| bloosomizenews.com/css/new/2199759762736163/reception@slurpmail.net//bloosomizenews.com/css/new/2199759762736163/reception@countrycluboflandfall.com |  144.76.105.214 | | 0 B |
URL bloosomizenews.com/css/new/2199759762736163/reception@slurpmail.net//bloosomizenews.com/css/new/2199759762736163/reception@countrycluboflandfall.com IP144.76.105.214:0 ASN#24940 Hetzner Online GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /css/new/2199759762736163/reception@slurpmail.net//bloosomizenews.com/css/new/2199759762736163/reception@countrycluboflandfall.com HTTP/1.1
Host: bloosomizenews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
refresh: 0;url=https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com
content-type: text/html; charset=UTF-8
content-length: 0
date: Tue, 07 May 2024 16:38:28 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
|
|
| pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html |  104.18.2.35 | | 217 kB |
URL pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html IP104.18.2.35:0
File typeHTML document, ASCII text, with very long lines (64651), with CRLF line terminators Size217 kB (216906 bytes) Hash5656000caa5c64ec7a879782e87efc05 42c9c5b651ca28ea4456256262586ff9e109ecba 505beeabcf5aa66691c2b76e7091edeef2905b3bbd1fe240064675d8a52d1f52
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /pop.html HTTP/1.1
Host: pub-313c05646f494dfb9db7900d94afa1e9.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 16:38:29 GMT
Content-Type: text/html
Content-Length: 216906
Connection: keep-alive
Accept-Ranges: bytes
ETag: "5656000caa5c64ec7a879782e87efc05"
Last-Modified: Tue, 07 May 2024 01:54:38 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8802a4010cd80b49-OSL
|
|
| aadcdn.msauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg |  13.107.213.53 | 200 OK | 673 B |
URL GET HTTP/2aadcdn.msauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashbc3d32a696895f78c19df6c717586a5d 9191cb156a30a3ed79c44c0a16c95159e8ff689d 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:29 GMT
content-type: image/svg+xml
content-length: 673
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Thu, 13 Feb 2020 02:05:12 GMT
etag: 0x8D7B0292911C366
x-ms-request-id: 88a7d700-701e-0079-592d-a0648d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163829Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qb9
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
x-cache-info: L1_T2
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_0ad43084800fd8b50a2576b5173746fe.png | 13.107.213.53 | 200 OK | 207 B |
URL GET HTTP/2aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_0ad43084800fd8b50a2576b5173746fe.png IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Hash0ad43084800fd8b50a2576b5173746fe 97c08e6062ff37f6e7a6c65e94d693ccc9ccd443 2c03ee38a4eba6a047c3a5bacb3eb461efe14be8acd46ae772350a4dea2f0175
GET /ests/2.1/content/images/ellipsis_white_0ad43084800fd8b50a2576b5173746fe.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:29 GMT
content-type: image/png
content-length: 207
cache-control: public, max-age=604800
last-modified: Fri, 02 Nov 2018 20:25:24 GMT
etag: 0x8D6410151EBB082
x-ms-request-id: e97aa5bd-c01e-003e-0924-a06692000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163829Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qb8
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
x-cache-info: L1_T2
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/ests/2.1/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9.png | 13.107.213.53 | 200 OK | 1.1 kB |
URL GET HTTP/2aadcdn.msauth.net/ests/2.1/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9.png IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced Hashed9c9eb0dce17d752bedea6b5acda6d9 eca56c4904354eed5da0debcd6bd66856ab4784d f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
GET /ests/2.1/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:29 GMT
content-type: image/png
content-length: 1057
cache-control: public, max-age=604800
last-modified: Fri, 02 Nov 2018 20:25:31 GMT
