamai-request-bc: [a=23.36.76.167,b=33008796,c=g,n=NO__OSLO,o=20940]
ak-network: FF
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=OSLO&ASN=20940&Country=NO&Region=&RequestIdentifier=0.a74c2417.1747246995.1f7ac9c&TotalRTCDNTime=7&CompressionType=br&FileSize=523242"}],"include_subdomains ":true}
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
server-timing: clientrtt; dur=7, clienttt; dur=, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
x-content-type-options: nosniff
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
|
|
| 1ceab2cf.6f94801be7c58a40c577135d.workers.dev/?qrc=test@slurpmail.net | 104.21.94.250 | 200 OK | 6.8 kB |
URL User Request GET 1ceab2cf.6f94801be7c58a40c577135d.workers.dev/?qrc=test@slurpmail.net IP104.21.94.250:443
CertificateIssuerGoogle Trust Services Subject6f94801be7c58a40c577135d.workers.dev FingerprintF5:31:1D:3C:18:64:5C:C2:55:D7:9F:50:94:99:76:D6:A8:91:BD:83 ValidityMon, 05 May 2025 16:00:59 GMT - Sun, 03 Aug 2025 16:59:13 GMT
File typeHTML document, ASCII text Hash33af16f1bbad866c2c7e4ee6728ec2b8 980360b7c01f1b36ed9542edf30251fad54cce8d 38516ff5ee5dcd08ef96d69fab965a62518b2787dabade2ce39f689ec080e16e
GET /?qrc=test@slurpmail.net HTTP/1.1
Host: 1ceab2cf.6f94801be7c58a40c577135d.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 14 May 2025 18:22:59 GMT
content-type: text/html
cf-ray: 93fc6c97f9fd9f2a-FRA
server: cloudflare
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iJzTbXBb9m0IVN7A2wUE9%2Fp7JYXzpJ8wPNC7fkN04jk%2F%2Bth8MrUGZOjaRTsCUf%2FP1w8AjOkIn0pD2XbTWgFpkbpfKm2DIB92royBjyZcao8cPZHK1AwK5E6wTarSxLVLlHxAWMX7c1OY81OSNXj3FVND1lavdmLskALLaArpfDo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26903&min_rtt=21776&rtt_var=12802&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3273&recv_bytes=1164&delivery_rate=198537&cwnd=77&unsent_bytes=0&cid=0047ef148d1fcb57&ts=142&x=0"
X-Firefox-Spdy: h2
|
|
| 1ceab2cf.6f94801be7c58a40c577135d.workers.dev/favicon.ico | 104.21.94.250 | 200 OK | 6.8 kB |
URL GET 1ceab2cf.6f94801be7c58a40c577135d.workers.dev/favicon.ico IP104.21.94.250:443
Requested byhttps://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/?qrc=test@slurpmail.net CertificateIssuerGoogle Trust Services Subject6f94801be7c58a40c577135d.workers.dev FingerprintF5:31:1D:3C:18:64:5C:C2:55:D7:9F:50:94:99:76:D6:A8:91:BD:83 ValidityMon, 05 May 2025 16:00:59 GMT - Sun, 03 Aug 2025 16:59:13 GMT
File typeHTML document, ASCII text Hashfcddc8dec4507053e2720ed961a3698f 810f60cc9de046e0fc19ab0f885e66b65c811abf 171468f446b2603c57cb35d9c6c477886e99180c141e7a2bfa5478f3942aaf94
GET /favicon.ico HTTP/1.1
Host: 1ceab2cf.6f94801be7c58a40c577135d.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/?qrc=test@slurpmail.net
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 14 May 2025 18:23:00 GMT
content-type: text/html
cf-ray: 93fc6c9b1c059f2a-FRA
server: cloudflare
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0dixWrHcF2IqfPfVs2mMnzrB3Lp4ge7VbxsQb5IcfO4cHhd9FmxJXY2ooMl2XZpp8theOhZWFy7E5UeRAlzMG6YdYU1h8w7LqgCq09G3DaZwGRMnrSNGt7870NNOghjrOc4ZBz3d9FSX9tHP63cR4vvS4ikMQ8mx%2FrmMJ7IAXX0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=24390&min_rtt=21716&rtt_var=5889&sent=13&recv=17&lost=0&retrans=0&sent_bytes=6574&recv_bytes=1340&delivery_rate=325334&cwnd=80&unsent_bytes=0&cid=0047ef148d1fcb57&ts=588&x=0"
X-Firefox-Spdy: h2
|
|
| res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.94868.m.e7f0bdd2.js | 23.36.76.120 | 200 OK | 301 kB |
URL GET res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.94868.m.e7f0bdd2.js IP23.36.76.120:443 ASN#20940 Akamai International B.V.
Requested byhttps://jamefloor.com/mail/?login_hint=test%40slurpmail.net CertificateIssuerMicrosoft Corporation Subject*.public.onecdn.static.microsoft FingerprintDA:6B:54:51:45:33:19:15:88:0A:52:3C:DB:68:FC:AD:F9:44:BE:4A ValidityMon, 16 Dec 2024 20:47:14 GMT - Thu, 11 Dec 2025 20:47:14 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size301 kB (300970 bytes) Hash88de8b7bf0e3c45a349728869241d9d1 d1a03777a66195e0eed7517e726ac3fe183c5701 ab437191bebd591d5084b2a86cd4b660bce7a4c1f8da0419cc7b18de4b3313c0
GET /owamail/hashed-v1/scripts/owa.94868.m.e7f0bdd2.js HTTP/1.1
Host: res.public.onecdn.static.microsoft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 66964
last-modified: Thu, 27 Mar 2025 13:40:34 GMT
x-ms-request-id: bf100aac-e01e-0004-52f2-b97290000000
content-encoding: br
cache-control: max-age=630720000
date: Wed, 14 May 2025 18:23:15 GMT
akamai-request-bc: [a=23.36.76.167,b=33008585,c=g,n=NO__OSLO,o=20940]
ak-network: FF
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=OSLO&ASN=20940&Country=NO&Region=&RequestIdentifier=0.a74c2417.1747246995.1f7abc9&TotalRTCDNTime=1&CompressionType=br&FileSize=66964"}],"include_subdomains ":true}
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
server-timing: clientrtt; dur=1, clienttt; dur=, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
x-content-type-options: nosniff
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
|
|
| jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw== | 81.19.140.68 | 200 OK | 43 kB |
URL User Request GET jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw== IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
