| rricrosoft-office.com/l/ab6876ce91f2644a2b60fb5e612546c00 | 20.50.64.14 | | 346 B |
URL rricrosoft-office.com/l/ab6876ce91f2644a2b60fb5e612546c00 IP20.50.64.14:0 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
File typeHTML document, ASCII text, with CRLF line terminators Hashf785076045669136377c9660121aa0ca e015e18a8af57dc716837ab61922cdd642fc2481 1121046b736e863e9e17b97d39547f2ba3bc317b37681de3d2e251ba0696cade
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /l/ab6876ce91f2644a2b60fb5e612546c00 HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 346
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Apr 2024 19:58:45 GMT
Cache-Control: private
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 | 20.50.64.14 | 200 OK | 3.5 kB |
URL User Request GET HTTP/1.1rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typeHTML document, ASCII text, with very long lines (2655), with CRLF line terminators Hash14b7a65940f3bac226a4dd4e841eeaa1 d75612409155b75ff7739b3691c74778760a5bb4 3fc2d8815bb457674c41e6dab988e91e2a8992288a85f070c10b5501b666bb64
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/l/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 3523
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2; expires=Thu, 23-May-2024 19:58:46 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/common/bootstrap/css/bootstrap.css | 20.50.64.14 | 200 OK | 23 kB |
URL GET HTTP/1.1rricrosoft-office.com/common/bootstrap/css/bootstrap.css IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typeASCII text, with very long lines (540), with CRLF line terminators Hashcb7bd9e2b45319f4e7c2e613b8f6c0e8 6175c12bf84a28c6a281ab923752481b6fe58056 2797160125a75dddc44d8cbee398bad6770dbfe2f57479ca65c3f4142e1a9df0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/bootstrap/css/bootstrap.css HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 23025
Content-Type: text/css
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "0ec152394f7d91:0"
Last-Modified: Thu, 05 Oct 2023 13:59:20 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/common/jqueryui/jquery-ui.structure.min.css | 20.50.64.14 | 200 OK | 5.0 kB |
URL GET HTTP/1.1rricrosoft-office.com/common/jqueryui/jquery-ui.structure.min.css IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typeASCII text, with very long lines (15418), with CRLF line terminators Hash909ce025471e11a770dfeb266d02384a b915957fc131db3ec221e130af9b2023d039d458 4e2ec0490ffa766a812249114b99f7b2b578c750619f3175d948be265f07af11
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/jqueryui/jquery-ui.structure.min.css HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 4962
Content-Type: text/css
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "04b6a49a1e4d81:0"
Last-Modified: Thu, 20 Oct 2022 16:30:38 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/common/bootstrap/js/bootstrap.min.js?tn=24446247 | 20.50.64.14 | 200 OK | 11 kB |
URL GET HTTP/1.1rricrosoft-office.com/common/bootstrap/js/bootstrap.min.js?tn=24446247 IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typeJavaScript source, ASCII text, with very long lines (39553), with CRLF line terminators Hash105a4995b8777aeaf68bff64bf7d2ae0 e21390f730eb97d3d26b908aaacecd0a00a433e0 a915d483b99af421f4813e6b60599b4e39faff120e54b5e9838386d4ae1a4c60
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/bootstrap/js/bootstrap.min.js?tn=24446247 HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 10945
Content-Type: application/x-javascript
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "04b6a49a1e4d81:0"
Last-Modified: Thu, 20 Oct 2022 16:30:38 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/common/jqueryui/jquery-ui.min.css | 20.50.64.14 | 200 OK | 7.9 kB |
URL GET HTTP/1.1rricrosoft-office.com/common/jqueryui/jquery-ui.min.css IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typeASCII text, with very long lines (29164), with CRLF line terminators Hash4ef4ec09fd03e96ac23fb3cb85c16746 a1a208b1ef92c7e604ae53ea283492eeb045d1d7 b0b53ea606e7397f37666242cd8d63d17186b3cc8513d49a9852bf4828a1fc46
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/jqueryui/jquery-ui.min.css HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 7882
Content-Type: text/css
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "04b6a49a1e4d81:0"
Last-Modified: Thu, 20 Oct 2022 16:30:38 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/common/jqueryui/jquery-ui.theme.min.css | 20.50.64.14 | 200 OK | 2.3 kB |
URL GET HTTP/1.1rricrosoft-office.com/common/jqueryui/jquery-ui.theme.min.css IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typeASCII text, with very long lines (13746), with CRLF line terminators Hash74fb9452a91ef09555eb92aa59516997 b74731af5b28a90cca86fa1097c75d8f8419ab87 11e1cf2b2ee76191e1556d414a6eebb8e9a357b5930ebbc06858162174b1683d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/jqueryui/jquery-ui.theme.min.css HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 2328