etag: 0x8D641015620C409
x-ms-request-id: 0a0e0727-001e-0022-2d2d-a022a9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163829Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qba
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
x-cache-info: L1_T2
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.1.1.min.js | 151.101.194.137 | 200 OK | 30 kB |
URL GET HTTP/2code.jquery.com/jquery-3.1.1.min.js IP151.101.194.137:443
Requested byhttps://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (32030) Hashe071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
GET /jquery-3.1.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 07 May 2024 16:38:29 GMT
age: 20299310
x-served-by: cache-lga21947-LGA, cache-hel1410023-HEL
x-cache: HIT, HIT
x-cache-hits: 118, 81738
x-timer: S1715099910.690492,VS0,VE0
vary: Accept-Encoding
content-length: 30070
X-Firefox-Spdy: h2
|
|
| smtpjs.com/v3/smtp.js |  109.169.71.112 | 200 OK | 871 B |
IP109.169.71.112:443 ASN#20860 Iomart Cloud Services Limited
Requested byhttps://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com CertificateIssuerLet's Encrypt Subjectsmtpjs.com FingerprintEC:83:1D:D8:A2:64:CE:2A:CC:AC:62:79:7D:42:09:D5:21:4E:8D:05 ValidityTue, 09 Apr 2024 02:31:24 GMT - Mon, 08 Jul 2024 02:31:23 GMT
File typeJavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (841), with CRLF line terminators Hash3834e1b9e65ca954b7479464ea1e5118 437df45dbf59c3a3414236f44e3bcd5045bfe314 fc33c6b2c79aafa930e841962ae3c25bf8f56cbc20ec48fc2b0ddd0aa6ee23b6
GET /v3/smtp.js HTTP/1.1
Host: smtpjs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 15 Mar 2024 10:08:42 GMT
accept-ranges: bytes
etag: "b65c4ac2c076da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Tue, 07 May 2024 16:38:28 GMT
content-length: 871
X-Firefox-Spdy: h2
|
|
| login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392 |  20.190.177.148 | 200 OK | 11 kB |
URL GET HTTP/1.1login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392 IP20.190.177.148:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com CertificateIssuerDigiCert Inc Subjectstamp2.login.microsoftonline.com Fingerprint8E:D8:59:8A:1D:3D:D8:ED:91:3E:38:F9:83:25:B0:8F:8D:A3:38:5C ValidityThu, 04 Apr 2024 00:00:00 GMT - Fri, 04 Apr 2025 23:59:59 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (10858), with CRLF, LF line terminators Hashc2c74de95f40af7da076533500728eb2 4952ef9aaaa826b6807081526e9f0b4944057b43 8272955a0f88509bc4a34631e70d7a7219343b81680730f8df5a442abcb59d0c
GET /logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 033543df-b828-4ca6-a722-700739390f00
x-ms-ests-server: 2.1.18037.7 - FRC ProdSlices
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: SignInStateCookie=CAgABFgIAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P_eKX34WWv3CfsNGW1iIJRc406BrObKuOpJ9bhILKVaSTcgbOQG2O_ARAuJP32T_ziVXEsb4PAjEg; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSSSOTILES=1; expires=Sun, 07-May-2034 16:38:29 GMT; path=/; secure; SameSite=None
AADSSOTILES=1; expires=Sun, 07-May-2034 16:38:29 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHPERSISTENT=AgABFwQAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P-jrJLjCkX3PlWXq2qD7KjvyJkUvo85k-RKZp4K9lgK5bKO5VceBj38gym95YKY5Bgcxf-E3DR_YA; domain=.login.microsoftonline.com; expires=Mon, 05-Aug-2024 16:38:29 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTH=AgABFwQAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P_tU_jJiLtInnKbp54hjjpbXiU6QrhPx_lkwqZ8V2vSe1pq5PewqE10qsPvZ4Y-wG0aRJQMLAcwRQ; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHLIGHT=+; path=/; secure; SameSite=None
buid=AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8g1aoCOHIFLRkrMMwPBxHK_kXNZUTywvOyeC205DwyzUn27rJ4xgTFgAg2O-TfCRq9E_i5nl9Cef537hPcuq77OQTAKHBhpdmR8NCllU4EYMgAA; expires=Thu, 06-Jun-2024 16:38:29 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=ApprHVq97vBHkNZOO_5AS3E; expires=Thu, 06-Jun-2024 16:38:29 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8xDT0sJhJ04j7780tGXfWpLkflwMNbCq0jfI7_d2QTdmPc1t1f7JdaEAI-3DgVLKp6l_zpl2ZQNpP10saKT8PZbaEb-sUDmyga-sqoKZUO3bqMMgOPl2tiVLqKh4pVRkYzo1_I2T13Nm8svimr3G7Vp-uKlFhr474B0cVJsGZ3G0gAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 07 May 2024 16:38:28 GMT