CertificateIssuerLet's Encrypt Subjectjamefloor.com Fingerprint6C:ED:01:F4:5E:F0:49:3B:D0:58:C1:FF:AE:78:EE:B1:C6:4F:F2:25 ValidityMon, 21 Apr 2025 11:34:39 GMT - Sun, 20 Jul 2025 11:34:38 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26131), with CRLF, LF line terminators Hash6340002ce67138b421212523957a470e 664a8099335be054e5933aefefc3111910e12c90 6b85eff34ee5eb43f871f87421cc80e5e75f99427e0ee2ec7b9c3d68374b2de9
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook | | urlquery | phishing | Phishing - NakedPages Phishing Kit |
GET /?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw== HTTP/1.1
Host: jamefloor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=JBOeDxviop9j; qPdM.sig=VIhKWoAJ7WmIuyYw1ST-yUEF57g; ClientId=3A71B63060404FD7837A854EFAB96FF4; msal.cache.encryption=%7B%22id%22%3A%220196d009-5b9b-7515-93e4-978552ef4c0e%22%2C%22key%22%3A%2204ILwx27VsXG8LQ-RNxaMeHHI_WForHynt_0fmD-Vn4%22%7D; OIDC=1; OpenIdConnect.nonce.v3.Feo3b4zv__usr2W0XevPMEhBSy53YkxH6BEf4J5CKsw=638828437982083102.1642c110-f031-4899-bf2d-b67fc464fe88; X-OWA-RedirectHistory=ArLym14BHvhWZhST3Qg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch, <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 16a8bd0d-3fbf-4a19-827b-583ef0644300
x-ms-ests-server: 2.1.20713.8 - SCUS ProdSlices
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-AcQmKfar3aMD51J6RRSZ6w' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
Set-Cookie: buid=1.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA1AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEI_oY-RaMGCKtQhajwpOtLKF_e2PKYj7lREnuw5xgfty_hmGirWhFHwPaLCs7i67n6daHGMLlWaCju235WmK72pu1Sdnyae0ieTTVLc57esAgAA; expires=Fri, 13-Jun-2025 18:23:19 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEiFd0Ki_YTNvMQxoG7_3sFoG9_u1RwCh0f99D3QgNBR_RKrI8fnjeejzwxtTtRc7D_ES3SmxYpkXlxbWE0jNNqCTuijS4wa2IqHBxPu2H1cfDTgzGzVTKzt7fFw5t1pN6FvWMbt2JAGwtfhr-z38eJ1Pu2zXvbD3RXYuO-mJ-lMUgAA; domain=jamefloor.com; path=/; secure; HttpOnly; SameSite=None
esctx-4DlO0DQDtFI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEoQTGQFgdsk4v9F-GotuFURXvBoZYdEjgwhqg3IxhKBmzLiRwgom5GxMqLaOa09c6a4tkCC2xs96O-aSm31l3veL0H2_bn7MbAt8aR9b0xhx_sg111tU6kdVxtVPkj6hRMN38kedFw8uScEcJWodLaSAA; domain=jamefloor.com; path=/; secure; HttpOnly; SameSite=None
fpc=AoFg4BOQauVPiOIwGq-ct2aerOTJAQAAAJbWtt8OAAAA; expires=Fri, 13-Jun-2025 18:23:19 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Wed, 14 May 2025 18:23:19 GMT
Connection: close
content-length: 43445
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| csp.microsoft.com/report/ESTS-UX-All | 13.107.246.53 | 504 Gateway Timeout | 0 B |
URL POST csp.microsoft.com/report/ESTS-UX-All IP13.107.246.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw== CertificateIssuerDigiCert, Inc. Subjectcsp.microsoft.com Fingerprint96:0D:12:76:CF:F6:7A:E4:FE:C4:A3:34:C5:CF:AF:DE:55:EC:D1:99 ValidityWed, 01 Jan 2025 00:00:00 GMT - Tue, 01 Jul 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /report/ESTS-UX-All HTTP/1.1
Host: csp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3003
Origin: https://jamefloor.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 504 Gateway Timeout
date: Wed, 14 May 2025 18:23:26 GMT
content-type: text/html
content-length: 2049
cache-control: no-store
x-azure-ref: 20250514T182320Z-15f95fb758cqphrbhC1SVG7qqs000000041g000000009p04
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2
|
|
| res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.mailindex.cb8eca88.js | 23.36.76.120 | 200 OK | 374 kB |
URL GET res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.mailindex.cb8eca88.js IP23.36.76.120:443 ASN#20940 Akamai International B.V.
Requested byhttps://jamefloor.com/mail/?login_hint=test%40slurpmail.net CertificateIssuerMicrosoft Corporation Subject*.public.onecdn.static.microsoft FingerprintDA:6B:54:51:45:33:19:15:88:0A:52:3C:DB:68:FC:AD:F9:44:BE:4A ValidityMon, 16 Dec 2024 20:47:14 GMT - Thu, 11 Dec 2025 20:47:14 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size374 kB (373858 bytes) Hash6e8463c776f8991cb40e8e5de6f4801a 80d01bea97f4c41ec9db4a8cf482eaf8bda0547f 871d2e732a8bf06c97f28f6c110fc554ce28768c18c3895f6d7706db370273ce
GET /owamail/hashed-v1/scripts/owa.mailindex.cb8eca88.js HTTP/1.1
Host: res.public.onecdn.static.microsoft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 120555
last-modified: Fri, 02 May 2025 13:40:12 GMT
x-ms-request-id: 9746828b-f01e-0018-1f79-bb20f0000000
content-encoding: br
cache-control: max-age=630720000
date: Wed, 14 May 2025 18:23:15 GMT
akamai-request-bc: [a=23.36.76.167,b=33008751,c=g,n=NO__OSLO,o=20940]
ak-network: FF
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=OSLO&ASN=20940&Country=NO&Region=&RequestIdentifier=0.a74c2417.1747246995.1f7ac6f&TotalRTCDNTime=2&CompressionType=br&FileSize=120555"}],"include_subdomains ":true}
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
server-timing: clientrtt; dur=2, clienttt; dur=, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
x-content-type-options: nosniff
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
|
|
| res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.46235.m.1932e13d.js | 23.36.76.120 | 200 OK | 4.6 kB |
URL GET res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.46235.m.1932e13d.js IP23.36.76.120:443 ASN#20940 Akamai International B.V.
