r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11454
Expires: Tue, 28 Mar 2023 19:01:05 GMT
Date: Tue, 28 Mar 2023 15:50:11 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8108
Expires: Tue, 28 Mar 2023 18:05:20 GMT
Date: Tue, 28 Mar 2023 15:50:12 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5ad3eec59bebbf969f175627757507c1
b176af3a70db378c9e1f219bab24d9d446070d6f
704fa284035b4c9aa487331b516f5f11c324e204756ae2503bad2606ed34f25e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "704FA284035B4C9AA487331B516F5F11C324E204756AE2503BAD2606ED34F25E"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6013
Expires: Tue, 28 Mar 2023 17:30:25 GMT
Date: Tue, 28 Mar 2023 15:50:12 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 28 Mar 2023 15:28:04 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1328
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: VueAGBunOJgZerZmflUTIX7/aSD7bPT88f9tg2rvvu4R7gp/AkfaZ8XFQVOQp/ZINgT3VwdrrFI=
x-amz-request-id: 368YVZ9XBA42666Q
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 28 Mar 2023 14:56:15 GMT
age: 3237
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 15:50:12 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Length, Backoff, Content-Type, Last-Modified, Pragma, Alert, ETag, Retry-After, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 28 Mar 2023 15:14:36 GMT
cache-control: public,max-age=3600
age: 2136
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 76a0aba3ddb470751c690f5a725159f2
8cb789e8e0dfa336270700ef1e607173f2aee6cd
e76de476654125a06994065d66e30c6fb6c354d0f67fd4e31a3f78679e2bfdcb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E76DE476654125A06994065D66E30C6FB6C354D0F67FD4E31A3F78679E2BFDCB"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6383
Expires: Tue, 28 Mar 2023 17:36:35 GMT
Date: Tue, 28 Mar 2023 15:50:12 GMT
Connection: keep-alive
143.198.232.196/tj6/index.php
200 OK 813 B URL HTTP/1.1 143.198.232.196/tj6/index.php
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash fc5ea794f4e6647a495200c6e5d86061
b3247eff7ee8a08c20fb46e88143f392b4bfe951
29135cd98e2222dde05a6ebda4a55d78570e7876fa2b66888a0a92c7e2c5a660
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/index.php HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:12 GMT
Server: Apache/2.4.52 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 813
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Xs4YBoX9wqEf23XQNpLONg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 0gXNxsk2xt8fG8k3uYT7eaKFsUw=
143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
200 OK 6.7 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (422), with CRLF line terminators
Hash f9537a3b9b29a7962d31bcc11c9d9e72
498fda4a22cfd72fc32ab270c11136f1ca671587
6607a91be6c06f5f1130547174169499d7fc2cb61c2fe69edcd589abed339a5e
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/index.html HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/index.php
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:12 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:41 GMT
ETag: "5295-5f7f7b94b0cea-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6724
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
200 OK 27 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP
File type ASCII text, with very long lines (32180)
Hash b1e4b2a99336201b37fb8cea5d57abb9
d57980f0d0eaaf57ec33ddc9ed027274cfa86027
c805bfd991983f57b5b7878b998f7529e9b7e2df4bc2d39ba493934e23ba3f8a
GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.232.196/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 15:50:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 26660
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14983"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 25465401
expires: Sun, 17 Mar 2024 15:50:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PHszAdvAqzjyzilDQmSShheOCIkfubNtGQxmCcg%2FfAkv%2FOz%2FjebWLgUGgNhnJ9XEIQBaC6FBa%2FwVdvxeOD2NwbRMWF39ZSToN%2FOq1ak5hgQjx4Zdh%2Fxdd4xSg5N35IykvU6q2VyB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7af1070c180ab50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
200 OK 16 kB URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
IP
File type ASCII text, with very long lines (59765)
Hash d4102e7d5f9f9b93cfa383229a3b596a
701ed79a7975fa52e948a47bd00e4daacedecbaa
3aeb365c44432ad738617cd48ec2277ac2101fd058bfd67a824a95842632b891
GET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://143.198.232.196
Connection: keep-alive
Referer: http://143.198.232.196/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 15:50:13 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"02d223393e00c273efdcb1ade8f4f8b1"
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
cdn-cachedat: 01/05/2023 11:07:49
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-edgestorageid: 1080
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 91c45f582e37356a01d15a3f3404569a
cdn-cache: HIT
cf-cache-status: HIT
age: 50
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7af1070c2d990b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-86788540-2
200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-86788540-2
IP
File type ASCII text, with very long lines (2206)
Hash af6fd497f0b1ffd370c5b27589660bcf
e476cdfb89331df2354ad86fdce6a55ed93d97bb
175abd9c72a849d0546f08f7926a29228d749a4f5946e8188334dc1ac801627f
GET /gtag/js?id=UA-86788540-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.232.196/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 28 Mar 2023 15:50:13 GMT
expires: Tue, 28 Mar 2023 15:50:13 GMT
cache-control: private, max-age=900
last-modified: Tue, 28 Mar 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44874
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e10c0c62a68346a599a245ad2d85fbbe
a79383efdb28292b6e2112da2344915a97eb7888
b239a83a0672895d5960617bba31f4404a4c103eec12d4e975aaf51204e1f953
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 28 Mar 2023 15:50:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
143.198.232.196/tj6/9chrmx0973xu9x08x/chat.css
200 OK 1.9 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/chat.css
IP
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, ASCII text, with CRLF line terminators
Hash a414a61aa76cf470454c59eb61953e6d
e0532f2bf0344fbf2ee434fdd8f5c123aa33873c
e00dd91658bf458e94a3f9a3673e3b585901e990c6539de11c6e7ebf6a206db1
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/chat.css HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:13 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:44 GMT
ETag: "206a-5f7f7b975cbe2-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1873
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6630
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 15:50:14 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6630
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 15:50:14 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 789f11978a1149984408fbbb9a2b3f81
078bd523107096bab5e26d42b18e316c253f1ca7
7974980290443b64126f512686261150cd27331cb7b32a96d1167a97d046e8a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8961
x-amzn-requestid: 9277e35d-8fe8-482e-b65c-b132dfcbd87e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbqBGl0IAMFy4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca6-7869936b33cbf3633c68e7ac;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: niXBcLXb34cBs5-FqU8flhIK5sZ_ykmhwnozGbLigHI3jwXySoF_xw==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:49:49 GMT
age: 64825
etag: "078bd523107096bab5e26d42b18e316c253f1ca7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg
200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1da68df9d96e2758e37b9f15daab027b
5ff19ed6dc5752aa4b15fb88da972b736fd55783
ad924425946dbdf309c764e7097e676185516301feb7722b30d95ffd50b4353f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7426
x-amzn-requestid: 85a30298-4613-4a96-bdba-0899fe9f9475
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdcsgGZsoAMFQkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220e4f-10db431e7632048d7b15e0ec;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:44:47 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: VYUarzUegSCD6A4s7tUQ-0O1mjal3BAW7SiiXSpOnFEDd5-HHoA5Cw==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:55:21 GMT
age: 64493
etag: "5ff19ed6dc5752aa4b15fb88da972b736fd55783"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fdd8a3f935830ca9e5ffdb5824acebc
39caaddec703fdad962d03fff8687bad2c1df4ad
6fe6301fb3610c3e8a9b62671579db53189bb62ead4cf5ab30a1f1e0b90b8ca2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7537
x-amzn-requestid: 4f7aaf6e-3eca-4033-aa21-27b5e7df6a0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbupFURIAMFlZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cc3-153c4e0b6b9d1b586c985f8d;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:38:11 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 07sU32yK0Sqkqg_YzC_cfw3stDMOa2cViR6IrpHw5cfSEjUOHTITAA==
via: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront), 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:48:37 GMT
age: 64897
etag: "39caaddec703fdad962d03fff8687bad2c1df4ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png
200 OK 20 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e093e7b5c12cfc2aee601f823ea47e
d76b3958471b2ed70a2b52f078ec638748fdb441
de4fc669195611c4ea6fe7d920482987aef077973b4973c01e2f362aeb18c2ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 20349
x-amzn-requestid: 2de7d242-f277-42a6-9dc4-2fc98207a978
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbumFzOIAMF3hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cc3-5f20ad7b2216219138f7b557;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:38:11 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: pnby7LhwZDWxJHtyWBlI7l_AO8l-tjjTVHatiCKG2htZ4RQNQOZkgQ==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 34f8ef0e4c880df0650a814412a26ea6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:48:21 GMT
age: 64913
etag: "d76b3958471b2ed70a2b52f078ec638748fdb441"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ada29e049501b12a35b0bcc5f68e3e57
5c1ba9bffbcc9007e7f119dbb3197db34a12f8da
b45583b5845129386a456e03fbdba25305c8d6d9fb5a8f01d783816ced080629
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10744