Content-Length: 11150
|
|
| api.ipify.org/?format=jsonp&callback=getPublic | 104.26.13.205 | 200 OK | 33 B |
URL GET HTTP/2api.ipify.org/?format=jsonp&callback=getPublic IP104.26.13.205:443
Requested byhttps://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com CertificateIssuerGoogle Trust Services LLC Subjectipify.org FingerprintC8:1A:05:47:C5:73:C6:CE:DF:1D:A6:DE:00:11:A9:9A:8C:DB:EF:A7 ValidityThu, 21 Mar 2024 19:56:02 GMT - Wed, 19 Jun 2024 19:56:01 GMT
File typeASCII text, with no line terminators Hashb1fdb43145cf7c3f6f2a1370889232f1 19cd287ba1ffae5908cf8d53d13abc302dac6f9c 9a751b74811a7c42413bc5109600706395ac8a8c057f7e6a55fc45b7ea41b191
GET /?format=jsonp&callback=getPublic HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:29 GMT
content-type: application/javascript
content-length: 33
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8802a4033fd0b4f7-OSL
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/ests/2.1/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png | 13.107.213.53 | 200 OK | 240 B |
URL GET HTTP/2aadcdn.msauth.net/ests/2.1/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typePNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced Hash7cc096da6aa2dba3f81fcc1c8262157c a50776316f0220ed7cd7882a68c742a8861c999d ab50358475adae73a435466c72d1a48ab124e8ae06614663716a46dce5ac8b83
GET /ests/2.1/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:29 GMT
content-type: image/png
content-length: 240
cache-control: public, max-age=604800
last-modified: Fri, 02 Nov 2018 20:25:10 GMT
etag: 0x8D64101494D74DC
x-ms-request-id: 9a88ab72-b01e-001d-7724-a08aa7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163829Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qbh
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
x-cache-info: L1_T2
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.office.com/estslogout?ru=/ | 13.107.9.156 | 302 Found | 0 B |
URL GET HTTP/2www.office.com/estslogout?ru=/ IP13.107.9.156:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com CertificateIssuerMicrosoft Corporation Subjectportal.office.com FingerprintF7:7F:0A:DD:B1:DF:2C:00:BF:54:BD:82:A4:CE:FF:04:8F:BA:92:FD ValidityFri, 16 Feb 2024 19:53:46 GMT - Mon, 10 Feb 2025 19:53:46 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /estslogout?ru=/ HTTP/1.1
Host: www.office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
location: https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=AG90WheFl08THPf8mxXAIHmO21ktISyludyRwwJtlatuHvMaj9kzlUmPiAUWeUo6A_7ussBygosdi4rj7jZ9r23Zij06hCgYTaz9fAjtf6UbhAjpjyjWkJc4su5Bf_1W&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0
vary: Accept-Encoding
set-cookie: OH.SID=fe221568-67c0-476f-a4d1-e7a6bfa26973; path=/; secure; samesite=none; httponly
OH.DCAffinity=OH-sec; expires=Wed, 08 May 2024 00:38:29 GMT; path=/; secure; samesite=none; httponly
OH.FLID=f53cc8b4-ea07-471e-a647-c5ea36c7e0b9; expires=Wed, 07 May 2025 16:38:29 GMT; path=/; secure; samesite=none; httponly
MUID=3FAE1E5C3F3066681B880A243E7867AC; path=/; secure; expires=Sun, 01-Jun-2025 16:38:29 GMT; domain=office.com
request-context: appId=
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge,chrome=1
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: FFCB8A79C9C04F4AB96EC36D5C271DD6 Ref B: HEL01EDGE1711 Ref C: 2024-05-07T16:38:29Z
date: Tue, 07 May 2024 16:38:29 GMT
content-length: 0
X-Firefox-Spdy: h2
|
|
| www.office.com/estslogout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F | 13.107.9.156 | 302 Found | 0 B |
URL GET HTTP/2www.office.com/estslogout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F IP13.107.9.156:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com CertificateIssuerMicrosoft Corporation Subjectportal.office.com FingerprintF7:7F:0A:DD:B1:DF:2C:00:BF:54:BD:82:A4:CE:FF:04:8F:BA:92:FD ValidityFri, 16 Feb 2024 19:53:46 GMT - Mon, 10 Feb 2025 19:53:46 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /estslogout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F HTTP/1.1