Content-Type: text/css
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "04b6a49a1e4d81:0"
Last-Modified: Thu, 20 Oct 2022 16:30:38 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/common/css/rp_bubbles.css | 20.50.64.14 | 200 OK | 2.4 kB |
URL GET HTTP/1.1rricrosoft-office.com/common/css/rp_bubbles.css IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typeUnicode text, UTF-8 text, with CRLF line terminators Hashe9b944b679bc0716e7c506ac6684ba28 b7d753886ac0e8aa16f792ab354025f60376516e 4bc5a823bc0d699486b8da7c703f02935d4e050fdf7e139ca77c6e744f9899f6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/css/rp_bubbles.css HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 2399
Content-Type: text/css
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "04b6a49a1e4d81:0"
Last-Modified: Thu, 20 Oct 2022 16:30:38 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/common/css/rp_tooltips.css | 20.50.64.14 | 200 OK | 2.5 kB |
URL GET HTTP/1.1rricrosoft-office.com/common/css/rp_tooltips.css IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typeASCII text, with CRLF line terminators Hash4b2f2bce67a3c4ab9b0f17372f010918 eb379f291a848680ddd5d3ecb4e59818f9a602e3 9bddcf9a5fc7baf7e7bdfe849437591ee53dca4206b1b8af6a705ada50fbadba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/css/rp_tooltips.css HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 2514
Content-Type: text/css
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "04b6a49a1e4d81:0"
Last-Modified: Thu, 20 Oct 2022 16:30:38 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/common/jqueryui/jquery-ui.min.js?tn=24446247 | 20.50.64.14 | 200 OK | 68 kB |
URL GET HTTP/1.1rricrosoft-office.com/common/jqueryui/jquery-ui.min.js?tn=24446247 IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (64394), with CRLF line terminators Hashb4baecb73b7a75044853d7f4d363cb49 cee14f8598c3c7f75ed141896f976fe94ed286a0 9d9b75e6bf99296f7797ed12f73137f52966dbb02180ff054c6c01680c7bdb1d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/jqueryui/jquery-ui.min.js?tn=24446247 HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 67989
Content-Type: application/x-javascript
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "0e76ef691b9d91:0"
Last-Modified: Tue, 18 Jul 2023 16:07:34 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/Media/a/public/Learning_Page_icon_links_blue.png | 20.50.64.14 | 200 OK | 7.7 kB |
URL GET HTTP/1.1rricrosoft-office.com/Media/a/public/Learning_Page_icon_links_blue.png IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typePNG image data, 411 x 411, 8-bit/color RGBA, non-interlaced Hash63feea511de8a22a249069034ffe54e4 834ce37878bc94c93ab063b6f80845ef179b52c5 da4d27942342f7c3c24cb0b1fc577de8d209a873fe8ad23af061b995b062d547
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Media/a/public/Learning_Page_icon_links_blue.png HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 7655
Content-Type: image/png
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: public, max-age=469
Expires: Tue, 23 Apr 2024 20:06:37 GMT
Last-Modified: Tue, 23 Apr 2024 19:06:37 GMT
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/Media/a/public/Learning_Page_icon_attachment_blue.png | 20.50.64.14 | 200 OK | 8.8 kB |
URL GET HTTP/1.1rricrosoft-office.com/Media/a/public/Learning_Page_icon_attachment_blue.png IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typePNG image data, 411 x 411, 8-bit/color RGBA, non-interlaced Hash67f6d88dbe91baa6ae84a19a0dd2a860 eb75b38ccc91882abe47529407465084f3443d1d bf55eea201bb018ce7b1c110835619619b89c9a7af31199e5bbf5ace079d338d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Media/a/public/Learning_Page_icon_attachment_blue.png HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 8835
Content-Type: image/png
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: public, max-age=2486
Expires: Tue, 23 Apr 2024 20:40:15 GMT
Last-Modified: Tue, 23 Apr 2024 19:40:15 GMT
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/common/jquery/jquery.min.js?tn=24446247 | 20.50.64.14 | 200 OK | 31 kB |
URL GET HTTP/1.1rricrosoft-office.com/common/jquery/jquery.min.js?tn=24446247 IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typeJavaScript source, ASCII text, with very long lines (65446), with CRLF line terminators Hash0732e3eabbf8aa7ce7f69eedbd07dfdd 4cd5ddc413b3024d7b56331c0d0d0b2bd933f27f ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/jquery/jquery.min.js?tn=24446247 HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 30987
Content-Type: application/x-javascript
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "8082ae2394f7d91:0"
Last-Modified: Thu, 05 Oct 2023 13:59:21 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/Media/a/public/warning.png | 20.50.64.14 | 200 OK | 692 B |