Requested byhttps://jamefloor.com/mail/?login_hint=test%40slurpmail.net CertificateIssuerMicrosoft Corporation Subject*.public.onecdn.static.microsoft FingerprintDA:6B:54:51:45:33:19:15:88:0A:52:3C:DB:68:FC:AD:F9:44:BE:4A ValidityMon, 16 Dec 2024 20:47:14 GMT - Thu, 11 Dec 2025 20:47:14 GMT
File typeJavaScript source, ASCII text, with very long lines (4610), with no line terminators Hash7922caed1f181f93cf79f13ddb01599b fafdf0822922cc0ae0a2b851753eea8262a04b91 2bf634c6325d1070fa75ff8e59f2dc30483f5a5211221ce095874ca5c8bd9dc1
GET /owamail/hashed-v1/scripts/owa.46235.m.1932e13d.js HTTP/1.1
Host: res.public.onecdn.static.microsoft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 2133
last-modified: Wed, 12 Feb 2025 13:38:39 GMT
x-ms-request-id: 8da389f8-a01e-003a-2967-7de5ef000000
content-encoding: br
cache-control: max-age=630720000
date: Wed, 14 May 2025 18:23:15 GMT
akamai-request-bc: [a=23.36.76.167,b=33008584,c=g,n=NO__OSLO,o=20940]
ak-network: FF
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=OSLO&ASN=20940&Country=NO&Region=&RequestIdentifier=0.a74c2417.1747246995.1f7abc8&TotalRTCDNTime=1&CompressionType=br&FileSize=2133"}],"include_subdomains ":true}
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
server-timing: clientrtt; dur=1, clienttt; dur=, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
x-content-type-options: nosniff
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
|
|
| jamefloor.com/mail/?bO=4&msalAuthRedirect=true | 81.19.140.68 | 302 Found | 43 kB |
URL User Request GET jamefloor.com/mail/?bO=4&msalAuthRedirect=true IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
CertificateIssuerLet's Encrypt Subjectjamefloor.com Fingerprint6C:ED:01:F4:5E:F0:49:3B:D0:58:C1:FF:AE:78:EE:B1:C6:4F:F2:25 ValidityMon, 21 Apr 2025 11:34:39 GMT - Sun, 20 Jul 2025 11:34:38 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook | | urlquery | phishing | Phishing - NakedPages Phishing Kit |
GET /mail/?bO=4&msalAuthRedirect=true HTTP/1.1
Host: jamefloor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=JBOeDxviop9j; qPdM.sig=VIhKWoAJ7WmIuyYw1ST-yUEF57g; ClientId=3A71B63060404FD7837A854EFAB96FF4; msal.cache.encryption=%7B%22id%22%3A%220196d009-5b9b-7515-93e4-978552ef4c0e%22%2C%22key%22%3A%2204ILwx27VsXG8LQ-RNxaMeHHI_WForHynt_0fmD-Vn4%22%7D; OIDC=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Location: /mail/?login_hint=test%40slurpmail.net&bO=4&authRedirect=true&state=0
Date: Wed, 14 May 2025 18:23:17 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
|
|
| csp.microsoft.com/report/ESTS-UX-All | 13.107.246.53 | 200 OK | 2 B |
URL POST csp.microsoft.com/report/ESTS-UX-All IP13.107.246.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw== CertificateIssuerDigiCert, Inc. Subjectcsp.microsoft.com Fingerprint96:0D:12:76:CF:F6:7A:E4:FE:C4:A3:34:C5:CF:AF:DE:55:EC:D1:99 ValidityWed, 01 Jan 2025 00:00:00 GMT - Tue, 01 Jul 2025 23:59:59 GMT
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /report/ESTS-UX-All HTTP/1.1
Host: csp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3002
Origin: https://jamefloor.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 14 May 2025 18:23:26 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
request-context: appId=cid-v1:5c791ad2-9c50-4271-a8a5-5c74d929f3ed
x-azure-ref: 20250514T182320Z-15f95fb758cqphrbhC1SVG7qqs000000041g000000009p06
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/93fc6c9b3a8fb518/1747246980809/6522d385d6ddd5d9738bcc6ef0dfbbba7aacb58a18f223ba5c62e8b97460b564/zkXPZbjdm78oHiC | 104.18.94.41 | 401 Unauthorized | 1 B |
URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/93fc6c9b3a8fb518/1747246980809/6522d385d6ddd5d9738bcc6ef0dfbbba7aacb58a18f223ba5c62e8b97460b564/zkXPZbjdm78oHiC IP104.18.94.41:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/ CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File typevery short file (no magic) Hashff44570aca8241914870afbc310cdb85 58668e7669fd564d99db5d581fcdb6a5618440b5 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/g/pat/93fc6c9b3a8fb518/1747246980809/6522d385d6ddd5d9738bcc6ef0dfbbba7aacb58a18f223ba5c62e8b97460b564/zkXPZbjdm78oHiC HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Wed, 14 May 2025 18:23:04 GMT
content-type: text/plain; charset=utf-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gZSLThdbd1dlzi8xu8N-7unqstYoY8iO6XGLouXRgtWQAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIGUi04XW3dXZc4vMbvDfu7p6rLWKGPIjulxi6Ll0YLVkABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIGUi04XW3dXZc4vMbvDfu7p6rLWKGPIjulxi6Ll0YLVkABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1r6z50Qwapjvi7gKQBPiehOkJb40cvj8RgN_zo7Ag1Zt0ItIZ08z6yBoyxcQd_a3O1eJagQvs0q2WZqQcXhBy3zBsvQBUQF8QxmVXDj3rgtzSqQSahQmiLHDl8Bcv0QZEdy4zOIIyDuI5UyRXhX7XZGrCVD8CZ90xBA5BKM69472-2BHpBla9Lbeh9YUrkZ5O98MUI_u6VEapusnXAf_lwrQA8tyF-9S11SxHG6uu9ywb9GCpVeaxdoonr9TgwPU5JgXSFuW_Ow1I_O2alIJcGt4Lb8SBKG-hKMrnxnwzFPje27Rczkpqu7PtgYXJvH_uDRKG-nqq_rghxAOH_kchwIDAQAB", max-age=20
priority: u=4,i=?0
server: cloudflare
cf-ray: 93fc6cb71946b518-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.AppBoot.m.61d6e294.css | 23.36.76.120 | 200 OK | 107 kB |
URL GET res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.AppBoot.m.61d6e294.css IP23.36.76.120:443 ASN#20940 Akamai International B.V.
Requested byhttps://jamefloor.com/mail/?login_hint=test%40slurpmail.net CertificateIssuerMicrosoft Corporation Subject*.public.onecdn.static.microsoft FingerprintDA:6B:54:51:45:33:19:15:88:0A:52:3C:DB:68:FC:AD:F9:44:BE:4A ValidityMon, 16 Dec 2024 20:47:14 GMT - Thu, 11 Dec 2025 20:47:14 GMT
File typeUnicode text, UTF-8 text, with very long lines (65194), with no line terminators Size107 kB (106630 bytes) Hash4b4dee345be508aaeb3c36ec51667a6d 3f0416bbcd58ff53bccbcf2285cfee9a24832fbe 9c3059e52ca1818455614e34d864a0b37e20ca6f54da97e56b4820590212260b
GET /owamail/hashed-v1/scripts/owa.AppBoot.m.61d6e294.css HTTP/1.1
Host: res.public.onecdn.static.microsoft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 18842
content-type: text/css
last-modified: Thu, 01 May 2025 13:37:53 GMT
x-ms-request-id: 36aa4c72-b01e-0044-40b3-ba75a8000000
content-encoding: br
cache-control: max-age=630720000
date: Wed, 14 May 2025 18:23:15 GMT
akamai-request-bc: [a=23.36.76.167,b=33008789,c=g,n=NO__OSLO,o=20940]
ak-network: FF
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=OSLO&ASN=20940&Country=NO&Region=&RequestIdentifier=0.a74c2417.1747246995.1f7ac95&TotalRTCDNTime=8&CompressionType=br&FileSize=18842"}],"include_subdomains ":true}
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
server-timing: clientrtt; dur=8, clienttt; dur=, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
x-content-type-options: nosniff
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
|
|
| jamefloor.com/owa/?login_hint=test%40slurpmail.net&bO=4&state=1&redirectTo=aHR0cHM6Ly9vdXRsb29rLm9mZmljZS5jb20vbWFpbC8_Yk89NA | 81.19.140.68 | 302 Found | 43 kB |
URL User Request GET jamefloor.com/owa/?login_hint=test%40slurpmail.net&bO=4&state=1&redirectTo=aHR0cHM6Ly9vdXRsb29rLm9mZmljZS5jb20vbWFpbC8_Yk89NA IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
CertificateIssuerLet's Encrypt Subjectjamefloor.com Fingerprint6C:ED:01:F4:5E:F0:49:3B:D0:58:C1:FF:AE:78:EE:B1:C6:4F:F2:25 ValidityMon, 21 Apr 2025 11:34:39 GMT - Sun, 20 Jul 2025 11:34:38 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook | | urlquery | phishing | Phishing - NakedPages Phishing Kit |
GET /owa/?login_hint=test%40slurpmail.net&bO=4&state=1&redirectTo=aHR0cHM6Ly9vdXRsb29rLm9mZmljZS5jb20vbWFpbC8_Yk89NA HTTP/1.1
Host: jamefloor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=JBOeDxviop9j; qPdM.sig=VIhKWoAJ7WmIuyYw1ST-yUEF57g; ClientId=3A71B63060404FD7837A854EFAB96FF4; msal.cache.encryption=%7B%22id%22%3A%220196d009-5b9b-7515-93e4-978552ef4c0e%22%2C%22key%22%3A%2204ILwx27VsXG8LQ-RNxaMeHHI_WForHynt_0fmD-Vn4%22%7D; OIDC=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
|
|
| res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.23147.m.438e10b7.js | 23.36.76.120 | 200 OK | 2.8 MB |
URL GET res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.23147.m.438e10b7.js IP23.36.76.120:443 ASN#20940 Akamai International B.V.