x-amzn-requestid: d693d820-7eed-47a3-9b0b-8f43c141bd3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbogF0poAMFTAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220c9c-22ab350146e8a3a606f74c42;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: uCaEsILUx4u_fBJ7J9CgQanUW-BmV69mFvGRjZ0roFWluE_joVyVrA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:48:21 GMT
age: 64913
etag: "5c1ba9bffbcc9007e7f119dbb3197db34a12f8da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: I3GuoZ4ZxAtz0sKe3wrW67aitLlCAbaZkiPw23fl0F3FoumJDEnXiQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 07:55:07 GMT
age: 28507
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/styles.css
200 OK 1.8 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/styles.css
IP
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, ASCII text, with CRLF line terminators
Hash 671fb60364cc19bd6fa5eeb5fde90766
a58d30bbedc7fc9759ee760531b33281ad86ad46
2a8bce10db8a8f2ef69b5dbfa03d634628bd851159c63c1ddb78749ed4834bce
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/styles.css HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:13 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:41 GMT
ETag: "1938-5f7f7b9557e20-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1842
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
143.198.232.196/tj6/9chrmx0973xu9x08x/scripts.js
200 OK 873 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/scripts.js
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Hash 0f0a223eb69c7e24a06cfa959e4f603c
618fb94f27a5a089ca107965cba835f3fc75fe12
eff65cbde09165cbc3adf0bb9104ed2bcf08fd41272fdc919b7ddb7635df9472
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/scripts.js HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:43 GMT
ETag: "1cd3-5f7f7b96f9156-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 873
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript
oneocsp.microsoft.com/ocsp
200 OK 1.8 kB URL HTTP/1.1 oneocsp.microsoft.com/ocsp
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash e43d4fd16e3034e748f07f61657960f6
818d693041eb4d30fbfecee30282812d786e1f71
cee8dfed210d974a80266296942a79f60d860c2f48e4a6d5abdde276f8360133
POST /ocsp HTTP/1.1
Host: oneocsp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 1777
Content-Type: application/ocsp-response
Expires: Mon, 03 Apr 2023 15:50:15 GMT
Last-Modified: Mon, 27 Mar 2023 21:09:35 GMT
ETag: "cee8dfed210d974a80266296942a79f60d860c2f48e4a6d5abdde276f8360133"
X-Powered-By: ASP.NET
x-content-type-options: nosniff
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 3066A19ED58D4A998FBE9CD9C4707039 Ref B: OSL30EDGE0222 Ref C: 2023-03-28T15:50:14Z
Date: Tue, 28 Mar 2023 15:50:13 GMT
support.microsoft.com/
301 Moved Permanently 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.232.196/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-length: 0
server: Kestrel
location: https://support.microsoft.com/en-US
request-context: appId=
x-correlationid: 0HMPF0GD45CFB:00000030
x-operationid: b4837703d9f0c87bb4f086f15d99ed11
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Tue, 28 Mar 2023 15:50:14 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/en-US
200 OK 24 kB URL HTTP/2 support.microsoft.com/en-US
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1478), with CRLF, LF line terminators
Hash 0f13c192b742b72df42656a7d8e1e707
7dcf3fcba658f087c0c7a283670dc46386c09fb5
6cd335bdfdda1880b2e6dbc40cc32641e30390fb7019588e9ff569f3e4ffdc2b
GET /en-US HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://143.198.232.196/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: Kestrel
request-context: appId=
x-correlationid: 0HMPF0GD45CFB:00000031
x-operationid: 29340b4c98a480d01bceaf1535bd11c8
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-encoding: gzip
expires: Tue, 28 Mar 2023 15:50:14 GMT
cache-control: max-age=0, no-cache, private
pragma: no-cache
date: Tue, 28 Mar 2023 15:50:14 GMT
content-length: 23877
strict-transport-security: max-age=86400 ; includeSubDomains
set-cookie: EXPID=6133f423-32f2-42d2-9ba1-44dda6a71fda; max-age=31536000; path=/; secure; samesite=none
ak_bmsc=A7EFF98F92D94433CACE5DE55B85E79C~000000000000000000000000000000~YAAQZQplXwoxqhSHAQAAo6jpKBOVg3iv8bawI8PEIiV/drC3fQwhEZDBTxizq/xp/1Co43+ZJln4QfyYHg6xMdNtOtOkhJ+iMZy3lbm3MrEWHCFUikwZ+cg2Fm9eGWCoRcgPuy9zy7JsoNJYC3xyWmGxyY5CtuLR/ME1cvVV+P4b5irVpqypagUWzW/gwtSPQWqDvIluAKvnyOs5KvLiALKCh7tLuOpmpFCV8v86+sFodGxrngISLU+HuD2jEhqd1Q1BPUAgXmtoZakUbXApmgW7vfYKAu0WbBJAjxyM607i4AXL1YfHuh0TeukyPjQDFscFPtvFprx8EJnSgZRQy0Nmm5xoGGcCISPUu0OWLPqxtIxdVPdNgMKDBgPhsi7WJSGCH1JlH53Qf+lz; Domain=.microsoft.com; Path=/; Expires=Tue, 28 Mar 2023 17:50:14 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
200 OK 1.1 kB URL HTTP/2 support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
IP
File type Unicode text, UTF-8 (with BOM) text, with very long lines (2867), with no line terminators
Hash 6477e3936b0e197b65cc1ff23763e340
096188c0ef95054d95c5dafe755df0106428c0b1
2056691cd1dcca7ad51f6c386f8c7baa4954a164b9b10d41a668910a8e91b854
GET /css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d946ecac3c4438"
last-modified: Wed, 22 Feb 2023 18:37:10 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOL0GAVE0JM:00000002
x-operationid: a787865460805e45a4ed6a8d8eb3b741
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1096
cache-control: private, max-age=28693541
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U
200 OK 1.3 kB URL HTTP/2 support.microsoft.com/css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U
IP
File type ASCII text, with very long lines (4873), with no line terminators
Hash 980d2f51140df4a6347102960ceb0282
9225687f02246a11e61f9b2e4602e43368ae4839
88658b7776899cac32aae184f9e8ce8707c2fd00827844f1fb24661d4cca1cb8
GET /css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d93cd346ef7089"
last-modified: Thu, 09 Feb 2023 22:10:11 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATABNE1H1:00000002
x-operationid: b6aaf70cde0425da4903e5fb37a673c4
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1277
cache-control: private, max-age=28527786
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=YGV57BU430a7ZsW5KMqnuRyMdbmYgAZw1My61NVoXnI
200 OK 457 B URL HTTP/2 support.microsoft.com/css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=YGV57BU430a7ZsW5KMqnuRyMdbmYgAZw1My61NVoXnI
IP
File type ASCII text, with very long lines (1176), with no line terminators
Hash aa795408c331dfaffab3545718661469
135fdb999daec028f2e75b0f8c04903a77312efd
67672916726b635cbb6ef236ca23f4ebf9d457a15c32bdeaf0cf57333d3bfc09
GET /css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=YGV57BU430a7ZsW5KMqnuRyMdbmYgAZw1My61NVoXnI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd3d8f76898"
last-modified: Thu, 09 Feb 2023 22:14:16 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATD2K46LS:00000003
x-operationid: 4e1e65f9a5dcbd438d51ed8ee235d2e6
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 457
cache-control: private, max-age=28534606
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI
200 OK 219 kB URL HTTP/2 support.microsoft.com/lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI
IP
File type ASCII text, with very long lines (65460)
Size 219 kB (218885 bytes)
Hash cc521a7256e94d43df24fc6ccf1cabc9
783de4bf06ccd26af4eb56f6d8a7473a551c3135
0e379b6c1a7940b9d0cb6277c2b30e71e228bdc4f80417e785dd1b54ce122662
GET /lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d960ed04e0139f"
last-modified: Mon, 27 Mar 2023 20:45:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPF0HDN66BU:00000002
x-operationid: d540b1c7e70b53a8db1984134d65885c
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 218885
cache-control: private, max-age=201
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM
200 OK 370 B URL HTTP/2 support.microsoft.com/js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM
IP
File type ASCII text, with CRLF line terminators
Hash 5590a7dc56b6f43b99568fe62e2d03cf
f2923af0b22bd272acbbcd68958a7df4169ec703
f594937c23c9154cc20ef4522bebb8ac61cae53824ad6e02660c381b396b952d
GET /js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd346ef60aa"
last-modified: Thu, 09 Feb 2023 22:10:11 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATABNE7TR:00000005
x-operationid: 51607aea3d1cb3147dd5e10983c20ef3
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 370
cache-control: private, max-age=28534957
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w
200 OK 5.7 kB URL HTTP/2 support.microsoft.com/js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w
IP
File type ASCII text, with CRLF line terminators
Hash 1a5373f3c18d893ea7793c15e7823b4b
dfa62d27a25503bd56b9da0f5b8e4eece4dc4af6
4877b869b10a33d65ec3fb27064a62177222171abdf5c635d709cdc63677202b
GET /js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d93cd42c69ee47"
last-modified: Thu, 09 Feb 2023 22:16:36 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATE6LP715:00000003
x-operationid: b9c892bd5daa72879e796e66ae1f8bb4
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 5700
cache-control: private, max-age=28531971
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/RememberedAccounts.Main.min.js?v=1Mc30Yfs6TsuKFz2OgKMJvnlXrjLh2JDVdhGC713IDI
200 OK 1.5 kB URL HTTP/2 support.microsoft.com/js/RememberedAccounts.Main.min.js?v=1Mc30Yfs6TsuKFz2OgKMJvnlXrjLh2JDVdhGC713IDI
IP
File type ASCII text, with very long lines (3210)
Hash abacf605817f7bb1f2245546c860c307
0192c687a50e29983a911f4c1f917b257f73040a
ce3d44e3442ce64875ff8694a31a156fd1f65c0e230223c51a362620b40304f2
GET /js/RememberedAccounts.Main.min.js?v=1Mc30Yfs6TsuKFz2OgKMJvnlXrjLh2JDVdhGC713IDI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95c211af3cac2"
last-modified: Tue, 21 Mar 2023 18:15:24 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPA72L3N5K5:00000004
x-operationid: 73c91fd003c67fabf203dd1a02f11a18
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1507
cache-control: private, max-age=31025793
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM
200 OK 75 kB URL HTTP/2 support.microsoft.com/js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM
IP
File type Unicode text, UTF-8 text, with very long lines (65454)
Hash 905e4956b0ee0ce4dacb9d8d6aa748b6
4be710784f7df01c5d86dfb68ede898a82554b06
96be4a840515cb727871c66b3c40195b19b089cb6631040f6829984682af64ae
GET /js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d94c908da8eb8a"
last-modified: Wed, 01 Mar 2023 22:52:52 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOQL02L0OMJ:00000002