URL GET HTTP/1.1rricrosoft-office.com/Media/a/public/warning.png IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typePNG image data, 66 x 63, 8-bit/color RGBA, non-interlaced Hash1ddff3dacca2e26a650ad8ebae3b842e 61042024d791e7f3c219f4f8b24ad27c2230f763 1ef10e8843daed4b49bebef6e8f8c577933ad3444551942d59cfc359e0fd5b11
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Media/a/public/warning.png HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 692
Content-Type: image/png
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: public, max-age=414
Expires: Tue, 23 Apr 2024 20:05:43 GMT
Last-Modified: Tue, 23 Apr 2024 19:05:43 GMT
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/Media/a/public/Learning_Page_icon_Beware_blue.png | 20.50.64.14 | 200 OK | 7.2 kB |
URL GET HTTP/1.1rricrosoft-office.com/Media/a/public/Learning_Page_icon_Beware_blue.png IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typePNG image data, 411 x 436, 8-bit/color RGBA, non-interlaced Hash9d78c404cba12bbf774009879ed69963 254f972fa7cdfd5b7f366c59c833fe600c741dfa 2b7b44a38be5159466174c09ed7c735689def630b2c4f641e540b451a63dda07
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Media/a/public/Learning_Page_icon_Beware_blue.png HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 7173
Content-Type: image/png
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: public, max-age=466
Expires: Tue, 23 Apr 2024 20:06:35 GMT
Last-Modified: Tue, 23 Apr 2024 19:06:35 GMT
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/Media/a/cmedia_105b56e5437a43ed993a705da3689389/tn_phi_l242f_fr_microsoftfailedmailboxdelivery_v1b1.png | 20.50.64.14 | 200 OK | 67 kB |
URL GET HTTP/1.1rricrosoft-office.com/Media/a/cmedia_105b56e5437a43ed993a705da3689389/tn_phi_l242f_fr_microsoftfailedmailboxdelivery_v1b1.png IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typePNG image data, 1080 x 1080, 8-bit/color RGBA, non-interlaced Hashe54f6dea359af099cf68f9b878b38133 17c312537112754b4a2fc25a167bef8b52bd95c0 71069a5526c9922037978cc61862d6729be64ec05676028b69c9ca8e9ddd9243
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Media/a/cmedia_105b56e5437a43ed993a705da3689389/tn_phi_l242f_fr_microsoftfailedmailboxdelivery_v1b1.png HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 66563
Content-Type: image/png
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: public, max-age=250
Expires: Tue, 23 Apr 2024 20:02:59 GMT
Last-Modified: Tue, 23 Apr 2024 19:02:59 GMT
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/Media/a/public/TN_Learning_Activity_Page_BG.jpg | 20.50.64.14 | 200 OK | 96 kB |
URL GET HTTP/1.1rricrosoft-office.com/Media/a/public/TN_Learning_Activity_Page_BG.jpg IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 521x1364, components 3 Hashf7cc950b35e865f1b4d8af50eb955e9b 70b120d28474b5b27158e09eabfec107f141c70e 454633df39045e26ea25e5cb2b97a47a5f34b92b39162c757770d5e672df9b3d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Media/a/public/TN_Learning_Activity_Page_BG.jpg HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 95744
Content-Type: image/jpeg
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: public, max-age=1139
Expires: Tue, 23 Apr 2024 20:17:48 GMT
Last-Modified: Tue, 23 Apr 2024 19:17:48 GMT
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|
| rricrosoft-office.com/CountLearningTime/ab6876ce91f2644a2b60fb5e612546c00/?f=-1&s=0 | 20.50.64.14 | 200 OK | 125 B |
URL POST HTTP/1.1rricrosoft-office.com/CountLearningTime/ab6876ce91f2644a2b60fb5e612546c00/?f=-1&s=0 IP20.50.64.14:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 CertificateIssuerLet's Encrypt Subject*.rricrosoft-office.com Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT
File typeASCII text, with no line terminators Hash5b3abf9c1aa7556c3a36fea4e695c5d2 3fd967d09a748e1f2b26d6fe562e7155aa87e9de 98c4922bb641c65c7a30b7bcafdf230b9b00b6693631c56146ab25b2786ee4a3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /CountLearningTime/ab6876ce91f2644a2b60fb5e612546c00/?f=-1&s=0 HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
X-Requested-With: XMLHttpRequest
Origin: https://rricrosoft-office.com
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
Content-Length: 125
Content-Type: application/json; charset=utf-8
Date: Tue, 23 Apr 2024 19:58:49 GMT
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=pMBZNWvtgqpLMshB7djNRLFkU-qKQBCsYQqPHXvk1-XtnJlMvgx5P8h2VW9JVN3LIez9m7MGXn6BPKDEkCepMO464pMHHutMoADPcKc5iGk1&CurrentCampaignRecipientEventLogID=qPv_wfu9rCuyZgTwZY_BhVA4afsb0ucRO-mK1r5iDz8cTXHwSUisJMfx5pu8n9QMmoyFNip-f2uIDfO9drNh3w2&TotalLearningTime=XRog34K9QAYfLkw8Zb-hyOSs9zrQrnPkKKfNyZ7RXXc1U0tSt-TyEDZQwTIDBiAML6QCLnKsryVbFgV8qX_Ckw2; expires=Thu, 23-May-2024 19:58:49 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()
|
|