Requested byhttps://jamefloor.com/mail/?login_hint=test%40slurpmail.net CertificateIssuerMicrosoft Corporation Subject*.public.onecdn.static.microsoft FingerprintDA:6B:54:51:45:33:19:15:88:0A:52:3C:DB:68:FC:AD:F9:44:BE:4A ValidityMon, 16 Dec 2024 20:47:14 GMT - Thu, 11 Dec 2025 20:47:14 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size2.8 MB (2820186 bytes) Hash87d3a596678b5a39a884ce5028552f5d 924a0db7f1a2f54f80bb5de93b107032c3b84666 f5048aad5de4613029698f0ef1a2aa63fc5fbdfe11506c19b8e3e1a348eff13a
GET /owamail/hashed-v1/scripts/owa.23147.m.438e10b7.js HTTP/1.1
Host: res.public.onecdn.static.microsoft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 686744
last-modified: Fri, 02 May 2025 13:39:30 GMT
x-ms-request-id: 0317fd88-f01e-006a-4d79-bb27bf000000
content-encoding: br
cache-control: max-age=630720000
date: Wed, 14 May 2025 18:23:15 GMT
akamai-request-bc: [a=23.36.76.167,b=33008739,c=g,n=NO__OSLO,o=20940]
ak-network: FF
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=OSLO&ASN=20940&Country=NO&Region=&RequestIdentifier=0.a74c2417.1747246995.1f7ac63&TotalRTCDNTime=3&CompressionType=br&FileSize=686744"}],"include_subdomains ":true}
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
server-timing: clientrtt; dur=3, clienttt; dur=, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
x-content-type-options: nosniff
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
|
|
| jamefloor.com/mail/?login_hint=test%40slurpmail.net | 81.19.140.68 | 200 OK | 13 kB |
URL User Request GET jamefloor.com/mail/?login_hint=test%40slurpmail.net IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
CertificateIssuerLet's Encrypt Subjectjamefloor.com Fingerprint6C:ED:01:F4:5E:F0:49:3B:D0:58:C1:FF:AE:78:EE:B1:C6:4F:F2:25 ValidityMon, 21 Apr 2025 11:34:39 GMT - Sun, 20 Jul 2025 11:34:38 GMT
File typeHTML document, ASCII text, with very long lines (12058) Hashb79ab5df31541b8d028def1498298ef5 654ef720f3b69de4d7157cb48d1aaa2dfab51e8b 726026a7f97960d1462f940bfe58456b8b75992038f14ec15f711853aad65b9a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook | | urlquery | phishing | Phishing - NakedPages Phishing Kit |
GET /mail/?login_hint=test%40slurpmail.net HTTP/1.1
Host: jamefloor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=JBOeDxviop9j; qPdM.sig=VIhKWoAJ7WmIuyYw1ST-yUEF57g
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: text/html
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
request-id: 4c337d71-560f-d43a-4148-2528258f05e5
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-PreferredRoutingKeyDiagnostics: 0
X-CalculatedFETarget: YQ1P288CU001.internal.outlook.com
X-BackEndHttpStatus: 200, 200
Set-Cookie: ClientId=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/
ClientId=3A71B63060404FD7837A854EFAB96FF4; expires=Thu, 14 May 2026 18:23:14 GMT; path=/; secure; samesite=none
X-CalculatedBETarget: QB1PPF13D265310.CANPRD01.PROD.OUTLOOK.COM
x-web-server-version: 25.5.5.4
X-Clique: CLCANPRD01YQB06
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; trusted-types owaTrustedTypesPolicy owa#webpack cdn-url#oneshell safe-xml#oneshell workerScriptTrustedTypesPolicy augloopTrustedTypesPolicy 1DSScriptURL dompurify adaptivecards#deprecatedExportedFunctionPolicy adaptivecards#deprecatedExportedFunctionPolicy highcharts owaAdsTrustedTypesPolicy @msteams/embed-client @fluidx/loop workerPolicy MeControlScriptURL adaptivecards#markdownPassthroughPolicy fast-html adaptivecards#restoreContentsPolicy @1js/midgard-trusted-types @1js/lpc-common-web#webpack @centro/hvc-loader html2canvas osfRuntimeScriptPolicy yammer-outlook-trusted-types-policy#webpack @azure/ms-rest-js#xml.browser react-virtualized-auto-sizer lit-html officebrowserfeedback#domUtils troubleshootPolicy consolePolicy ori_importmap TrustedTypePolicyFactory workerScriptPolicy iFrameDocumentTrustedTypesPolicy nativePdfPreviewTrustedTypesPolicy workerLoaderTrustedTypesPolicy @1js/search-converged-hostapp-owa-bundle#webpack suiteuxShellTrustedTypesPolicy @azure/core-xml#xml.browser @1js/midgard-bootstrapper#webpack trustedInnerHTMLPolicy domUtilsTrustedTypePolicy dangerouslySetInnerHTMLPolicy overlayScrollbarsTrustedTypesPolicy @msteams/services-io-browser-web-client-update#register-service-worker @fluidx/loop#loop-page-container @fluidx/loop#odsp-driver @fluidx/loop#office-fluid-container @fluidx/loop#sourceless-iframe webpack-dev-server#overlay placesMapWorkerPolicy @fluidx/loop-app-worker-template ori-worker-policy default owaLoopTrustedTypesPolicy 'allow-duplicates'; report-uri https://csp.microsoft.com/report/OutlookWeb-Mail-PROD;
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-app-name: Mail
Referrer-Policy: no-referrer
Origin-Trial: AgxVPru/jRUesV9k7Pn5/osZuJ4g/2sL76bPZejtrjsFofGlatTE4sbavhadrkBNum06aL1ghYYaKcX04fiRdAIAAABveyJvcmlnaW4iOiJodHRwczovL29mZmljZS5jb206NDQzIiwiZmVhdHVyZSI6IkxvbmdBbmltYXRpb25GcmFtZVRpbWluZyIsImV4cGlyeSI6MTcxNjk0MDc5OSwiaXNTdWJkb21haW4iOnRydWV9
Link: <https://res.public.onecdn.static.microsoft/>; rel="preconnect"
X-Client-Version: 20250502003.08
x-besku: UNKNOWN
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 200
X-BEPartition: Clique/CLCANPRD01YQB06
X-FEEFZInfo: YYZ
MS-CV: cX0zTA9WOtRBSCUoJY8F5Q.1.1
X-FEServer: YQ1P288CA0018, YT4PR01CA0462
Alt-Svc: ":443";ma=2592000,h3-29=":443";ma=2592000
X-FirstHopCafeEFZ: YYZ
X-FEProxyInfo: YT4PR01CA0462.CANPRD01.PROD.OUTLOOK.COM
X-Powered-By: ASP.NET
Date: Wed, 14 May 2025 18:23:14 GMT
Connection: close
|
|
| res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.75432.m.61bff04d.js | 23.36.76.120 | 200 OK | 21 kB |
URL GET res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.75432.m.61bff04d.js IP23.36.76.120:443 ASN#20940 Akamai International B.V.