x-operationid: 5b8b5494cf9f7a6fc6840973a3afbd03
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 75066
cache-control: private, max-age=29644654
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4
200 OK 1.9 kB URL HTTP/2 support.microsoft.com/js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4
IP
File type ASCII text, with very long lines (6261)
Hash d860a5eba2cb21a350c6b002a30b03de
a4514156fbd14905578dd4441bc6a1c51eb8162d
379799b97d2437e7280a8d952fe80856341c6deb95c2c0fe5f9ce4a453bd57d9
GET /js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd345be2e2a"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATAF6QE2N:00000004
x-operationid: 0c33f4345f817b6f011038a201c6071e
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1876
cache-control: private, max-age=28535093
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231
200 OK 23 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231
IP
File type Unicode text, UTF-8 text, with very long lines (64241)
Hash 09800dff9a5770bdc368ae73ec89b229
52864194fec1b7fa70ba6e8bda68f0d8f27b21d1
d981d06eaec00bf7feef2b5dc799c3b50332ee867b8048109d45cb6a97e52557
GET /onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 13 Dec 2022 20:44:18 GMT
x-activity-id: e0ba9742-9e0a-46e2-9ac8-f1af67b30f54
x-appversion: 1.0.8349.33967
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-11-11T02:52:14.0000000Z}
ms-operation-id: de38bdd2a32ec64d9a993e889dba99e3
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-12-13T20:44:18
x-s2: 2022-12-13T20:44:19
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 22729
cache-control: public, max-age=22481670
expires: Wed, 13 Dec 2023 20:44:44 GMT
date: Tue, 28 Mar 2023 15:50:14 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4730d99c.0
ms-cv-esi: CASMicrosoftCV4730d99c.0
x-rtag: RT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/cross.svg
200 OK 586 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/cross.svg
IP
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , Unicode text, UTF-8 text, with very long lines (584), with no line terminators
Hash bc1f7dd210381c4c10bd93c4bccdc587
76d3599df283231936edf5b2a31d15e8e76c22dd
50dc14b3d1fdd6aeeb9f2ca92062357bacecbf8f05992346ffe4178fd81ff68c
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/cross.svg HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:46 GMT
ETag: "24a-5f7f7b9a136d0"
Accept-Ranges: bytes
Content-Length: 586
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
support.microsoft.com/SocContent/css
200 OK 23 kB URL HTTP/2 support.microsoft.com/SocContent/css
IP
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Hash 68f3c668bd3369699a9e554c2294ff29
b06cb70c310a429d5000361e3ab7bb07146b23f6
392a288aaa8044b0344dc11b86a8291ec3ec7094f4efa773666e7048a5f98576
GET /SocContent/css HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 28 Mar 2023 15:50:14 GMT
x-correlationid: 069d8005-6baf-44fb-9694-c3e6ed7d40df
x-usersessionid: 069d8005-6baf-44fb-9694-c3e6ed7d40df
x-officefe: OdcSupFrontEnd_IN_17
x-officeversion: 16.0.16322.42701
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
content-encoding: gzip
content-length: 22921
cache-control: public, max-age=31535948
expires: Wed, 27 Mar 2024 15:49:22 GMT
date: Tue, 28 Mar 2023 15:50:14 GMT
vary: Accept-Encoding
set-cookie: EXPID=c73467aa-2f36-4165-9fb8-52a7cdf498b1; expires=Thu, 28-Mar-2024 15:50:14 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1
200 OK 36 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1
IP
File type ASCII text, with very long lines (42133)
Hash d95e11ceb03f2345a320093cab78025e
61a86a14316100b63da779f7e173849643e687f5
e51a46060665f507a73982f7aa0a4088fc5b371023c237fefa0a1d806b56f6b0
GET /onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 24 Jan 2023 18:49:01 GMT
x-activity-id: 7acc4066-8c24-4216-b307-e65f0d7adf97
x-appversion: 1.0.8405.38376
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-01-06T05:19:12.0000000Z}
ms-operation-id: 276317a3e7c97a4986744af24c94a19f
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2023-01-24T18:49:01
x-s2: 2023-01-24T18:49:01
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 35900
cache-control: public, max-age=26103558
expires: Wed, 24 Jan 2024 18:49:32 GMT
date: Tue, 28 Mar 2023 15:50:14 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4730d9da.0
ms-cv-esi: CASMicrosoftCV4730d9da.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/videoplayer/js/vxpiframe.js
200 OK 6.3 kB URL HTTP/2 www.microsoft.com/videoplayer/js/vxpiframe.js
IP
File type ASCII text, with very long lines (13602)
Hash 009d92e8af9d884776822cbb40471dab
8215ca8a1c6d3c6b68c99aa3bc84df2ad57386f7
7ca4a25996ab5129a87d219a3382b645e266b1e43b6f3052770dc23bf15e7fb6
GET /videoplayer/js/vxpiframe.js HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/en-US
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-transform
content-type: application/x-javascript; charset=utf-8
x-activity-id: c55c2b7a-747c-4ca3-9f43-0e36870c6567
x-appversion: 1.0.8377.8392
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-12-08T12:39:44.0000000Z}
ms-operation-id: d9e1e41a6a314a4e83041b8467a8936f
p3p: CP="CAO CONi OTR OUR DEM ONL"
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 28 Mar 2023 15:50:14 GMT
content-length: 6332
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4730d9fb.0
ms-cv-esi: CASMicrosoftCV4730d9fb.0
set-cookie: akacd_OneRF=1687794614~rv=37~id=10de3cbec1fe81dfa6d4afd1583ab914; path=/; Expires=Mon, 26 Jun 2023 15:50:14 GMT; Secure; SameSite=None
x-rtag: RT
X-Firefox-Spdy: h2
ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.1.min.js
200 OK 31 kB URL HTTP/2 ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.1.min.js
IP
File type ASCII text, with very long lines (65451)
Hash 01ed540a1edc0b1cae4b91ef5d576be3
0f4aa0ea331348a4c2bca0f3898dd681646455c4
da348028c4b581592016ee99ec4ee38cdaaac87d2c0317962c52c18a9338a101
GET /ajax/jQuery/jquery-3.5.1.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 19775139
cache-control: public,max-age=31536000
content-type: application/javascript
date: Tue, 28 Mar 2023 15:50:14 GMT
etag: "80e72fc8fd6fd61:0"
last-modified: Tue, 11 Aug 2020 16:38:03 GMT
server: ECAcc (ska/F74F)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30976
X-Firefox-Spdy: h2
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
200 OK 4.1 kB URL HTTP/2 img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
IP
ASN #20940 Akamai International B.V.
File type PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f14c20150a003d7ce4de57c298f0fba
daa53cf17cc45878a1b153f3c3bf47dc9669d78f
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
GET /cms/api/am/imageFileData/RE1Mu3b?ver=5c31 HTTP/1.1
Host: img-prod-cms-rt-microsoft-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 4054
content-type: image/png
access-control-allow-origin: *
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
last-modified: Tue, 21 Mar 2023 21:28:45 GMT
x-source-length: 4054
x-datacenter: northeu
x-activityid: 60ae8c31-b81c-4a60-a78d-f0f73ed25c40
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
cache-control: public, max-age=236760
expires: Fri, 31 Mar 2023 09:36:14 GMT
date: Tue, 28 Mar 2023 15:50:14 GMT
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
X-Firefox-Spdy: h2
support.microsoft.com/js/MeControlCallout.Main.min.js?v=z8A9eaXPs1zFIC_swsevu3o3DKi6YuzedODbJugVTXM
200 OK 1.4 kB URL HTTP/2 support.microsoft.com/js/MeControlCallout.Main.min.js?v=z8A9eaXPs1zFIC_swsevu3o3DKi6YuzedODbJugVTXM
IP
File type ASCII text, with very long lines (3103)
Hash b07d3f6fdb6a8fb7b089fab2824977dd
0249397d04d129b62e78062ed998ced6a985cf2d
39b9721fc16771b8ce8d75a439b3ff461871a10a612a52752afea1316a8981d9
GET /js/MeControlCallout.Main.min.js?v=z8A9eaXPs1zFIC_swsevu3o3DKi6YuzedODbJugVTXM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fc6deb55"
last-modified: Thu, 09 Feb 2023 22:08:06 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9HC2Q1K:00000005
x-operationid: 76d8dcd77a3516abcc1e065f2e041877
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1364
cache-control: private, max-age=28535140
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css
200 OK 473 B URL HTTP/1.1 statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (342), with CRLF line terminators
Hash a40589609d8e75c109e93abbff0dcf60
76ae9c943d54022e24b90467713a73a431eddd6d
2c959c2618be84448b26de18639db8a66126449c6ebb29f4f6d33e00adb5b069
GET /statics/override.css HTTP/1.1
Host: statics-marketingsites-neu-ms-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 11 Jun 2019 23:22:13 GMT
ETag: 0x8D6EEC3A2D67C35
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 794b2968-c01e-0059-40d6-660f8c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 473
Unused62: 8096267
Date: Tue, 28 Mar 2023 15:50:14 GMT
Connection: keep-alive
support.microsoft.com/SocContent/officeShared
200 OK 636 B URL HTTP/2 support.microsoft.com/SocContent/officeShared
IP
File type ASCII text, with very long lines (1576), with no line terminators
Hash c552445dfdd7ea4de00874233e3d88cc
2ba812615470808e26780d736122c7d46c2bec0e
ba5215c29d63a42b9cef03ab2506f7a28f3446880a5e7c5b38f47cb809da637c
GET /SocContent/officeShared HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 28 Mar 2023 15:50:14 GMT
x-correlationid: 0083ce27-7df6-4f21-b243-effae554e7ce
x-usersessionid: 0083ce27-7df6-4f21-b243-effae554e7ce
x-officefe: OdcSupFrontEnd_IN_2
x-officeversion: 16.0.16322.42701
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=31535987
expires: Wed, 27 Mar 2024 15:50:01 GMT
date: Tue, 28 Mar 2023 15:50:14 GMT
content-length: 636
set-cookie: EXPID=7904506c-1fa8-441c-9d6d-c20a41537dc5; expires=Thu, 28-Mar-2024 15:50:14 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/socbundles/article
200 OK 15 kB URL HTTP/2 support.microsoft.com/socbundles/article
IP
File type ASCII text, with very long lines (62046), with no line terminators
Hash a7a35095b42d66f97324a02e61aeabbd
fc5b2ce888868bb62b40f2b580c16d0e23b53f4a
138863d8ea2818321a86df2e3f72b28feb8348def4d72d5d29b09d57fe235a83
GET /socbundles/article HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 28 Mar 2023 15:50:14 GMT
x-correlationid: 69721253-d747-41eb-9509-a3dd0348fc84
x-usersessionid: 69721253-d747-41eb-9509-a3dd0348fc84
x-officefe: OdcSupFrontEnd_IN_10
x-officeversion: 16.0.16322.42701
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=0