Host: www.office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
location: https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=esWRB5xsfSkAe25LoE_S9DIQfwjXVH4JdnVpuhXehd8rZWTVmfc3K0-aLGxD9c_SN_Hr_SfOpxiw5piIjPoIVX16qJtRMPvO4acEpxpFGG7AztUlsjcuymOkY8Hwci0i&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0
vary: Accept-Encoding
set-cookie: OH.SID=d26e334f-ec33-43a9-a893-bc5371b73322; path=/; secure; samesite=none; httponly
OH.DCAffinity=OH-sec; expires=Wed, 08 May 2024 00:38:29 GMT; path=/; secure; samesite=none; httponly
OH.FLID=fdc6e613-93b8-4a3a-8b46-98dd25d21d97; expires=Wed, 07 May 2025 16:38:29 GMT; path=/; secure; samesite=none; httponly
MUID=091442DC11DF61D22BCB56A4109760E7; path=/; secure; expires=Sun, 01-Jun-2025 16:38:29 GMT; domain=office.com
request-context: appId=
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge,chrome=1
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 924EBF41A3154FCA81962DAC5ED0FA08 Ref B: HEL01EDGE1711 Ref C: 2024-05-07T16:38:29Z
date: Tue, 07 May 2024 16:38:29 GMT
content-length: 0
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico | 13.107.213.53 | 200 OK | 17 kB |
URL GET HTTP/2aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typeMS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors Hash12e3dac858061d088023b2bd48e2fa96 e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:30 GMT
content-type: image/x-icon
content-length: 17174
cache-control: public, max-age=604800
last-modified: Fri, 02 Nov 2018 20:25:25 GMT
etag: 0x8D6410152A9D7E1
x-ms-request-id: 06d58960-701e-003d-1797-9f1b94000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163830Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qbn
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
x-cache-info: L1_T2
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css | 13.107.213.53 | 200 OK | 20 kB |
URL GET HTTP/2aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392 CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typeASCII text, with very long lines (61177) Hashd62b4edeb512b07abef4688e27ecdde3 981a7825da5e29938ab6fe0cbfe2db622f7b8333 4b01a0a34ce8ed4bc8a8713be0442d49da6a756236b7b4424622ca3dee820f41
GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:30 GMT
content-type: text/css
content-length: 20314
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 27 Dec 2023 18:18:12 GMT
etag: 0x8DC07082FBB8D2B
x-ms-request-id: 4b0e17fe-901e-000f-77e6-9f6c81000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163830Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qbp
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js | 13.107.213.53 | 200 OK | 40 kB |
URL GET HTTP/2aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=esWRB5xsfSkAe25LoE_S9DIQfwjXVH4JdnVpuhXehd8rZWTVmfc3K0-aLGxD9c_SN_Hr_SfOpxiw5piIjPoIVX16qJtRMPvO4acEpxpFGG7AztUlsjcuymOkY8Hwci0i&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65450), with CRLF line terminators Hash75cf78d0e38c65a538ad253ca9e48dbe bf0452e4a42a9af3b69d5d8c3a3a0433f14921b6 df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0
GET /ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:30 GMT
content-type: application/x-javascript
content-length: 40454
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Fri, 26 Feb 2021 06:12:05 GMT
etag: 0x8D8DA1D70FBDD97
x-ms-request-id: 05d1112e-c01e-003e-0fe5-9f6692000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163830Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qbq
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=AG90WheFl08THPf8mxXAIHmO21ktISyludyRwwJtlatuHvMaj9kzlUmPiAUWeUo6A_7ussBygosdi4rj7jZ9r23Zij06hCgYTaz9fAjtf6UbhAjpjyjWkJc4su5Bf_1W&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 | 20.190.177.148 | 200 OK | 11 kB |