Requested byhttps://jamefloor.com/mail/?login_hint=test%40slurpmail.net CertificateIssuerMicrosoft Corporation Subject*.public.onecdn.static.microsoft FingerprintDA:6B:54:51:45:33:19:15:88:0A:52:3C:DB:68:FC:AD:F9:44:BE:4A ValidityMon, 16 Dec 2024 20:47:14 GMT - Thu, 11 Dec 2025 20:47:14 GMT
File typeJavaScript source, ASCII text, with very long lines (20835), with no line terminators Hash283f5d6e08fb22dec92c7487d6ef53bc 236a73ad65841457614dd3d4202d50de7fc8d850 90e56aa4cac2bfcb2164c5b21e87eed7663229b669d4ecb6ad7cbf2342c6793c
GET /owamail/hashed-v1/scripts/owa.75432.m.61bff04d.js HTTP/1.1
Host: res.public.onecdn.static.microsoft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 7929
last-modified: Wed, 12 Feb 2025 13:40:15 GMT
x-ms-request-id: c8076481-101e-0010-1c68-7d3aff000000
content-encoding: br
cache-control: max-age=630720000
date: Wed, 14 May 2025 18:23:15 GMT
akamai-request-bc: [a=23.36.76.167,b=33008581,c=g,n=NO__OSLO,o=20940]
ak-network: FF
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=OSLO&ASN=20940&Country=NO&Region=&RequestIdentifier=0.a74c2417.1747246995.1f7abc5&TotalRTCDNTime=1&CompressionType=br&FileSize=7929"}],"include_subdomains ":true}
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
server-timing: clientrtt; dur=1, clienttt; dur=, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
x-content-type-options: nosniff
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
|
|
| csp.microsoft.com/report/ESTS-UX-All | 13.107.246.53 | 200 OK | 2 B |
URL POST csp.microsoft.com/report/ESTS-UX-All IP13.107.246.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw== CertificateIssuerDigiCert, Inc. Subjectcsp.microsoft.com Fingerprint96:0D:12:76:CF:F6:7A:E4:FE:C4:A3:34:C5:CF:AF:DE:55:EC:D1:99 ValidityWed, 01 Jan 2025 00:00:00 GMT - Tue, 01 Jul 2025 23:59:59 GMT
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /report/ESTS-UX-All HTTP/1.1
Host: csp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3003
Origin: https://jamefloor.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 14 May 2025 18:23:26 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
request-context: appId=cid-v1:5c791ad2-9c50-4271-a8a5-5c74d929f3ed
x-azure-ref: 20250514T182320Z-15f95fb758cqphrbhC1SVG7qqs000000041g000000009p02
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/turnstile/v0/g/6fab0cec561d/api.js | 104.18.94.41 | 200 OK | 48 kB |
URL GET challenges.cloudflare.com/turnstile/v0/g/6fab0cec561d/api.js IP104.18.94.41:443
Requested byhttps://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/?qrc=test@slurpmail.net CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File typeJavaScript source, ASCII text, with very long lines (48199) Hash3946a8b345d6020f3f424ae5f37e818f 27267dd319814b647f04bfe0ae09e1ca51ddc896 a7fdcf655a6349724c367f366c852b2e0309e9ad7a25b376df82a48e1dd98482
GET /turnstile/v0/g/6fab0cec561d/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 14 May 2025 18:23:00 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 12 May 2025 13:39:20 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 93fc6c9a7c4a56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/ | 104.18.94.41 | 200 OK | 28 kB |
URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/ IP104.18.94.41:443
Requested byhttps://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/?qrc=test@slurpmail.net CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File typeHTML document, ASCII text, with very long lines (22245) Hash65815d16ea46bdf6da17f6434911df86 58b0da05524ee3a2e45b5a9a5718a1ed218f8a9d ebe1158e81dad1159b029613b59b4ecbdf1c55637b21dbab82f02cc6a1eec407
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 14 May 2025 18:23:00 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: default-src 'none'; script-src 'nonce-VOzvz5tGhvvrtrT0' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self'; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; sandbox allow-same-origin allow-scripts allow-popups allow-forms
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
document-policy: js-profiling
priority: u=4,i=?0
server: cloudflare
cf-ray: 93fc6c9b3a8fb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1521639760:1747243075:TykmB6BAqTa0IPAHS7XKvS7ovH0It2pn2T0byfUfJhw/93fc6c9b3a8fb518/kSUjOALU4w8bNCoymbDuCoSU6RNv5sMkWJNUnR_rHFM-1747246980-1.2.1.1-CLD0RU7AozeTUd3LBBu2NqkiKtNNSXmtt3t56p533gPr6v0eW.AbyRDsYxSBkvbL | 104.18.94.41 | 200 OK | 28 kB |
URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1521639760:1747243075:TykmB6BAqTa0IPAHS7XKvS7ovH0It2pn2T0byfUfJhw/93fc6c9b3a8fb518/kSUjOALU4w8bNCoymbDuCoSU6RNv5sMkWJNUnR_rHFM-1747246980-1.2.1.1-CLD0RU7AozeTUd3LBBu2NqkiKtNNSXmtt3t56p533gPr6v0eW.AbyRDsYxSBkvbL IP104.18.94.41:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/ CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File typeASCII text, with very long lines (28104), with no line terminators Hash1f398f5e70a2320bc23b8ff793bcf281 ebf2a7806f6595d47bc94da0bd925e79a50d58dc 4d39a784375dcdf8156e23de2f4e42adbfe52f6226e9433c418a919b4143d23c
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1521639760:1747243075:TykmB6BAqTa0IPAHS7XKvS7ovH0It2pn2T0byfUfJhw/93fc6c9b3a8fb518/kSUjOALU4w8bNCoymbDuCoSU6RNv5sMkWJNUnR_rHFM-1747246980-1.2.1.1-CLD0RU7AozeTUd3LBBu2NqkiKtNNSXmtt3t56p533gPr6v0eW.AbyRDsYxSBkvbL HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/
cf-chl: kSUjOALU4w8bNCoymbDuCoSU6RNv5sMkWJNUnR_rHFM-1747246980-1.2.1.1-CLD0RU7AozeTUd3LBBu2NqkiKtNNSXmtt3t56p533gPr6v0eW.AbyRDsYxSBkvbL
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 34079
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 14 May 2025 18:23:05 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: mqeZSlmdHnWdOQ/vsX/4EnUtxz8sQn1aV7FR1lidZPkYtH/Yr6ASs78cqYRbgkjC$WW3CUgP8NP23b8IQbRkBZg==
priority: u=3,i=?0
server: cloudflare