expires: Tue, 28 Mar 2023 15:50:14 GMT
date: Tue, 28 Mar 2023 15:50:14 GMT
content-length: 15150
set-cookie: EXPID=ed90fca4-59e1-4b68-89d7-03e2bef0d4b9; expires=Thu, 28-Mar-2024 15:50:14 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
200 OK 82 kB URL HTTP/2 wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (63888), with no line terminators
Hash e51f388b62281af5b4a9193cce419941
364f3d737462b7fd063107fe2c580fdb9781a45a
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
GET /mscc/lib/v2/wcp-consent.js HTTP/1.1
Host: wcpstatic.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: max-age=43200
content-length: 81726
content-type: application/javascript
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
age: 8974
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2f3ba352-001e-003f-6578-619f7d000000
x-ms-version: 2009-09-19
x-azure-ref: 0tgwjZAAAAAAzD5szn4I8SLxUeKOb8kSEU1ZHMjBFREdFMDUwNwAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
date: Tue, 28 Mar 2023 15:50:13 GMT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/arrow.svg
200 OK 193 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/arrow.svg
IP
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 1b49457044fe0f969a601eade5b861ee
bb0139e4c98ac050717094b636612ce758a42062
65e5c584d029650c691506517be54c0046cb94f48b8522d7c78d3a550220691f
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/arrow.svg HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:41 GMT
ETag: "c1-5f7f7b94ace62"
Accept-Ranges: bytes
Content-Length: 193
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
200 OK 29 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 29388, version 0.0\012- data
Hash 6e75a94d5f7170a1ab532d32c2a35755
9c1b6fff544089941bbeddbcf529c3f0b46d853a
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
GET /static/fonts/segoe-ui/west-european/Semibold/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 29388
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "5b68d583e9c7d51:0"
cache-control: public, max-age=156181
expires: Thu, 30 Mar 2023 11:13:15 GMT
date: Tue, 28 Mar 2023 15:50:14 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
200 OK 34 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 34052, version 0.0\012- data
Hash 36397a3bc139c6e9f81d383f060f080a
3f4f86c10920d4ed345f4858b6cde9f93e1aeb81
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
GET /static/fonts/segoe-ui/west-european/normal/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 34052
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "588d483e9c7d51:0"
cache-control: public, max-age=451549
expires: Sun, 02 Apr 2023 21:16:03 GMT
date: Tue, 28 Mar 2023 15:50:14 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/uZbx-si.png
200 OK 5.4 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/uZbx-si.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 42 x 702, 8-bit grayscale, non-interlaced\012- data
Hash 51147eb9734c3c0caf22aa77a80d96f0
dc33807cd0c0c35bb98d8e23efe2d625137a43f5
92d8510869b3d581401a93130fa72e4b54c5bf28dc8005994c5248d9afbfc37b
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/uZbx-si.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:44 GMT
ETag: "1501-5f7f7b982509c"
Accept-Ranges: bytes
Content-Length: 5377
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
support.microsoft.com/css/Glyphs/SupMDL2_v4_69.woff2
200 OK 30 kB URL HTTP/2 support.microsoft.com/css/Glyphs/SupMDL2_v4_69.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 29588, version 0.0\012- data
Hash f04217f47619ac51664e7a65b3f77b48
c32c07c33ba8850f282492b2bd38be170b556541
5975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61
GET /css/Glyphs/SupMDL2_v4_69.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 29588
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1d93cd345be4514"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
request-context: appId=
x-correlationid: 0HMOATAF6QE2N:0000000C
x-operationid: ba8b01cde138b4c70a8fa265737a057d
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=28535210
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/socfonts/DevCMDL2.2.50.woff
200 OK 18 kB URL HTTP/2 support.microsoft.com/socfonts/DevCMDL2.2.50.woff
IP
File type Web Open Font Format, TrueType, length 18316, version 0.0\012- data
Hash 0cedbb5e7888349e4705a66ede3dd01c
bff3c70dbd94c866bdefc48e7bba1d8f359577ac
12d95d8d400eeafa0258e9d29d6ea5ef0ec9cfc1410b75e47976fcb3f92082b0
GET /socfonts/DevCMDL2.2.50.woff HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/SocContent/css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: font/x-woff
last-modified: Wed, 08 Feb 2023 13:22:44 GMT
accept-ranges: bytes
etag: "0aa706dc03bd91:0"
x-correlationid: 70065751-9c2c-4c50-88be-f28ea4c1b02e
x-usersessionid: 70065751-9c2c-4c50-88be-f28ea4c1b02e
x-officefe: OdcSupFrontEnd_IN_13
x-officeversion: 16.0.16208.42700
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
content-length: 18316
cache-control: public, max-age=7776000
date: Tue, 28 Mar 2023 15:50:14 GMT
access-control-allow-origin:
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
200 OK 26 kB URL HTTP/2 www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
IP
File type Web Open Font Format, TrueType, length 26288, version 0.0\012- data
Hash d0263dc03be4c393a90bda733c57d6db
8a032b6deab53a33234c735133b48518f8643b92
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
GET /mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
last-modified: Mon, 16 May 2022 07:01:33 GMT
x-activity-id: 365be2ca-45e3-4b50-a3c5-4615d200d3f9
x-appversion: 1.0.8153.36695
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-29T04:23:10.0000000Z}
ms-operation-id: 890ba5c6ed640248b06de8544496c48b
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 26288
cache-control: public, max-age=15304271
expires: Thu, 21 Sep 2023 19:01:25 GMT
date: Tue, 28 Mar 2023 15:50:14 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4730de3a.0
ms-cv-esi: CASMicrosoftCV4730de3a.0
x-rtag: RT
X-Firefox-Spdy: h2
support.microsoft.com/en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler
302 Found 0 B URL HTTP/2 support.microsoft.com/en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
content-length: 0
server: Kestrel
location: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156154149086141.YTUyMTVhYmYtMTc2My00N2M2LTk3YTktZDlhOGUyMzdkZmNjODVlZGQ3MDUtM2ZmZC00YWFhLWI1MmYtNjFhMDZiNDkzNWE2&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-hktYDz94yfo9o8RBxUbW4Tim3M01x62gpEekSN1_RPTVATRKFlf9MTKz3_08VRTsZmtKsjY6o9NFJAgKf0cPYyfxSbffydC_8b0jZIVpq2fbxeueW_knwVD9cLUT1f8ohREmiwwdJ_4WazrthDbkaEl1s-UeuQXMX3kTIMGwL8WdgO99pwsgUTbH-N3v963uh98QMI-NMe1ziG_jwlriW8cydqeEn-sD8pO6Q0EAyv97BRPARAyTksQ2B6BCThMhiNly7g0c0pVqXdBW6TR3K2Hy2mDVsp7ARA4SL4t2-p-zReAs0EFuxHiJyuH2eZJg9WwYrm1q7Ev36qCyHN5YTR&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
request-context: appId=
x-correlationid: 0HMPF0JQUBJMJ:0000015C
x-operationid: cd84f790ac563549351aef91f77b733d
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Tue, 28 Mar 2023 15:50:14 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 28 Mar 2023 15:50:14 GMT
set-cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8PY55fRSQr1CrcRGN2fDm-jYaF6pDNunn57xGO3sho6XtszmiUeouQj8hFsmYzRqCoM_GgB4EaoM7yQpZq8BlCdSqaVHDGyiyq0GZu8Z4KpEC48ANP_sp5qGGOCTd-K1ImuYjCpeL6saz-NIq5MKeK3E_KCAqXGmaaT71mE7njvOKRzFrU64Uxv0fCD16ayZOYZvQO0z6rQmpVjm3w-yFIfor0dZmPnMxz2VnRDdotIhEDxhqUdcAfIHg5ORlCsV8yq6boG2zvFUsxIy-f5hXv4=N; expires=Tue, 28 Mar 2023 16:05:14 GMT; path=/signin-oidc; secure; samesite=none; httponly
.AspNetCore.Correlation.qBxdCUE8NLp-XU_hZ7MVfwsNsY-Y40hcnOHHyOcgW4w=N; expires=Tue, 28 Mar 2023 16:05:14 GMT; path=/signin-oidc; secure; samesite=none; httponly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/nOxp-sett.png
200 OK 463 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/nOxp-sett.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 33 x 31, 8-bit colormap, non-interlaced\012- data
Hash 905d91c276116928fa306ea732723fa9
092604f6a8786e46a7dee06065d29d2896fcf568
9cffd13c2ce05ebe032709a88fa59504e1218a12b175ec40d5aab280c18be51e
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/nOxp-sett.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:43 GMT
ETag: "1cf-5f7f7b966b694"
Accept-Ranges: bytes
Content-Length: 463
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/microsoft.png
200 OK 1.0 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/microsoft.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/microsoft.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:42 GMT
ETag: "415-5f7f7b9600e9a"
Accept-Ranges: bytes
Content-Length: 1045
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/s-S4-acc.png
200 OK 813 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/s-S4-acc.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 77 x 72, 8-bit colormap, non-interlaced\012- data
Hash d648c1837d01495eccd63e053491f72a
991d8f6c72777239472410d6129fd5f25ed9d134
9edbf56b360080f5d6765dce77353b8130e9f8316ad34c68f6c2792cdc446321
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/s-S4-acc.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:47 GMT
ETag: "32d-5f7f7b9ab88c2"
Accept-Ranges: bytes
Content-Length: 813
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
support.content.office.net/en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png
200 OK 2.7 kB URL HTTP/2 support.content.office.net/en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png
IP
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 4ef082afe9892d1af2bf56ebbbe43b24
6af8951ab396523fd8339b2df591835838d15c42
664490c5ed805c089f854c1edf01d005f170730a3614d19c60375eb7c3b08fdf
GET /en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 2703
content-type: image/png
content-md5: TvCCr+mJLRryv1bru+Q7JA==
last-modified: Fri, 04 Mar 2022 07:17:28 GMT
etag: 0x8D9FDAF0AA3B079
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: be11323c-601e-0029-2938-135b14000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:50:15 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png
200 OK 4.6 kB URL HTTP/2 support.content.office.net/en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png
IP
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash c59d7f179b1837d03040c0673c5ec15d
e219f3e3a6a01233b84bb27ef7ebe941a792a3af
e83c28f43b70c9d58e8f8758e547b985577f5a38045f1b5a63169913f02a0cc5