URL GET HTTP/1.1login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=AG90WheFl08THPf8mxXAIHmO21ktISyludyRwwJtlatuHvMaj9kzlUmPiAUWeUo6A_7ussBygosdi4rj7jZ9r23Zij06hCgYTaz9fAjtf6UbhAjpjyjWkJc4su5Bf_1W&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 IP20.190.177.148:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com CertificateIssuerDigiCert Inc Subjectstamp2.login.microsoftonline.com Fingerprint8E:D8:59:8A:1D:3D:D8:ED:91:3E:38:F9:83:25:B0:8F:8D:A3:38:5C ValidityThu, 04 Apr 2024 00:00:00 GMT - Fri, 04 Apr 2025 23:59:59 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (11046), with CRLF, LF line terminators Hashce924d6f1f67b810944a9b640a1fbe3d 53a64da7293c4536f079fdb7a547d4e5ee36fcd2 fac708dbcae6a5c48443adc86d15f9b95601a352748c2176056f9522d5b9dc59
GET /common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=AG90WheFl08THPf8mxXAIHmO21ktISyludyRwwJtlatuHvMaj9kzlUmPiAUWeUo6A_7ussBygosdi4rj7jZ9r23Zij06hCgYTaz9fAjtf6UbhAjpjyjWkJc4su5Bf_1W&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/
DNT: 1
Connection: keep-alive
Cookie: SignInStateCookie=CAgABFgIAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P_eKX34WWv3CfsNGW1iIJRc406BrObKuOpJ9bhILKVaSTcgbOQG2O_ARAuJP32T_ziVXEsb4PAjEg; ESTSSSOTILES=1; AADSSOTILES=1; ESTSAUTHPERSISTENT=AgABFwQAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P-jrJLjCkX3PlWXq2qD7KjvyJkUvo85k-RKZp4K9lgK5bKO5VceBj38gym95YKY5Bgcxf-E3DR_YA; ESTSAUTH=AgABFwQAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P_tU_jJiLtInnKbp54hjjpbXiU6QrhPx_lkwqZ8V2vSe1pq5PewqE10qsPvZ4Y-wG0aRJQMLAcwRQ; ESTSAUTHLIGHT=+; buid=AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8g1aoCOHIFLRkrMMwPBxHK_kXNZUTywvOyeC205DwyzUn27rJ4xgTFgAg2O-TfCRq9E_i5nl9Cef537hPcuq77OQTAKHBhpdmR8NCllU4EYMgAA; fpc=ApprHVq97vBHkNZOO_5AS3E; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8xDT0sJhJ04j7780tGXfWpLkflwMNbCq0jfI7_d2QTdmPc1t1f7JdaEAI-3DgVLKp6l_zpl2ZQNpP10saKT8PZbaEb-sUDmyga-sqoKZUO3bqMMgOPl2tiVLqKh4pVRkYzo1_I2T13Nm8svimr3G7Vp-uKlFhr474B0cVJsGZ3G0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: f6ddb317-e591-41e3-85b3-11838f334a00
x-ms-ests-server: 2.1.17968.10 - SEC ProdSlices
x-ms-clitelem: 1,0,0,,
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: SignInStateCookie=CAgABFgIAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P-lcChQoyWQbLj0GF8Eq5f0Ca-gUuymu3yEUo-DyaoaCJopAJWcGnCCw0kgp-QeU9B1Zn0PVC0SVA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSSSOTILES=1; expires=Sun, 07-May-2034 16:38:30 GMT; path=/; secure; SameSite=None
AADSSOTILES=1; expires=Sun, 07-May-2034 16:38:30 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHPERSISTENT=AgABFwQAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P99eOO1tbvPPfFbcO4i1w1EWeiMVjkwhck6-j0qLpmxOpqoWLrl1U_Bp53TImK_KLY_18FOTg5nHQ; domain=.login.microsoftonline.com; expires=Mon, 05-Aug-2024 16:38:30 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTH=AgABFwQAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P-JXHNA8nH2mPyQ_HSt_aZ1hodzoXHkqNjFUI-AncXy2u8y_AjE4lWNkvuohoSumW3G6qjEvI_p6Q; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHLIGHT=+; path=/; secure; SameSite=None
buid=AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8p-52DQ47MBPtEQfJMh1nexNFJy1YOwtfFOyDI83TyAx_YMLGuL-qZWkwNzEGiktqs7hr8560Wz7gvGNEtyBPoIg_YOHIln918eD7vf-fwrYgAA; expires=Thu, 06-Jun-2024 16:38:30 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=ApprHVq97vBHkNZOO_5AS3E; expires=Thu, 06-Jun-2024 16:38:30 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 07 May 2024 16:38:29 GMT
Content-Length: 11293
|
|
| aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js | 13.107.213.53 | 200 OK | 45 kB |
URL GET HTTP/2aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=esWRB5xsfSkAe25LoE_S9DIQfwjXVH4JdnVpuhXehd8rZWTVmfc3K0-aLGxD9c_SN_Hr_SfOpxiw5piIjPoIVX16qJtRMPvO4acEpxpFGG7AztUlsjcuymOkY8Hwci0i&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (778) Hashbe630e623d7ee30720abfe258d7e77f9 28e1655eac90fc1f5a93f16366739ddfc9f04638 87e738d94f83503f243a4544d7c78a6dadd01c261a6a58fa5085715652029ab9
GET /ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:30 GMT
content-type: application/x-javascript
content-length: 44809