cf-ray: 93fc6cbd2c2cb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| jamefloor.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2phbWVmbG9vci5jb20vIiwiZG9tYWluIjoiamFtZWZsb29yLmNvbSIsImtleSI6IkpCT2VEeHZpb3A5aiIsInFyYyI6InRlc3RAc2x1cnBtYWlsLm5ldCIsImlhdCI6MTc0NzI0Njk5MywiZXhwIjoxNzQ3MjQ3MTEzfQ.e4UQOMDgRpnwJaVCQJ45Ll4UsYyr2CCb1WlOcaurqlk | 81.19.140.68 | 302 Found | 0 B |
URL User Request GET jamefloor.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2phbWVmbG9vci5jb20vIiwiZG9tYWluIjoiamFtZWZsb29yLmNvbSIsImtleSI6IkpCT2VEeHZpb3A5aiIsInFyYyI6InRlc3RAc2x1cnBtYWlsLm5ldCIsImlhdCI6MTc0NzI0Njk5MywiZXhwIjoxNzQ3MjQ3MTEzfQ.e4UQOMDgRpnwJaVCQJ45Ll4UsYyr2CCb1WlOcaurqlk IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
CertificateIssuerLet's Encrypt Subjectjamefloor.com Fingerprint6C:ED:01:F4:5E:F0:49:3B:D0:58:C1:FF:AE:78:EE:B1:C6:4F:F2:25 ValidityMon, 21 Apr 2025 11:34:39 GMT - Sun, 20 Jul 2025 11:34:38 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - NakedPages Phishing Kit |
GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2phbWVmbG9vci5jb20vIiwiZG9tYWluIjoiamFtZWZsb29yLmNvbSIsImtleSI6IkpCT2VEeHZpb3A5aiIsInFyYyI6InRlc3RAc2x1cnBtYWlsLm5ldCIsImlhdCI6MTc0NzI0Njk5MywiZXhwIjoxNzQ3MjQ3MTEzfQ.e4UQOMDgRpnwJaVCQJ45Ll4UsYyr2CCb1WlOcaurqlk HTTP/1.1
Host: jamefloor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1 | 104.18.94.41 | 200 OK | 86 B |
URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1 IP104.18.94.41:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/ CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File typePNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced Hash70c202196187ab3c11b4e094c20c6de1 9c52b959e74aee9d79cbc9f35d1f9f65a3b8c863 6255b9231d09ebe6aa1ac19ba46bdd81f3df58989c9ef2e11d6cd6e2e7b21643
GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 14 May 2025 18:23:00 GMT
content-type: image/png
content-length: 86
priority: u=4,i=?0
server: cloudflare
cf-ray: 93fc6c9bdbc6b518-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1521639760:1747243075:TykmB6BAqTa0IPAHS7XKvS7ovH0It2pn2T0byfUfJhw/93fc6c9b3a8fb518/kSUjOALU4w8bNCoymbDuCoSU6RNv5sMkWJNUnR_rHFM-1747246980-1.2.1.1-CLD0RU7AozeTUd3LBBu2NqkiKtNNSXmtt3t56p533gPr6v0eW.AbyRDsYxSBkvbL | 104.18.94.41 | 200 OK | 237 kB |
URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1521639760:1747243075:TykmB6BAqTa0IPAHS7XKvS7ovH0It2pn2T0byfUfJhw/93fc6c9b3a8fb518/kSUjOALU4w8bNCoymbDuCoSU6RNv5sMkWJNUnR_rHFM-1747246980-1.2.1.1-CLD0RU7AozeTUd3LBBu2NqkiKtNNSXmtt3t56p533gPr6v0eW.AbyRDsYxSBkvbL IP104.18.94.41:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/ CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size237 kB (236584 bytes) Hashe4db82a5731255f5f11218f174338915 d0ccd11e9d5cccc70c6f78beed0671ab162c513b f1d4fdef9f4e85676402ce47a153c103476f89f428a975dadf05b4ab31e82333
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1521639760:1747243075:TykmB6BAqTa0IPAHS7XKvS7ovH0It2pn2T0byfUfJhw/93fc6c9b3a8fb518/kSUjOALU4w8bNCoymbDuCoSU6RNv5sMkWJNUnR_rHFM-1747246980-1.2.1.1-CLD0RU7AozeTUd3LBBu2NqkiKtNNSXmtt3t56p533gPr6v0eW.AbyRDsYxSBkvbL HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/xfwpv/0x4AAAAAABQz1r4UAh6mjZPJ/auto/fbE/new/normal/auto/
cf-chl: kSUjOALU4w8bNCoymbDuCoSU6RNv5sMkWJNUnR_rHFM-1747246980-1.2.1.1-CLD0RU7AozeTUd3LBBu2NqkiKtNNSXmtt3t56p533gPr6v0eW.AbyRDsYxSBkvbL
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 3327
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 14 May 2025 18:23:00 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: bsqhOox9redlhci85PPZXy9DFCarPWr7NofO983QJRbLp4LriDSV8C3UIyfDple9AyMZ5wqmkQzAzK7BUg44TqXOkP92XA9A2KSqOKCcIYpHc/LtTUq7y0DjApT4hZHNfRfEBjoirw7j47o3qJEhrezcEcUGdYk7M88o6QOtxETG/QH9JuarHNpqevZD7uFT0KFt7I7o2DLuq1gPZJZXfYytQx4CsQEycqd/B5Ch19WHq+8A/IYhlx54bb8ABbga2zdftSc5V0PjoooYUjt/zdgfAoI1WR2Ov/W+dTF/scCLyhEJyZJYz80P/Cxi2+5yw/d/3ePVp360vbwlR5E99YYS9lwLioCzo5YvYJA4AWSaYWeDZocNYUwMeqShEVls84QmEpYyYLoeRH1y3EjnplgYpIOmTidQgT1SWXhU3057s3Yx6EWCqid2Hhj9l5+415QnpObtqWm3NnXMn2TS/0MSTiMDf+6db9A+mho8nXQhjeZaOwbfPUaNmn+fItHBf/vpB+XHin0Geb5+P0E40/HvdW+2Io/bfRrEseipgqW+EUs9bz3/WLh4ZPnADO3Fgiv8XFHlOinXfMWjXzFjC6CYjHFfrIwWz9EutX7etXt0p/okfO3Jpz1Zhac7ll3hqAomXPYUFGixEhM/Qdd3pWC7D9Btu5nCC4CF7c20v740iCkg0H2U+hyekmYCRaIp0AWNleKCzPLVOyW2948p/pg2ClrJUCXaPTDEg6gBvxLwVWpVjN31SIKPckhYwaUjhX0Y5Kns1boty4+q6Y1E0leg2DYBTL0XP4Al4xVuYuA=$iebrVRyI9/H89rb//S808Q==
priority: u=3,i=?0
server: cloudflare
cf-ray: 93fc6c9dd80ab518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| csp.microsoft.com/report/ESTS-UX-All | 13.107.246.53 | 504 Gateway Timeout | 0 B |
URL POST csp.microsoft.com/report/ESTS-UX-All IP13.107.246.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw== CertificateIssuerDigiCert, Inc. Subjectcsp.microsoft.com Fingerprint96:0D:12:76:CF:F6:7A:E4:FE:C4:A3:34:C5:CF:AF:DE:55:EC:D1:99 ValidityWed, 01 Jan 2025 00:00:00 GMT - Tue, 01 Jul 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /report/ESTS-UX-All HTTP/1.1
Host: csp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3002
Origin: https://jamefloor.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 504 Gateway Timeout
date: Wed, 14 May 2025 18:23:26 GMT
content-type: text/html
content-length: 2049
cache-control: no-store
x-azure-ref: 20250514T182320Z-15f95fb758cqphrbhC1SVG7qqs000000041g000000009p01
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2
|
|
| rmdrywalls.com/?akylwmds&qrc=test@slurpmail.net | 81.19.140.68 | 200 OK | 321 B |
URL GET rmdrywalls.com/?akylwmds&qrc=test@slurpmail.net IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
Requested byhttps://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/?qrc=test@slurpmail.net CertificateIssuerLet's Encrypt Subjectrmdrywalls.com Fingerprint7F:88:39:F3:D7:CB:2E:CC:84:73:33:C0:6E:EA:16:09:39:B2:91:C1 ValidityMon, 21 Apr 2025 11:35:25 GMT - Sun, 20 Jul 2025 11:35:24 GMT