GET /en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 4596
content-type: image/png
content-md5: xZ1/F5sYN9AwQMBnPF7BXQ==
last-modified: Fri, 04 Mar 2022 07:17:49 GMT
etag: 0x8D9FDAF172969CD
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c5a30787-901e-0070-0d67-41dc97000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:50:15 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png
200 OK 785 B URL HTTP/2 support.content.office.net/en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png
IP
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 859052ca7e07aca482d0ef74f86b45b6
d680c1c7c84a04ab96bc23adecee5efc4bc71bb4
4c238159bdfd032eb6ef4fefe83f453d3166adeb2331ba61dbdd67dfa6d0ed36
GET /en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 785
content-type: image/png
content-md5: hZBSyn4HrKSC0O90+GtFtg==
last-modified: Wed, 09 Mar 2022 06:23:54 GMT
etag: 0x8DA0195629FEC6D
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3fedf525-101e-0041-71a3-3f3d84000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:50:15 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png
200 OK 210 B URL HTTP/2 support.content.office.net/en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png
IP
File type PNG image data, 256 x 256, 2-bit colormap, non-interlaced\012- data
Hash 5e136d738c93fdb32c08fdb249905c1f
abeaa733ead9d6a3843aae402afe8d8fbf0452bf
5a639ac902dffec0b8174e7a2dda2e18c8038b76ff5c88ec507984e71b7b4a1b
GET /en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 210
content-type: image/png
content-md5: XhNtc4yT/bMsCP2ySZBcHw==
last-modified: Fri, 04 Mar 2022 07:17:30 GMT
etag: 0x8D9FDAF0B81DF68
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1e9e959a-101e-0033-6df7-4e3acb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:50:15 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png
200 OK 3.4 kB URL HTTP/2 support.content.office.net/en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png
IP
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash b7b315e5398a5177f50394fc16f577a6
23d3cbf6a21d4fc6c275e70cd71e9f276bb4db52
92aa5dec4f2ee690cf1f8230fd67ed58b5918a7d1b0137dee46e6751fb439da6
GET /en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 3425
content-type: image/png
content-md5: t7MV5TmKUXf1A5T8FvV3pg==
last-modified: Fri, 04 Mar 2022 07:17:31 GMT
etag: 0x8D9FDAF0BEDAF8E
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6d91cf68-101e-0033-0862-343acb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:50:15 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png
200 OK 150 kB URL HTTP/2 support.content.office.net/en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png
IP
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size 150 kB (150348 bytes)
Hash 9aea7c1dc69d1cea907c024eab971118
4986a5deab1bb0c9f0a66e5ea996bce6f56683aa
ce4c6516f665d6893fdbe6e537c75e52213793bc2a6c55457fa63ebf1344112f
GET /en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 150348
content-type: image/png
content-md5: mup8HcadHOqQfAJOq5cRGA==
last-modified: Thu, 27 Oct 2022 22:24:37 GMT
etag: 0x8DAB86A08773082
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b088ad0d-a01e-0036-3585-46e810000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:50:15 GMT
X-Firefox-Spdy: h2
support.microsoft.com/js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo
200 OK 4.2 kB URL HTTP/2 support.microsoft.com/js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo
IP
Hash b93f7321e326ca5c00d52e5df0357efa
5620e44d1318a3fa8c3f3f7685d76706752f4e36
5b00dfd36987ed6f3f48ba6eac2f7d177b9eb6526ef82f2cc786549bad43b5ec
GET /js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95b63110b87a7"
last-modified: Mon, 20 Mar 2023 19:35:03 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMP9F9QRNTIA:00000002
x-operationid: 339e5f86b50090f398deab88aaa43966
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 847
cache-control: private, max-age=30858433
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/okPE-vs.png
200 OK 313 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/okPE-vs.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 37 x 38, 8-bit grayscale, non-interlaced\012- data
Hash f8176054bb2e264452c0d7c3a1a1093c
dd3145e0f95a236e073a780a2529febf409d4f2b
bf8ebf2c2aeb4d8310341694baf1ed935d35c68c1572588af85b4775d5cf500e
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/okPE-vs.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:15 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:43 GMT
ETag: "139-5f7f7b96a50ea"
Accept-Ranges: bytes
Content-Length: 313
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
support.microsoft.com/js/Support.Main.min.js?v=W8dFf-_6LsYeYnFrrDAnlly_2cW523R5VJTM1vuKsW4
200 OK 4.3 kB URL HTTP/2 support.microsoft.com/js/Support.Main.min.js?v=W8dFf-_6LsYeYnFrrDAnlly_2cW523R5VJTM1vuKsW4
IP
Hash dc66df4b133bbbeed776ca86b5ad68da
eab70e67489815ac093d17c1922a5dc5cf8c0ef0
8cbbbe47e52239d7d23ae19946fc2b2e3c6e95dcf7631c807af7a811c89cb78e
GET /js/Support.Main.min.js?v=W8dFf-_6LsYeYnFrrDAnlly_2cW523R5VJTM1vuKsW4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d93cd3d990e1b6"
last-modified: Thu, 09 Feb 2023 22:14:17 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATD2K44N1:00000008
x-operationid: db6acdf5015599ddcb8586ddf0df78c4
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 22335
cache-control: private, max-age=28532060
date: Tue, 28 Mar 2023 15:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/landingpage/landing-page.min.css?v=yfVEPK33ndcBi43i0hgEJ2wI5J7vdLQ-zQCKIjoHuzQ
200 OK 7.2 kB URL HTTP/2 support.microsoft.com/css/landingpage/landing-page.min.css?v=yfVEPK33ndcBi43i0hgEJ2wI5J7vdLQ-zQCKIjoHuzQ
IP
File type Unicode text, UTF-8 text, with very long lines (51715)
Hash f0c069967fa243caf912bf8b1697cfac
99fb0c8d3eeedec53896a0c941b1c81e8dc1e5b0
1f069a146d8726ae08a13e218908b454c3360afbe4ee8f5702918b0096c17e01
GET /css/landingpage/landing-page.min.css?v=yfVEPK33ndcBi43i0hgEJ2wI5J7vdLQ-zQCKIjoHuzQ HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95cec6b84f5ee"
last-modified: Wed, 22 Mar 2023 18:30:47 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPB0F800BJN:00000002
x-operationid: 4f71be67d76080db65952720a2e38293
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 7233
cache-control: private, max-age=31465421
date: Tue, 28 Mar 2023 15:50:15 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4
200 OK 814 B URL HTTP/2 support.microsoft.com/css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4
IP
File type ASCII text, with very long lines (2230), with no line terminators
Hash e22f91333200d597a00d4e98527400e1
76659fa749d8848ace64e464941316325b07bb42
831d28e62fbfbb7488dc3471184f9116ebc453bed3464870815e22c9e2240233
GET /css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fd9f1cb6"
last-modified: Thu, 09 Feb 2023 22:08:08 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9TTJPSF:00000007
x-operationid: a8c1176152eae790e1c66cc9e7ef4244
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 814
cache-control: private, max-age=28534869
date: Tue, 28 Mar 2023 15:50:15 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI
200 OK 1.5 kB URL HTTP/2 support.microsoft.com/css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI
IP
File type ASCII text, with very long lines (4370), with no line terminators
Hash 99ba2848ba9a06514e6cc579f6995206
632460dae575c7c20a27b5716c236d9debe4b9ed
85455b4dd8114d33bedf87384aa0ee36a67b38183452686a76c2846d11caf3f1
GET /css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd345be2792"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATAF6QE2N:00000007
x-operationid: bcf7a863a55c2f3056da2b8d1ebda881
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1492
cache-control: private, max-age=28535242
date: Tue, 28 Mar 2023 15:50:15 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI
200 OK 654 B URL HTTP/2 support.microsoft.com/css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI
IP
File type ASCII text, with very long lines (1877), with no line terminators
Hash 0d5d7ed2a6b811caffa8f525e3f71610
553802ca3a157bfd1fd028f494b792c201eb1ef7
8af71052a0ee40641e37dc7ec367a380e1d88cdc057a71b460f397085c011fcc
GET /css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd3903fb455"
last-modified: Thu, 09 Feb 2023 22:12:14 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATD1USELT:00000004
x-operationid: 1a5945489342e777d3ba9f9b3ebabcaf
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 654
cache-control: private, max-age=28534771
date: Tue, 28 Mar 2023 15:50:15 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meBoot.min.js
200 OK 34 kB URL HTTP/2 mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meBoot.min.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Hash b3b3cd23b17a2ef0916d3f2962fca2ad
05f88311ef4f9260c959c9c944a830dcc912b1f2
03724c2d14e5e1bcb2938c2c59cc073e8c40e03da8fbd50e7fa9e465ba539054
GET /scripts/me/MeControl/10.23038.5/en-US/meBoot.min.js HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
last-modified: Fri, 24 Mar 2023 01:15:24 GMT
etag: "1d95e28c88634a3"
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0TC4iZAAAAAAjIag5uUM0Qq6JWNO1FPa+QU1TMDRFREdFMTkxMgBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0twwjZAAAAAAEpXds1YazQorYQ97Nwi4MU1ZHMjBFREdFMDUwNwBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 28 Mar 2023 15:50:14 GMT
X-Firefox-Spdy: h2
support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
200 OK 3.1 kB URL HTTP/2 support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
IP
File type Unicode text, UTF-8 (with BOM) text, with very long lines (10532), with no line terminators
Hash 0737acfed55616de4eda800b15cbf1fb
7e896a35974259d41ced3e2b70f564f3c34df4f8
8da6bcf631d27020b2ff6b788648d0f124f69ee5806e37ce415cdf9d4b88b8c9
GET /css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fc6dcc3b"
last-modified: Thu, 09 Feb 2023 22:08:06 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9HC2Q08:00000003
x-operationid: 4052353e8561fa8359cf8f718f5e1cd5
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 3141
cache-control: private, max-age=28535097
date: Tue, 28 Mar 2023 15:50:15 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/qsbs-firewall.png
200 OK 920 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/qsbs-firewall.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 77 x 63, 8-bit colormap, non-interlaced\012- data
Hash b0495ede4c875843fec037c794e9ff9a