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Thu, 12 Oct 2023 21:23:59 GMT
etag: 0x8DBCB698CEF3B25
x-ms-request-id: c4a459ba-401e-0062-16bf-9ff1b8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163830Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qbr
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png | 13.107.213.53 | 200 OK | 1.1 kB |
URL GET HTTP/2aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=esWRB5xsfSkAe25LoE_S9DIQfwjXVH4JdnVpuhXehd8rZWTVmfc3K0-aLGxD9c_SN_Hr_SfOpxiw5piIjPoIVX16qJtRMPvO4acEpxpFGG7AztUlsjcuymOkY8Hwci0i&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced Hashed9c9eb0dce17d752bedea6b5acda6d9 eca56c4904354eed5da0debcd6bd66856ab4784d f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
GET /shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:30 GMT
content-type: image/png
content-length: 1057
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F48FD7E08
x-ms-request-id: 4449c8e6-401e-001a-12da-9f5ba9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163830Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qbs
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=esWRB5xsfSkAe25LoE_S9DIQfwjXVH4JdnVpuhXehd8rZWTVmfc3K0-aLGxD9c_SN_Hr_SfOpxiw5piIjPoIVX16qJtRMPvO4acEpxpFGG7AztUlsjcuymOkY8Hwci0i&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 | 20.190.177.148 | 200 OK | 11 kB |
URL GET HTTP/1.1login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=esWRB5xsfSkAe25LoE_S9DIQfwjXVH4JdnVpuhXehd8rZWTVmfc3K0-aLGxD9c_SN_Hr_SfOpxiw5piIjPoIVX16qJtRMPvO4acEpxpFGG7AztUlsjcuymOkY8Hwci0i&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 IP20.190.177.148:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html#reception@countrycluboflandfall.com CertificateIssuerDigiCert Inc Subjectstamp2.login.microsoftonline.com Fingerprint8E:D8:59:8A:1D:3D:D8:ED:91:3E:38:F9:83:25:B0:8F:8D:A3:38:5C ValidityThu, 04 Apr 2024 00:00:00 GMT - Fri, 04 Apr 2025 23:59:59 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (11046), with CRLF, LF line terminators Hash65cbf6b194895ad4c6c886dc948021b6 574294231952e532df72d81856e6dd3379371a34 6d259395e69cf9657e1030e472cce522a12f82a761187eec81283bf6b9ce7da6
GET /common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=esWRB5xsfSkAe25LoE_S9DIQfwjXVH4JdnVpuhXehd8rZWTVmfc3K0-aLGxD9c_SN_Hr_SfOpxiw5piIjPoIVX16qJtRMPvO4acEpxpFGG7AztUlsjcuymOkY8Hwci0i&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/
DNT: 1
Connection: keep-alive
Cookie: SignInStateCookie=CAgABFgIAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P_eKX34WWv3CfsNGW1iIJRc406BrObKuOpJ9bhILKVaSTcgbOQG2O_ARAuJP32T_ziVXEsb4PAjEg; ESTSSSOTILES=1; AADSSOTILES=1; ESTSAUTHPERSISTENT=AgABFwQAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P-jrJLjCkX3PlWXq2qD7KjvyJkUvo85k-RKZp4K9lgK5bKO5VceBj38gym95YKY5Bgcxf-E3DR_YA; ESTSAUTH=AgABFwQAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P_tU_jJiLtInnKbp54hjjpbXiU6QrhPx_lkwqZ8V2vSe1pq5PewqE10qsPvZ4Y-wG0aRJQMLAcwRQ; ESTSAUTHLIGHT=+; buid=AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8g1aoCOHIFLRkrMMwPBxHK_kXNZUTywvOyeC205DwyzUn27rJ4xgTFgAg2O-TfCRq9E_i5nl9Cef537hPcuq77OQTAKHBhpdmR8NCllU4EYMgAA; fpc=ApprHVq97vBHkNZOO_5AS3E; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8xDT0sJhJ04j7780tGXfWpLkflwMNbCq0jfI7_d2QTdmPc1t1f7JdaEAI-3DgVLKp6l_zpl2ZQNpP10saKT8PZbaEb-sUDmyga-sqoKZUO3bqMMgOPl2tiVLqKh4pVRkYzo1_I2T13Nm8svimr3G7Vp-uKlFhr474B0cVJsGZ3G0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: feb0e6c4-f83e-4fb0-a275-ae43fe0c3800
x-ms-ests-server: 2.1.17968.10 - SEC ProdSlices
x-ms-clitelem: 1,0,0,,
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: SignInStateCookie=CAgABFgIAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P8bmtm7S7dHqdJsZ3pB-eBhj2V7yCLntl9kBHYO19vgZE2I01BFReJEQI9aKHUr9DUZSRYq5wfp8w; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSSSOTILES=1; expires=Sun, 07-May-2034 16:38:30 GMT; path=/; secure; SameSite=None