Hash8ff44258189ebfa7009a2c14264d757d 3978f4faf7cb58e3518a811dbba5feba7925847c 99cd93324482763a5c33ba1688ce08c1f5816e8aea822ee0090720b7b041f5cc
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook | | urlquery | phishing | Phishing - NakedPages Phishing Kit |
GET /?akylwmds&qrc=test@slurpmail.net HTTP/1.1
Host: rmdrywalls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
qrc-auth: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Origin: https://1ceab2cf.6f94801be7c58a40c577135d.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Set-Cookie: qPdM=JBOeDxviop9j; path=/; samesite=none; secure; httponly
qPdM.sig=VIhKWoAJ7WmIuyYw1ST-yUEF57g; path=/; samesite=none; secure; httponly
content-type: application/json
Access-Control-Allow-Origin: *
Date: Wed, 14 May 2025 18:23:13 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
|
|
| res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.34406.m.8f589185.js | 23.36.76.120 | 200 OK | 8.5 kB |
URL GET res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.34406.m.8f589185.js IP23.36.76.120:443 ASN#20940 Akamai International B.V.
Requested byhttps://jamefloor.com/mail/?login_hint=test%40slurpmail.net CertificateIssuerMicrosoft Corporation Subject*.public.onecdn.static.microsoft FingerprintDA:6B:54:51:45:33:19:15:88:0A:52:3C:DB:68:FC:AD:F9:44:BE:4A ValidityMon, 16 Dec 2024 20:47:14 GMT - Thu, 11 Dec 2025 20:47:14 GMT
File typeJavaScript source, ASCII text, with very long lines (8464), with no line terminators Hashb185b28fe84721183d610f850bb131f5 ed4b0c20a5db54dab735e79c1a74b072b8299d0a 56cb55608bca0bfce59f5bc5e43aa74b697d903b7f3a1ed4f46d0a544492277b
GET /owamail/hashed-v1/scripts/owa.34406.m.8f589185.js HTTP/1.1
Host: res.public.onecdn.static.microsoft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 3127
last-modified: Thu, 24 Apr 2025 13:37:09 GMT
x-ms-request-id: 9571d45f-801e-005f-372b-b54bab000000
content-encoding: br
cache-control: max-age=630720000
date: Wed, 14 May 2025 18:23:15 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,quic=":443"; ma=93600; v="43"
akamai-request-bc: [a=23.36.76.167,b=33008575,c=g,n=NO__OSLO,o=20940]
ak-network: FF
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=OSLO&ASN=20940&Country=NO&Region=&RequestIdentifier=0.a74c2417.1747246995.1f7abbf&TotalRTCDNTime=1&CompressionType=br&FileSize=3127"}],"include_subdomains ":true}
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
server-timing: clientrtt; dur=1, clienttt; dur=, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
x-content-type-options: nosniff
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
|
|
| jamefloor.com/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore__OkOHhDAge-kXElPJJGl1g2.js | 81.19.140.68 | 200 OK | 689 kB |
URL GET jamefloor.com/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore__OkOHhDAge-kXElPJJGl1g2.js IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
Requested byhttps://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw== CertificateIssuerLet's Encrypt Subjectjamefloor.com Fingerprint6C:ED:01:F4:5E:F0:49:3B:D0:58:C1:FF:AE:78:EE:B1:C6:4F:F2:25 ValidityMon, 21 Apr 2025 11:34:39 GMT - Sun, 20 Jul 2025 11:34:38 GMT
File typeJavaScript source, ASCII text Size689 kB (689017 bytes) Hash3e89ae909c6a8d8c56396830471f3373 2632f95a5be7e4c589402bf76e800a8151cd036b 6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook | | urlquery | phishing | Phishing - NakedPages Phishing Kit |
GET /aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore__OkOHhDAge-kXElPJJGl1g2.js HTTP/1.1
Host: jamefloor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jamefloor.com/?7z8ekqxem=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwc2x1cnBtYWlsLm5ldCZjbGllbnQtcmVxdWVzdC1pZD0zNDYyNTExNC00MzBlLWQ0MmEtNmQzZS05MTgwYzViMDQ1ZGEmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4ODI4NDM3OTgyMDgzMTAyLjE2NDJjMTEwLWYwMzEtNDg5OS1iZjJkLWI2N2ZjNDY0ZmU4OCZzdGF0ZT1EY3U3RG9Jd0dFRGhvczhpVzZFdHRmd2RpREVtaGdFMVVST1ZoVkFvQ25JTFZJeHZMOE4zdG1NaGhKYXp4Y3dpYzVBdlBBQUczUE1sTUFJZUpjeWhnck9NVW9JTDRsSE1RVXFzQ3Baakpmd2k0NElYR3NDYTM5N3R2cW03cWJ0bjJTYXZzaldCMGFOWmNUTFduNkZ2MHJKMldtMXNkUXE0UFpyVTZJRGFnODdMUVdmbTJnVnBlQ1paZUJEUlQwNzVfVHdxSm9lb2tVM2MxRlY4V1ZlS2tVbmQ5cjNhUWZKNGd6eHVfdw==
DNT: 1
Connection: keep-alive
Cookie: qPdM=JBOeDxviop9j; qPdM.sig=VIhKWoAJ7WmIuyYw1ST-yUEF57g; ClientId=3A71B63060404FD7837A854EFAB96FF4; msal.cache.encryption=%7B%22id%22%3A%220196d009-5b9b-7515-93e4-978552ef4c0e%22%2C%22key%22%3A%2204ILwx27VsXG8LQ-RNxaMeHHI_WForHynt_0fmD-Vn4%22%7D; OIDC=1; OpenIdConnect.nonce.v3.Feo3b4zv__usr2W0XevPMEhBSy53YkxH6BEf4J5CKsw=638828437982083102.1642c110-f031-4899-bf2d-b67fc464fe88; X-OWA-RedirectHistory=ArLym14BHvhWZhST3Qg; buid=1.ATUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA1AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEI_oY-RaMGCKtQhajwpOtLKF_e2PKYj7lREnuw5xgfty_hmGirWhFHwPaLCs7i67n6daHGMLlWaCju235WmK72pu1Sdnyae0ieTTVLc57esAgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEiFd0Ki_YTNvMQxoG7_3sFoG9_u1RwCh0f99D3QgNBR_RKrI8fnjeejzwxtTtRc7D_ES3SmxYpkXlxbWE0jNNqCTuijS4wa2IqHBxPu2H1cfDTgzGzVTKzt7fFw5t1pN6FvWMbt2JAGwtfhr-z38eJ1Pu2zXvbD3RXYuO-mJ-lMUgAA; esctx-4DlO0DQDtFI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEoQTGQFgdsk4v9F-GotuFURXvBoZYdEjgwhqg3IxhKBmzLiRwgom5GxMqLaOa09c6a4tkCC2xs96O-aSm31l3veL0H2_bn7MbAt8aR9b0xhx_sg111tU6kdVxtVPkj6hRMN38kedFw8uScEcJWodLaSAA; fpc=AoFg4BOQauVPiOIwGq-ct2aerOTJAQAAAJbWtt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 689017
Content-Type: application/x-javascript
Date: Wed, 14 May 2025 18:23:19 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
|
| res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.MsalAuth.m.b3777d30.js | 23.36.76.120 | 200 OK | 22 kB |
URL GET res.public.onecdn.static.microsoft/owamail/hashed-v1/scripts/owa.MsalAuth.m.b3777d30.js IP23.36.76.120:443 ASN#20940 Akamai International B.V.