c813aefba255a5cc53aea7811f987ccb551c3128
52b762d47c066e16300675d56cc359b504ffd3239438c96eb973864311bb7b79
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/qsbs-firewall.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:42 GMT
ETag: "398-5f7f7b95b2bfa"
Accept-Ranges: bytes
Content-Length: 920
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
support.content.office.net/en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png
200 OK 94 kB URL HTTP/2 support.content.office.net/en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png
IP
File type PNG image data, 2006 x 426, 8-bit colormap, non-interlaced\012- data
Hash f2378ce679cd470615bc0f5fdfb04868
377f63641a07739d73b4b119c927dc43a853d5cf
d66573493a7baebfb1ebf6913e924129bebf36b563d84a7e613a6418a79637fd
GET /en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 94486
content-type: image/png
content-md5: 8jeM5nnNRwYVvA9f37BIaA==
last-modified: Thu, 07 Oct 2021 18:46:47 GMT
etag: 0x8D989C2D12875EB
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e471a9d9-801e-0053-2ddf-474654000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:50:15 GMT
X-Firefox-Spdy: h2
support.microsoft.com/css/glyphs/SupMDL2_v4_69.woff2
200 OK 30 kB URL HTTP/2 support.microsoft.com/css/glyphs/SupMDL2_v4_69.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 29588, version 0.0\012- data
Hash f04217f47619ac51664e7a65b3f77b48
c32c07c33ba8850f282492b2bd38be170b556541
5975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61
GET /css/glyphs/SupMDL2_v4_69.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 29588
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1d93cd2fd9f6794"
last-modified: Thu, 09 Feb 2023 22:08:08 GMT
request-context: appId=
x-correlationid: 0HMOAT9TTJQ9L:0000000C
x-operationid: 6d6743342ea344f98126edce9edbb2ed
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=28535304
date: Tue, 28 Mar 2023 15:50:15 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156154149086141.YTUyMTVhYmYtMTc2My00N2M2LTk3YTktZDlhOGUyMzdkZmNjODVlZGQ3MDUtM2ZmZC00YWFhLWI1MmYtNjFhMDZiNDkzNWE2&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-hktYDz94yfo9o8RBxUbW4Tim3M01x62gpEekSN1_RPTVATRKFlf9MTKz3_08VRTsZmtKsjY6o9NFJAgKf0cPYyfxSbffydC_8b0jZIVpq2fbxeueW_knwVD9cLUT1f8ohREmiwwdJ_4WazrthDbkaEl1s-UeuQXMX3kTIMGwL8WdgO99pwsgUTbH-N3v963uh98QMI-NMe1ziG_jwlriW8cydqeEn-sD8pO6Q0EAyv97BRPARAyTksQ2B6BCThMhiNly7g0c0pVqXdBW6TR3K2Hy2mDVsp7ARA4SL4t2-p-zReAs0EFuxHiJyuH2eZJg9WwYrm1q7Ev36qCyHN5YTR&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
200 OK 59 kB URL HTTP/1.1 login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156154149086141.YTUyMTVhYmYtMTc2My00N2M2LTk3YTktZDlhOGUyMzdkZmNjODVlZGQ3MDUtM2ZmZC00YWFhLWI1MmYtNjFhMDZiNDkzNWE2&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-hktYDz94yfo9o8RBxUbW4Tim3M01x62gpEekSN1_RPTVATRKFlf9MTKz3_08VRTsZmtKsjY6o9NFJAgKf0cPYyfxSbffydC_8b0jZIVpq2fbxeueW_knwVD9cLUT1f8ohREmiwwdJ_4WazrthDbkaEl1s-UeuQXMX3kTIMGwL8WdgO99pwsgUTbH-N3v963uh98QMI-NMe1ziG_jwlriW8cydqeEn-sD8pO6Q0EAyv97BRPARAyTksQ2B6BCThMhiNly7g0c0pVqXdBW6TR3K2Hy2mDVsp7ARA4SL4t2-p-zReAs0EFuxHiJyuH2eZJg9WwYrm1q7Ev36qCyHN5YTR&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (42341), with CRLF, LF line terminators
Hash 70510f6efeff47241ac82cbdcca4087f
218c1e5a82d44655dffdea228665910123ff7efa
6f1a41dcdddce45b1c21da41a40ef87b1387857afe6cb12086e3ce82f081e091
GET /common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156154149086141.YTUyMTVhYmYtMTc2My00N2M2LTk3YTktZDlhOGUyMzdkZmNjODVlZGQ3MDUtM2ZmZC00YWFhLWI1MmYtNjFhMDZiNDkzNWE2&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-hktYDz94yfo9o8RBxUbW4Tim3M01x62gpEekSN1_RPTVATRKFlf9MTKz3_08VRTsZmtKsjY6o9NFJAgKf0cPYyfxSbffydC_8b0jZIVpq2fbxeueW_knwVD9cLUT1f8ohREmiwwdJ_4WazrthDbkaEl1s-UeuQXMX3kTIMGwL8WdgO99pwsgUTbH-N3v963uh98QMI-NMe1ziG_jwlriW8cydqeEn-sD8pO6Q0EAyv97BRPARAyTksQ2B6BCThMhiNly7g0c0pVqXdBW6TR3K2Hy2mDVsp7ARA4SL4t2-p-zReAs0EFuxHiJyuH2eZJg9WwYrm1q7Ev36qCyHN5YTR&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/
Connection: keep-alive
Cookie: brcap=0; MSFPC=GUID=27491a5fca0c436896bdbf20a1588da0&HASH=2749&LV=202205&V=4&LU=1652883922743; ESTSSSOTILES=1; AADSSOTILES=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msauth.net>; rel=dns-prefetch, <https://aadcdn.msftauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: c7fd9ae0-b36a-44d4-a1a7-8925026d2300
x-ms-ests-server: 2.1.14990.5 - WEULR2 ProdSlices
x-ms-clitelem: 1,0,0,,
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: buid=0.ARoAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevruHNYX5kFU2kEfBA8bcAEwQC27L9mt1BInuTBF1fXe0-7V8o7fcH4rEnFRelk5yV7hja_49kb24JjMoo6jRXkjl9Ou_FPyIdP9in5OnDFuscgAA; expires=Thu, 27-Apr-2023 15:50:15 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=Av4p5eaUltZBnIP_klhDkt5qwEtIAQAAALYDtdsOAAAA; expires=Thu, 27-Apr-2023 15:50:15 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABAAEAAAD--DLA3VO7QrddgJg7Wevr0f93ekCMP-zHMqDkxa4XtpPBc13nW191Ua6C7YIcl9pEZqQcqMrVTuCHfGc4rzovIxsCeIj12jHoO2Ytg9kqB0536KARzAgoMcB2G8h1fo7DvSEsS0yJ4g5NnZqZy1YOj0Gyc_Kb436Sa1oYf5iQHMnZ_ywHamU3wf68yRff9yIgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 28 Mar 2023 15:50:14 GMT
Content-Length: 59237
143.198.232.196/tj6/9chrmx0973xu9x08x/def.png
200 OK 3.8 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/def.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 77a2ffc5545f87551d74781201de9b3b
c9c3798afd2ae95aa3bba3c428335d49c8255b06
316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/def.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:41 GMT
ETag: "efa-5f7f7b9552ff6"
Accept-Ranges: bytes
Content-Length: 3834
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/-EBq-current.png
200 OK 1.2 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/-EBq-current.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 27 x 28, 8-bit colormap, non-interlaced\012- data
Hash 35629cc2adc804353a548305f1217206
cda6e89c5f6a644683aea6999a5d11e00dc64275
c1d52e31f7fc13cbb3efca8b0ec937ddd97a5ec545c4dad26193429db10d8662
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/-EBq-current.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:15 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:42 GMT
ETag: "48a-5f7f7b95fef56"
Accept-Ranges: bytes
Content-Length: 1162
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
support.content.office.net/en-us/media/d245e220-3337-404c-b0cc-c0684b680f7e.png
200 OK 9.4 kB URL HTTP/2 support.content.office.net/en-us/media/d245e220-3337-404c-b0cc-c0684b680f7e.png
IP
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash ebd667c89f68bf45837e47001c909015
c258e7eaa89971ff277d22bad64e71025d3b16f3
b51cbe1af99579551b84a0dd4310f2cc763aba6885f9e302cb164c67c661bc9d
GET /en-us/media/d245e220-3337-404c-b0cc-c0684b680f7e.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 9385
content-type: image/png
content-md5: 69ZnyJ9ov0WDfkcAHJCQFQ==
last-modified: Fri, 04 Mar 2022 07:17:50 GMT
etag: 0x8D9FDAF17BE6653
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a1e93095-601e-0080-1af1-449a66000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:50:15 GMT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/virus-images.png
200 OK 33 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/virus-images.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 200 x 191, 8-bit/color RGBA, non-interlaced\012- data
Hash 68c7d1836cf921e767b980e8ce6d845b
395fc474214809b1282fc589e4a8f0be81b16adc
870e9d768ba46521935ced4cee560acfbb4f12370e5476dc6a2a45f0141a8392
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/virus-images.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:15 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:40 GMT
ETag: "8256-5f7f7b9459d98"
Accept-Ranges: bytes
Content-Length: 33366
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=d55c5a76-177b-424a-0da0-ba43b7be4b12&partnerId=smcconvergence&idpflag=proxy
200 OK 1.3 kB URL HTTP/1.1 login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=d55c5a76-177b-424a-0da0-ba43b7be4b12&partnerId=smcconvergence&idpflag=proxy
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 7d366bfa7c9b7951156ee8aba87da979
37591dff2710f5dc1fa49930c6243a64959d85c3
3211675897496be86ecb797bb8a5423f756caec84aef713cd4e794f808b8e2d8
GET /savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=d55c5a76-177b-424a-0da0-ba43b7be4b12&partnerId=smcconvergence&idpflag=proxy HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Cookie: brcap=0; MSFPC=GUID=27491a5fca0c436896bdbf20a1588da0&HASH=2749&LV=202205&V=4&LU=1652883922743; ESTSSSOTILES=1; AADSSOTILES=1; buid=0.ARoAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevruHNYX5kFU2kEfBA8bcAEwQC27L9mt1BInuTBF1fXe0-7V8o7fcH4rEnFRelk5yV7hja_49kb24JjMoo6jRXkjl9Ou_FPyIdP9in5OnDFuscgAA; fpc=Av4p5eaUltZBnIP_klhDkt5qwEtIAQAAALYDtdsOAAAA; esctx=PAQABAAEAAAD--DLA3VO7QrddgJg7Wevr0f93ekCMP-zHMqDkxa4XtpPBc13nW191Ua6C7YIcl9pEZqQcqMrVTuCHfGc4rzovIxsCeIj12jHoO2Ytg9kqB0536KARzAgoMcB2G8h1fo7DvSEsS0yJ4g5NnZqZy1YOj0Gyc_Kb436Sa1oYf5iQHMnZ_ywHamU3wf68yRff9yIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 57beab93-e427-487a-a5f1-40156c890500
x-ms-ests-server: 2.1.14990.5 - WEULR1 ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: fpc=Av4p5eaUltZBnIP_klhDkt5qwEtIAQAAALYDtdsOAAAA; expires=Thu, 27-Apr-2023 15:50:15 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 28 Mar 2023 15:50:14 GMT
Content-Length: 1305
143.198.232.196/tj6/9chrmx0973xu9x08x/Z5BR-network.png
200 OK 607 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/Z5BR-network.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 63 x 70, 8-bit colormap, non-interlaced\012- data
Hash 2cd03a547f00cad010f9038619df45de
912f919836a77a514c76b990aceaf5e930a24024
c56a8ae4818963e0d71eda4ebf46b4f2cdd3a238537dc8e99711fb690d272a73
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/Z5BR-network.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:15 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:40 GMT
ETag: "25f-5f7f7b9400f02"
Accept-Ranges: bytes
Content-Length: 607
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/kxFy-clip.png
200 OK 542 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/kxFy-clip.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 66 x 68, 8-bit colormap, non-interlaced\012- data
Hash 0e9558d2d6e8000ce5c6c749c8fc67c2
f7ba9490807ef70bb6195150d6287cd54b7fefd0
91fb42a68a122344fd78cfd5f0cf9d06ff6d307fd4a5c68f40231c5950ece9a1