AADSSOTILES=1; expires=Sun, 07-May-2034 16:38:30 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHPERSISTENT=AgABFwQAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P8mNo_6iI_Krw4dvYlPMPm7iMysV7TXG2Pn4EWD7VXow0cTJhrqZsYcGYmIKsCQq66DtYN7GAqI4Q; domain=.login.microsoftonline.com; expires=Mon, 05-Aug-2024 16:38:30 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTH=AgABFwQAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P9ojEafQMgRT3XrILrG58duI__wH7eqOrkDOOcmm3mZe0O_rIgJ7z1PBUh8-yY8Q9QeXqjzK2AmeA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHLIGHT=+; path=/; secure; SameSite=None
buid=AQABGgEAAADnfolhJpSnRYB1SVj-Hgd88tFmhQuHdmnlRnDrWX11pc4r1vW0AqlX9cSdrTxJ38cOdgqqmXwh4M51LZNB45Ma_9U2VmW8liam0o7qoGOZ_ane8La6VGnS3KARF6lFMUogAA; expires=Thu, 06-Jun-2024 16:38:30 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=ApprHVq97vBHkNZOO_5AS3E; expires=Thu, 06-Jun-2024 16:38:30 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 07 May 2024 16:38:30 GMT
Content-Length: 11292
|
|
| aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css | 13.107.213.53 | 200 OK | 20 kB |
URL GET HTTP/2aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392 CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typeASCII text, with very long lines (61177) Hashd62b4edeb512b07abef4688e27ecdde3 981a7825da5e29938ab6fe0cbfe2db622f7b8333 4b01a0a34ce8ed4bc8a8713be0442d49da6a756236b7b4424622ca3dee820f41
GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:30 GMT
content-type: text/css
content-length: 20314
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 27 Dec 2023 18:18:12 GMT
etag: 0x8DC07082FBB8D2B
x-ms-request-id: 4b0e17fe-901e-000f-77e6-9f6c81000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163830Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qc1
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js | 13.107.213.53 | 200 OK | 40 kB |
URL GET HTTP/2aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=esWRB5xsfSkAe25LoE_S9DIQfwjXVH4JdnVpuhXehd8rZWTVmfc3K0-aLGxD9c_SN_Hr_SfOpxiw5piIjPoIVX16qJtRMPvO4acEpxpFGG7AztUlsjcuymOkY8Hwci0i&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65450), with CRLF line terminators Hash75cf78d0e38c65a538ad253ca9e48dbe bf0452e4a42a9af3b69d5d8c3a3a0433f14921b6 df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0
GET /ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:30 GMT
content-type: application/x-javascript
content-length: 40454
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Fri, 26 Feb 2021 06:12:05 GMT
etag: 0x8D8DA1D70FBDD97
x-ms-request-id: 05d1112e-c01e-003e-0fe5-9f6692000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163830Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qc2
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js | 13.107.213.53 | 200 OK | 45 kB |
URL GET HTTP/2aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=esWRB5xsfSkAe25LoE_S9DIQfwjXVH4JdnVpuhXehd8rZWTVmfc3K0-aLGxD9c_SN_Hr_SfOpxiw5piIjPoIVX16qJtRMPvO4acEpxpFGG7AztUlsjcuymOkY8Hwci0i&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (778) Hashbe630e623d7ee30720abfe258d7e77f9 28e1655eac90fc1f5a93f16366739ddfc9f04638 87e738d94f83503f243a4544d7c78a6dadd01c261a6a58fa5085715652029ab9
GET /ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:30 GMT
content-type: application/x-javascript
content-length: 44809
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Thu, 12 Oct 2023 21:23:59 GMT
etag: 0x8DBCB698CEF3B25
x-ms-request-id: c4a459ba-401e-0062-16bf-9ff1b8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163830Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qc3
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js | 13.107.213.53 | 200 OK | 40 kB |
URL GET HTTP/2aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=esWRB5xsfSkAe25LoE_S9DIQfwjXVH4JdnVpuhXehd8rZWTVmfc3K0-aLGxD9c_SN_Hr_SfOpxiw5piIjPoIVX16qJtRMPvO4acEpxpFGG7AztUlsjcuymOkY8Hwci0i&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65450), with CRLF line terminators Hash75cf78d0e38c65a538ad253ca9e48dbe bf0452e4a42a9af3b69d5d8c3a3a0433f14921b6 df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0
GET /ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:30 GMT