Requested byhttps://jamefloor.com/mail/?login_hint=test%40slurpmail.net CertificateIssuerMicrosoft Corporation Subject*.public.onecdn.static.microsoft FingerprintDA:6B:54:51:45:33:19:15:88:0A:52:3C:DB:68:FC:AD:F9:44:BE:4A ValidityMon, 16 Dec 2024 20:47:14 GMT - Thu, 11 Dec 2025 20:47:14 GMT
File typeJavaScript source, ASCII text, with very long lines (22447), with no line terminators Hashf1ac8cc44e0d9b354d372ffb7c91acc8 a2b1157a6e2c2765ede86fc513ed54936b792337 ec26491ae85cce310f83a4d099e5f16b66faacff6966535404c55eec733ba375
GET /owamail/hashed-v1/scripts/owa.MsalAuth.m.b3777d30.js HTTP/1.1
Host: res.public.onecdn.static.microsoft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 8141
last-modified: Tue, 13 May 2025 18:00:24 GMT
x-ms-request-id: b53ebf64-e01e-002b-6469-c47f5b000000
content-encoding: br
cache-control: max-age=630720000
date: Wed, 14 May 2025 18:23:15 GMT
akamai-request-bc: [a=23.36.76.167,b=33008594,c=g,n=NO__OSLO,o=20940]
ak-network: FF
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=OSLO&ASN=20940&Country=NO&Region=&RequestIdentifier=0.a74c2417.1747246995.1f7abd2&TotalRTCDNTime=1&CompressionType=br&FileSize=8141"}],"include_subdomains ":true}
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
server-timing: clientrtt; dur=1, clienttt; dur=, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
x-content-type-options: nosniff
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
|
|
| jamefloor.com/?qrc=test%40slurpmail.net | 81.19.140.68 | 302 Moved Temporarily | 13 kB |
URL User Request GET jamefloor.com/?qrc=test%40slurpmail.net IP81.19.140.68:443 ASN#215540 Global Connectivity Solutions Llp
CertificateIssuerLet's Encrypt Subjectjamefloor.com Fingerprint6C:ED:01:F4:5E:F0:49:3B:D0:58:C1:FF:AE:78:EE:B1:C6:4F:F2:25 ValidityMon, 21 Apr 2025 11:34:39 GMT - Sun, 20 Jul 2025 11:34:38 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook | | urlquery | phishing | Phishing - NakedPages Phishing Kit |
GET /?qrc=test%40slurpmail.net HTTP/1.1
Host: jamefloor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1ceab2cf.6f94801be7c58a40c577135d.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=JBOeDxviop9j; qPdM.sig=VIhKWoAJ7WmIuyYw1ST-yUEF57g
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://jamefloor.com/mail/?login_hint=test%40slurpmail.net
Server: Microsoft-IIS/10.0
request-id: 456c6f0d-fb7e-76ef-7bee-eda684fc8f21
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: YT4PR01CA0462, YT4PR01CA0462
X-RequestId: 0d2621e4-12c0-4538-8ebf-2a4527d26bc2
Alt-Svc: ":443";ma=2592000,h3-29=":443";ma=2592000
X-FEProxyInfo: YT4PR01CA0462.CANPRD01.PROD.OUTLOOK.COM
X-FEEFZInfo: YYZ
MS-CV: DW9sRX7773Z77u2mhPyPIQ.0
X-Powered-By: ASP.NET
Date: Wed, 14 May 2025 18:23:14 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| res.public.onecdn.static.microsoft/assets/framework/microsoft.svg | 23.36.76.120 | 200 OK | 3.2 kB |
URL GET res.public.onecdn.static.microsoft/assets/framework/microsoft.svg IP23.36.76.120:443 ASN#20940 Akamai International B.V.
Requested byhttps://jamefloor.com/mail/?login_hint=test%40slurpmail.net CertificateIssuerMicrosoft Corporation Subject*.public.onecdn.static.microsoft FingerprintDA:6B:54:51:45:33:19:15:88:0A:52:3C:DB:68:FC:AD:F9:44:BE:4A ValidityMon, 16 Dec 2024 20:47:14 GMT - Thu, 11 Dec 2025 20:47:14 GMT
File typeSVG Scalable Vector Graphics image Hash7d2b8f25545a2894e2721e9fe528e34c d0dae76f4bf5c04acd5fcdf1bcb12908099e328c 797bda35d13e5130fe5a14e0069c31b46ec1af6ea47f2d300309803bb4d2608c
GET /assets/framework/microsoft.svg HTTP/1.1
Host: res.public.onecdn.static.microsoft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 1405
last-modified: Wed, 30 Aug 2023 00:34:56 GMT
x-ms-request-id: 3b8466a3-801e-004f-03b8-928ec3000000
content-encoding: br
cache-control: max-age=630720000
date: Wed, 14 May 2025 18:23:15 GMT
akamai-request-bc: [a=23.36.76.167,b=33008610,c=g,n=NO__OSLO,o=20940]
ak-network: FF
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=OSLO&ASN=20940&Country=NO&Region=&RequestIdentifier=0.a74c2417.1747246995.1f7abe2&TotalRTCDNTime=1&CompressionType=br&FileSize=1405"}],"include_subdomains ":true}
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
server-timing: clientrtt; dur=1, clienttt; dur=, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
|
|
0.0.0.0