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/kxFy-clip.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:47 GMT
ETag: "21e-5f7f7b9b02cda"
Accept-Ranges: bytes
Content-Length: 542
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
200 OK 28 kB URL HTTP/2 www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16813), with CRLF, LF line terminators
Hash fd1bdccddfdccc349322936e3b1b62cb
45dcb009c171719dd87aa2a3f59251cd757e6c38
b2c8ca1344b3cde12d5249bbe3c9c60be6c252a01ed4838e7047e6bd6e0aa1b4
GET /en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/en-US
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-transform
content-type: text/html; charset=utf-8
x-activity-id: cb740103-30b5-4fae-a905-16d853a49d17
x-appversion: 1.0.8468.43152
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
ms-operation-id: 531d529d221f4b4cbb535d394a378377
p3p: CP="CAO CONi OTR OUR DEM ONL"
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 28 Mar 2023 15:50:15 GMT
content-length: 28057
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4730e773.0
ms-cv-esi: CASMicrosoftCV4730e773.0
set-cookie: akacd_OneRF=1687794615~rv=98~id=4d770fd942497c160ccd1663663020b3; path=/; Expires=Mon, 26 Jun 2023 15:50:15 GMT; Secure; SameSite=None
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/mwf/css/MWF_20230313_66247431/west-european/default/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0&include_base=true
200 OK 22 kB URL HTTP/2 www.microsoft.com/mwf/css/MWF_20230313_66247431/west-european/default/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0&include_base=true
IP
File type Unicode text, UTF-8 text, with very long lines (64174)
Hash c525127a72097b4f3ff72f20cbb16f10
e4026ae6b0987efafa99631574a80b92d701155d
286a6ec3d34691c0b980e09a03306c1ee822ff0ef0592ff030deeb71187d495c
GET /mwf/css/MWF_20230313_66247431/west-european/default/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0&include_base=true HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Mon, 27 Mar 2023 18:42:10 GMT
x-activity-id: b1113592-a596-4897-bce6-ee0ee39047c4
x-appversion: 1.0.8468.43152
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
ms-operation-id: 420fce3260126443ae1ef5007838f77c
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-s1: 2023-03-27T18:42:11
x-s2: 2023-03-27T18:42:11
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=31459914
expires: Tue, 26 Mar 2024 18:42:09 GMT
date: Tue, 28 Mar 2023 15:50:15 GMT
content-length: 21782
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4730ea9b.0
ms-cv-esi: CASMicrosoftCV4730ea9b.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2
200 OK 23 kB URL HTTP/2 www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22904, version 0.0\012- data
Hash c654a623ad90bb3dcd769dbbac34d863
8719de38f17d8e4d73e2a5e4e867d63dd3965baa
deec787cca1b9436e080478742a0299e0db1a9712543a72d2cdc8373fc45a432
GET /mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Mon, 16 May 2022 14:07:31 GMT
x-activity-id: e70f917b-6fcd-4b96-b7a7-97f8c9a3322e
x-appversion: 1.0.8153.36695
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-29T04:23:10.0000000Z}
ms-operation-id: 61cd73c50a64f14ba9f024fb26b8e4cb
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 22904
cache-control: public, max-age=17008437
expires: Wed, 11 Oct 2023 12:24:12 GMT
date: Tue, 28 Mar 2023 15:50:15 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4730ea94.0
ms-cv-esi: CASMicrosoftCV4730ea94.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/mwf/js/MWF_20230313_66247431/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0
200 OK 16 kB URL HTTP/2 www.microsoft.com/mwf/js/MWF_20230313_66247431/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0
IP
File type ASCII text, with very long lines (32913)
Hash 0bbdd019a5883814c9b3066e14d32040
6c8bf2b2ca295f63da3dd00177e0f92eb6dff5a7
d7baf348469dc40ecc20a3ad3bd9bd91fac0e2730aca7da3e5a5435f29c44b7e
GET /mwf/js/MWF_20230313_66247431/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
last-modified: Mon, 27 Mar 2023 18:41:46 GMT
x-activity-id: 4d31b880-0c9e-4cc9-961b-8b8cb48f5626
x-appversion: 1.0.8468.43152
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
ms-operation-id: 97551b1fda7f17459dd96c0f3d697714
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-s1: 2023-03-27T18:41:47
x-s2: 2023-03-27T18:41:47
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=31459890
expires: Tue, 26 Mar 2024 18:41:45 GMT
date: Tue, 28 Mar 2023 15:50:15 GMT
content-length: 15548
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4730eabc.0
ms-cv-esi: CASMicrosoftCV4730eabc.0
x-rtag: RT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/antivirus.png
200 OK 17 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/antivirus.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash f6e5701a264992107acc4583ed4ae622
a6df615fcb3a05bf4aefa62221127970956e5de6
45eb621e5fa1258a63f8e53d8032a1acd8805366bf0ea4c5f48cb2adbeaaa28f
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/antivirus.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:15 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:47 GMT
ETag: "427d-5f7f7b9aa30d6"
Accept-Ranges: bytes
Content-Length: 17021
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/mscomhp/_scrf/css/themes=default.device=uplevel_web_pc_moz/76-fd2264/19-19fa02/cb-ddc7e5?ver=2.0&_cf=02242021_3231
200 OK 4.4 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/mscomhp/_scrf/css/themes=default.device=uplevel_web_pc_moz/76-fd2264/19-19fa02/cb-ddc7e5?ver=2.0&_cf=02242021_3231
IP
File type Unicode text, UTF-8 (with BOM) text, with very long lines (30540)
Hash 8d9b94114ca442a693b4b42f9b3e5e6d
0c83e8bca6400fec5f9e8a5f00c638581f8f8964
df92c807f4ab492ac914712d40440ee2f3bbcb8479f3f7c7ae9cc2004ee9e0a3
GET /onerfstatics/marketingsites-neu-prod/west-european/mscomhp/_scrf/css/themes=default.device=uplevel_web_pc_moz/76-fd2264/19-19fa02/cb-ddc7e5?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 01 Feb 2022 23:29:21 GMT
x-activity-id: 73b609d7-461f-42f0-8b11-b96f5f26ae13
x-appversion: 1.0.8061.4385
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-01-26T10:26:10.0000000Z}
ms-operation-id: e10933a303aa964b83eda21bcb981948
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-02-01T23:29:21
x-s2: 2022-02-01T23:29:21
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
unused62: 8096267
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=16092731
expires: Sat, 30 Sep 2023 22:02:26 GMT
date: Tue, 28 Mar 2023 15:50:15 GMT
content-length: 4369
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4730eaa8.0
ms-cv-esi: CASMicrosoftCV4730eaa8.0
x-rtag: RT
X-Firefox-Spdy: h2
mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meCore.min.js
200 OK 16 kB URL HTTP/2 mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meCore.min.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (34235), with CRLF, LF line terminators
Hash bf9c5749e7a2098c5f70e2553329c027
7ce949db9ade2f1e200388849dce7a5e485b471c
c6285dd920a3cfb55cf281b7575c310d4129d6c2e7706fe19679bfcfae79d421
GET /scripts/me/MeControl/10.23038.5/en-US/meCore.min.js HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
last-modified: Thu, 16 Feb 2023 20:57:48 GMT
etag: "1d9428c615427a1"
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0mFIiZAAAAACuGL56CXX/TIucxU+vJUIxQU1TMDRFREdFMTgxNgBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0twwjZAAAAAAZlmtHR+W2RrWSU0PRJxpFU1ZHMjBFREdFMDUwNwBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 28 Mar 2023 15:50:14 GMT
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/49-a00ab0/92-02e55d/d5-bf34c0/a9-078595/c6-188593/20-927336/44-f01b50/48-7cd437/e6-6b0cce/38-612ec2/ed-0fe1b2/8f-f92bc5/6f-2bab60/1c-f5690b/40-4a3a67/76-82dcbc/8f-3cb0d7/24-0b8102/66-24c457/89-14589c/ab-5499e7/fe-0d4f73/e1-5e7bbe/22-c58acf/21-4ee9db/f3-0fe860/9d-004e7f/28-b05709/2c-4dd93a/f6-de95f9/c6-38e19f/70-9cf744/2f-059bb7/4a-d36a4c/b9-ab82c2/7b-e9553a/1f-7a1d7d/97-4b42ca/47-c8e45f/ea-bc80c4/dc-f723c4/2b-1a1a95/e4-4ea025/90-8d6f4c/d9-095267/4b-8dbc84/ae-07eb21?ver=2.0&_cf=02242021_3231
200 OK 80 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/49-a00ab0/92-02e55d/d5-bf34c0/a9-078595/c6-188593/20-927336/44-f01b50/48-7cd437/e6-6b0cce/38-612ec2/ed-0fe1b2/8f-f92bc5/6f-2bab60/1c-f5690b/40-4a3a67/76-82dcbc/8f-3cb0d7/24-0b8102/66-24c457/89-14589c/ab-5499e7/fe-0d4f73/e1-5e7bbe/22-c58acf/21-4ee9db/f3-0fe860/9d-004e7f/28-b05709/2c-4dd93a/f6-de95f9/c6-38e19f/70-9cf744/2f-059bb7/4a-d36a4c/b9-ab82c2/7b-e9553a/1f-7a1d7d/97-4b42ca/47-c8e45f/ea-bc80c4/dc-f723c4/2b-1a1a95/e4-4ea025/90-8d6f4c/d9-095267/4b-8dbc84/ae-07eb21?ver=2.0&_cf=02242021_3231
IP
File type ASCII text, with very long lines (49834)
Hash 224a515b9359fe4012b8c7319a7f6d3f
982c40534d77842abf10629828ab49ebff9b4543
1d28456deef085e03fba27663753453c301c8283fabfc12e9866afb6629b56ae
GET /onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/49-a00ab0/92-02e55d/d5-bf34c0/a9-078595/c6-188593/20-927336/44-f01b50/48-7cd437/e6-6b0cce/38-612ec2/ed-0fe1b2/8f-f92bc5/6f-2bab60/1c-f5690b/40-4a3a67/76-82dcbc/8f-3cb0d7/24-0b8102/66-24c457/89-14589c/ab-5499e7/fe-0d4f73/e1-5e7bbe/22-c58acf/21-4ee9db/f3-0fe860/9d-004e7f/28-b05709/2c-4dd93a/f6-de95f9/c6-38e19f/70-9cf744/2f-059bb7/4a-d36a4c/b9-ab82c2/7b-e9553a/1f-7a1d7d/97-4b42ca/47-c8e45f/ea-bc80c4/dc-f723c4/2b-1a1a95/e4-4ea025/90-8d6f4c/d9-095267/4b-8dbc84/ae-07eb21?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 13 Dec 2022 19:27:35 GMT
x-activity-id: 5475b4ba-afa9-449f-bb17-76d9359f5b00
x-appversion: 1.0.8349.33967
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-11-11T02:52:14.0000000Z}
ms-operation-id: 8c94162993d64b43bfacf8ca9a176113
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-12-13T19:27:35
x-s2: 2022-12-13T19:27:35
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=22477040
expires: Wed, 13 Dec 2023 19:27:35 GMT
date: Tue, 28 Mar 2023 15:50:15 GMT
content-length: 80008
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4730eab4.0
ms-cv-esi: CASMicrosoftCV4730eab4.0
x-rtag: RT
X-Firefox-Spdy: h2
login.live.com/Me.htm?v=3
200 OK 1.1 kB URL HTTP/1.1 login.live.com/Me.htm?v=3
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
Hash 9c08f0f5b411918572bb176b56d4b747
12814f1ffd1c414337cfc57da7561f4386ec8b67
d9f196403747ff4bbf6c3d61c7319f51e33be05825ac3b5200665e6e5ee26c0e
GET /Me.htm?v=3 HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=315360000