content-type: application/x-javascript
content-length: 40454
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Fri, 26 Feb 2021 06:12:05 GMT
etag: 0x8D8DA1D70FBDD97
x-ms-request-id: 05d1112e-c01e-003e-0fe5-9f6692000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163830Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qc4
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js | 13.107.213.53 | 200 OK | 45 kB |
URL GET HTTP/2aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=esWRB5xsfSkAe25LoE_S9DIQfwjXVH4JdnVpuhXehd8rZWTVmfc3K0-aLGxD9c_SN_Hr_SfOpxiw5piIjPoIVX16qJtRMPvO4acEpxpFGG7AztUlsjcuymOkY8Hwci0i&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (778) Hashbe630e623d7ee30720abfe258d7e77f9 28e1655eac90fc1f5a93f16366739ddfc9f04638 87e738d94f83503f243a4544d7c78a6dadd01c261a6a58fa5085715652029ab9
GET /ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:30 GMT
content-type: application/x-javascript
content-length: 44809
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Thu, 12 Oct 2023 21:23:59 GMT
etag: 0x8DBCB698CEF3B25
x-ms-request-id: c4a459ba-401e-0062-16bf-9ff1b8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163830Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qc5
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png | 13.107.213.53 | 200 OK | 1.1 kB |
URL GET HTTP/2aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=esWRB5xsfSkAe25LoE_S9DIQfwjXVH4JdnVpuhXehd8rZWTVmfc3K0-aLGxD9c_SN_Hr_SfOpxiw5piIjPoIVX16qJtRMPvO4acEpxpFGG7AztUlsjcuymOkY8Hwci0i&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced Hashed9c9eb0dce17d752bedea6b5acda6d9 eca56c4904354eed5da0debcd6bd66856ab4784d f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
GET /shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:30 GMT
content-type: image/png
content-length: 1057
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F48FD7E08
x-ms-request-id: 4449c8e6-401e-001a-12da-9f5ba9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163830Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qc8
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png | 13.107.213.53 | 200 OK | 1.1 kB |
URL GET HTTP/2aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png IP13.107.213.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=esWRB5xsfSkAe25LoE_S9DIQfwjXVH4JdnVpuhXehd8rZWTVmfc3K0-aLGxD9c_SN_Hr_SfOpxiw5piIjPoIVX16qJtRMPvO4acEpxpFGG7AztUlsjcuymOkY8Hwci0i&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT
File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced Hashed9c9eb0dce17d752bedea6b5acda6d9 eca56c4904354eed5da0debcd6bd66856ab4784d f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
GET /shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 16:38:30 GMT
content-type: image/png
content-length: 1057
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F48FD7E08
x-ms-request-id: 4449c8e6-401e-001a-12da-9f5ba9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T163830Z-er15bb998b7c5ck94sshd9hn3800000001d0000000008qc9
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html | 104.18.2.35 | 200 OK | 217 kB |
URL User Request GET HTTP/1.1pub-313c05646f494dfb9db7900d94afa1e9.r2.dev/pop.html IP104.18.2.35:443
CertificateIssuerLet's Encrypt Subject*.r2.dev Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0 ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT
File typeHTML document, ASCII text, with very long lines (64651), with CRLF line terminators Size217 kB (216906 bytes) Hash5656000caa5c64ec7a879782e87efc05 42c9c5b651ca28ea4456256262586ff9e109ecba 505beeabcf5aa66691c2b76e7091edeef2905b3bbd1fe240064675d8a52d1f52
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /pop.html HTTP/1.1
Host: pub-313c05646f494dfb9db7900d94afa1e9.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 16:38:29 GMT
Content-Type: text/html
Content-Length: 216906
Connection: keep-alive
Accept-Ranges: bytes
ETag: "5656000caa5c64ec7a879782e87efc05"
Last-Modified: Tue, 07 May 2024 01:54:38 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8802a4010cd80b49-OSL
|
|
0.0.0.0