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Fri, 25 Mar 2033 15:50:15 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: R3_BL2
x-ms-request-id: 5a0550cf-e901-4387-8b68-d51466f3bd32
PPServer: PPV: 30 H: BL02PF2D6328432 V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=baf6cd3b004146a5ae7e1df2520c0c0b; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=N<=1680018615&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Tue, 28 Mar 2023 15:50:14 GMT
Content-Length: 1132
143.198.232.196/tj6/9chrmx0973xu9x08x/minimize.jpeg
200 OK 70 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/minimize.jpeg
IP
ASN #14061 DIGITALOCEAN-ASN
File type gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Hash 620762cb0f74cd82f56b55174b950079
b470f2a1fc95dd855001d3c9dcd2506806337060
05cedc9e1dfdb6c1d9e7f6fb305b54019917f0066d19e3d755fcd45cd9958c46
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/minimize.jpeg HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:44 GMT
ETag: "4315-5f7f7b97d4eb8"
Accept-Ranges: bytes
Content-Length: 17173
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
200 OK 82 kB URL HTTP/2 wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (63888), with no line terminators
Hash e51f388b62281af5b4a9193cce419941
364f3d737462b7fd063107fe2c580fdb9781a45a
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
GET /mscc/lib/v2/wcp-consent.js HTTP/1.1
Host: wcpstatic.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: max-age=43200
content-length: 81726
content-type: application/javascript
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
age: 8975
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2f3ba352-001e-003f-6578-619f7d000000
x-ms-version: 2009-09-19
x-azure-ref: 0twwjZAAAAAD2dDZUBWVNQJ1lvcE+dxqBU1ZHMjBFREdFMDYwOAAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
date: Tue, 28 Mar 2023 15:50:14 GMT
X-Firefox-Spdy: h2
login.live.com/Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc
200 OK 4.9 kB URL HTTP/1.1 login.live.com/Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (10755)
Hash 1ca5264aad96ad291d6bc3e365b4e588
db5e4a436698e75515616b3fab258780b314c0c5
dc993e2c04ee05e696d012ff8fd4404c8d1eae40e918253bf83c11bfe89b1de6
GET /Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Tue, 28 Mar 2023 15:49:15 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-DNS-Prefetch-Control: on
Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: R3_BL2
x-ms-request-id: f42581c1-b994-4859-811b-bdcb29fe7c7d
PPServer: PPV: 30 H: BL02PF37BE6460A V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=4012c192e78048a292fb2f3561b778bc; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=12<=1680018615&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
OParams=11O.DVQ1UlSQ1Of6whIFJratDucRIBsIrYs*tDAKsMkXnxtNqZLfq9qiAu1COKfMEtAkv0w!YWPOyxR!qy88kwJl6tccrxhoMbK71ZgefDqtVYY5sP5cYCSbG9d3fXGlTT3qBpsKcrnpdSMgOLagQ9xZRkH4zk1HD1IpgIbKYtmT8QFtXwBMhfVBBvAG4FW9UqM3IQvlkNgYqQBCBYVG1VwcZuDzhk9wlBOvugfKhZyL!1sMEaVdUL8BhePNSqYVM9gmh9W2kbc9ynTtgxre5qvh2vg$; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Tue, 28 Mar 2023 15:50:14 GMT
Content-Length: 4861
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.232.196/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 28 Mar 2023 14:05:11 GMT
expires: Tue, 28 Mar 2023 16:05:11 GMT
cache-control: public, max-age=7200
age: 6304
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/dfa0b592/coreui.statics/externalscripts/jquery/jquery-3.5.1.min.js
200 OK 31 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/dfa0b592/coreui.statics/externalscripts/jquery/jquery-3.5.1.min.js
IP
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash 7800d0ad4e07822dcdcd087c3841ee3b
3279b7f56b6c431dcbfa907549f599c629e93233
927473bbef3c67ecbb4afb89ecd548efcb0493c581c4e3542ef8e1dd03f302fc
GET /onerfstatics/marketingsites-neu-prod/_h/dfa0b592/coreui.statics/externalscripts/jquery/jquery-3.5.1.min.js HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 16 May 2022 06:01:07 GMT
x-activity-id: 8dffb4d3-9b57-4f47-b6a5-682492c57639
x-appversion: 1.0.8153.36695
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-29T04:23:10.0000000Z}
ms-operation-id: 44f03ef48b035a47aea55caae288ece0
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 30958
cache-control: public, max-age=16123773
expires: Sun, 01 Oct 2023 06:39:49 GMT
date: Tue, 28 Mar 2023 15:50:16 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4730f606.0
ms-cv-esi: CASMicrosoftCV4730f606.0
x-rtag: RT
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/seo.png
200 OK 21 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/seo.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash d6a6abff8300306298b9839210a01272
5d816e96fe022415f817bc580273bb6e3c58fb33
8d3a47bb7fede0db929ed92f8ebaee71fc12e3b4cc4f43362f3fc304d6fd130b
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/seo.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:15 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:42 GMT
ETag: "5095-5f7f7b9652fc2"
Accept-Ranges: bytes
Content-Length: 20629
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
143.198.232.196/tj6/9chrmx0973xu9x08x/cross.png
200 OK 386 kB URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/cross.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced\012- data
Size 386 kB (386359 bytes)
Hash be42ad7752720327d28bf52dbdbb64c2
f4cce31b9236319aa9c87fee038638d1de12c07d
c3ad6aa1c03fd108854f008cfec2753ba623e1470a4d61798b5d8c050e474868
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/cross.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:15 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:44 GMT
ETag: "5e537-5f7f7b97be72a"
Accept-Ranges: bytes
Content-Length: 386359
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa16d29e1-ef79-4edc-b710-c5c9d84af51a.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa16d29e1-ef79-4edc-b710-c5c9d84af51a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11e0f4bc8f80c5009c099d6a371950e0
60b1df4be988d5e60b7834e39a12e3524fe0a767
c3149c1d902c6889bdab0287f69771a247ab21c6a5ad50cba0f200db561445b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa16d29e1-ef79-4edc-b710-c5c9d84af51a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11674
x-amzn-requestid: b3fa7a9c-bf5c-44df-96ed-546f4da8f794
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cb5i3GN7oAMF1LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64216fab-2f380b4972056b6c64703e55;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 10:27:55 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: GN5sLhd8yUOi_odvkY8SIx0DDtXfUQ1HxLRrdOqFHjcqjIuM1KXDyA==
via: 1.1 50cc3f0b039433daebdf343a3f4489ae.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 08:30:45 GMT
age: 26375
etag: "60b1df4be988d5e60b7834e39a12e3524fe0a767"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.232.196/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 15:50:13 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 25462861
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7af1070c29c31c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
143.198.232.196/tj6/9chrmx0973xu9x08x/_Fm7-alert.mp3
206 Partial Content 0 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/_Fm7-alert.mp3
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/_Fm7-alert.mp3 HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 206 Partial Content
Date: Tue, 28 Mar 2023 15:50:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:46 GMT
ETag: "31080-5f7f7b999f282"
Accept-Ranges: bytes
Content-Length: 200832
Content-Range: bytes 0-200831/200832
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: audio/mpeg
143.198.232.196/tj6/9chrmx0973xu9x08x/mic.png
200 OK 0 B URL HTTP/1.1 143.198.232.196/tj6/9chrmx0973xu9x08x/mic.png
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert quad9 Sinkholed
GET /tj6/9chrmx0973xu9x08x/mic.png HTTP/1.1
Host: 143.198.232.196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.232.196/tj6/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:50:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:43:48 GMT
ETag: "c2-5f7f7b9bb9830"
Accept-Ranges: bytes
Content-Length: 194
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js
200 OK 0 B URL HTTP/2 js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js HTTP/1.1
Host: js.monitor.azure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: RlzwH95FOkmm6gksZWAC+w==
last-modified: Thu, 18 Aug 2022 21:40:45 GMT
etag: 0x8DA81624EF9033C
x-cache: TCP_HIT
x-ms-request-id: 88b32127-101e-002b-72a3-5d2caf000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.6
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0e7IhZAAAAADE/pe/NIVMSI19XgqJl4l2QU1TMDRFREdFMTgxOQBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
x-azure-ref: 0tgwjZAAAAABHMStiCFnPTYlVel3A1ReMU1ZHMjBFREdFMDYxNgBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Tue, 28 Mar 2023 15:50:14 GMT
X-Firefox-Spdy: h2
mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1
200 OK 0 B URL HTTP/2 mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, no-transform, max-age=43200
content-type: application/javascript
content-encoding: br
expires: Wed, 29 Mar 2023 01:50:10 GMT
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0HAojZAAAAAC/076l5Qf/QpiOQ+5rnxe8QU1TMDRFREdFMTgyMgBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0tgwjZAAAAADEi8v7X3DGQaoj9+Uw87O0U1ZHMjBFREdFMDYxOQBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 28 Mar 2023 15:50:14 GMT
X-Firefox-Spdy: h2
js.monitor.azure.com/scripts/c/ms.analytics-web-3.2.7.min.js
200 OK 0 B URL HTTP/2 js.monitor.azure.com/scripts/c/ms.analytics-web-3.2.7.min.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /scripts/c/ms.analytics-web-3.2.7.min.js HTTP/1.1
Host: js.monitor.azure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: Sb/q47QLN6j5URAwRjCa2Q==
last-modified: Wed, 05 Oct 2022 16:53:02 GMT
etag: 0x8DAA6F2110CCD22
x-cache: TCP_HIT
x-ms-request-id: b9bbd555-b01e-00cd-407e-5ec3d4000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.7
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0gzMeZAAAAAB+WDJ8hC4xTJvF6RFQRTY5QU1TMDRFREdFMTkxOQBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
x-azure-ref: 0tgwjZAAAAAAqqhYINm7US4tORqwnXcRiU1ZHMjBFREdFMDUxNgBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Tue, 28 Mar 2023 15:50:14 GMT
X-Firefox-Spdy: h2
143.198.232.196
2.18.173.151
188.114.99.234
104.18.11.207
40.126.31.64
23.14.15.147