r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10966
Expires: Tue, 28 Mar 2023 19:01:05 GMT
Date: Tue, 28 Mar 2023 15:58:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7621
Expires: Tue, 28 Mar 2023 18:05:20 GMT
Date: Tue, 28 Mar 2023 15:58:19 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 29fdbcd53b5646cfcdd46510063734c4
85e3ceda5ef130219f4fe8a31e52e2690c8f7d8e
24c27586332c016685e6231fec5836e921048d8aaefbcd4cd6f88969f9d91e18
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 28 Mar 2023 15:15:51 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2548
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5ad3eec59bebbf969f175627757507c1
b176af3a70db378c9e1f219bab24d9d446070d6f
704fa284035b4c9aa487331b516f5f11c324e204756ae2503bad2606ed34f25e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "704FA284035B4C9AA487331B516F5F11C324E204756AE2503BAD2606ED34F25E"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5526
Expires: Tue, 28 Mar 2023 17:30:25 GMT
Date: Tue, 28 Mar 2023 15:58:19 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: M5v4y+uQV6CnPHOwMo+2TlMu6wB0qVJTrkqhzqYfcI1+RdqT9qSt/Iz+2XkeYZVBcIxX2hpw9PY=
x-amz-request-id: G1F3AY390N6QY2SX
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 28 Mar 2023 15:56:16 GMT
age: 123
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
143.198.136.192/tj7/index.php
143.198.136.192200 OK 813 B URL HTTP/1.1 143.198.136.192/tj7/index.php
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash fc5ea794f4e6647a495200c6e5d86061
b3247eff7ee8a08c20fb46e88143f392b4bfe951
29135cd98e2222dde05a6ebda4a55d78570e7876fa2b66888a0a92c7e2c5a660
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/index.php HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:19 GMT
Server: Apache/2.4.52 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 813
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 15:58:19 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
143.198.136.192200 OK 6.7 kB URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (422), with CRLF line terminators
Hash f9537a3b9b29a7962d31bcc11c9d9e72
498fda4a22cfd72fc32ab270c11136f1ca671587
6607a91be6c06f5f1130547174169499d7fc2cb61c2fe69edcd589abed339a5e
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/index.html HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/index.php
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:19 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:46 GMT
ETag: "5295-5f7f7ebb29035-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6724
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
104.17.24.14200 OK 27 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (32180)
Hash b1e4b2a99336201b37fb8cea5d57abb9
d57980f0d0eaaf57ec33ddc9ed027274cfa86027
c805bfd991983f57b5b7878b998f7529e9b7e2df4bc2d39ba493934e23ba3f8a
GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.136.192/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 15:58:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 26660
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14983"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 25465888
expires: Sun, 17 Mar 2024 15:58:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ErAO5310IerOnn1KoE%2BwbtF7idYWH7sBYI2L1L%2FyGZ6t0wPV7lQEOgotkI%2BpBQaInzrq8EmnPJEJQthWRuVC%2BoXq%2BZMw9pCccMfbVeESiCVC3B16oTRaHxIF5icnSOVPUbi7369k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7af112f04c78b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7e2d8156baac12231cc9cbfdefedacf1
62384d8842fb5b560ac39636bb519953e22dc664
ee4dbd79fc1569ab6ae0ea7b90b4b7d8dbb846296cf7fc68b24be78b7b95993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 28 Mar 2023 15:58:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-86788540-2
142.250.74.72200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-86788540-2
IP 142.250.74.72:0
File type ASCII text, with very long lines (2206)
Hash 61394fc535c2999d775fbc2978c8554f
cc8d78d22f6b157557869f1af55dd78ea8d739c8
e967dd68812eee5782c9b35516786597c4d8004933c347a6fb4b9f684a3c3bd1
GET /gtag/js?id=UA-86788540-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.136.192/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 28 Mar 2023 15:58:20 GMT
expires: Tue, 28 Mar 2023 15:58:20 GMT
cache-control: private, max-age=900
last-modified: Tue, 28 Mar 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44809
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Retry-After, Last-Modified, Content-Length, Content-Type, ETag, Pragma, Alert, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 28 Mar 2023 15:17:26 GMT
cache-control: public,max-age=3600
age: 2454
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/styles.css
143.198.136.192200 OK 1.8 kB URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/styles.css
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, ASCII text, with CRLF line terminators
Hash 671fb60364cc19bd6fa5eeb5fde90766
a58d30bbedc7fc9759ee760531b33281ad86ad46
2a8bce10db8a8f2ef69b5dbfa03d634628bd851159c63c1ddb78749ed4834bce
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/styles.css HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:20 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:47 GMT
ETag: "1938-5f7f7ebbc2484-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1842
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7e2d8156baac12231cc9cbfdefedacf1
62384d8842fb5b560ac39636bb519953e22dc664
ee4dbd79fc1569ab6ae0ea7b90b4b7d8dbb846296cf7fc68b24be78b7b95993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 28 Mar 2023 15:58:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
143.198.136.192/tj7/9chrmx0973xu9x08x/scripts.js
143.198.136.192200 OK 873 B URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/scripts.js
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Hash 0f0a223eb69c7e24a06cfa959e4f603c
618fb94f27a5a089ca107965cba835f3fc75fe12
eff65cbde09165cbc3adf0bb9104ed2bcf08fd41272fdc919b7ddb7635df9472
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/scripts.js HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:20 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:49 GMT
ETag: "1cd3-5f7f7ebd4ea28-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 873
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 76a0aba3ddb470751c690f5a725159f2
8cb789e8e0dfa336270700ef1e607173f2aee6cd
e76de476654125a06994065d66e30c6fb6c354d0f67fd4e31a3f78679e2bfdcb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E76DE476654125A06994065D66E30C6FB6C354D0F67FD4E31A3F78679E2BFDCB"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5895
Expires: Tue, 28 Mar 2023 17:36:35 GMT
Date: Tue, 28 Mar 2023 15:58:20 GMT
Connection: keep-alive
143.198.136.192/tj7/9chrmx0973xu9x08x/chat.css
143.198.136.192200 OK 1.9 kB URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/chat.css
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, ASCII text, with CRLF line terminators
Hash a414a61aa76cf470454c59eb61953e6d
e0532f2bf0344fbf2ee434fdd8f5c123aa33873c
e00dd91658bf458e94a3f9a3673e3b585901e990c6539de11c6e7ebf6a206db1
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/chat.css HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:20 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:49 GMT
ETag: "206a-5f7f7ebda0a38-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1873
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
oneocsp.microsoft.com/ocsp
204.79.197.203200 OK 1.8 kB URL HTTP/1.1 oneocsp.microsoft.com/ocsp
IP 204.79.197.203:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 156e7f82da9c16434028ff022e249a56
13597f241c440af1dab425848544bf58e39e89ba
6dcca4251e29d9b62eed0d74e45bee8f2040862e62659747ee3511ea179f2ae6
POST /ocsp HTTP/1.1
Host: oneocsp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 1777
Content-Type: application/ocsp-response
Expires: Mon, 03 Apr 2023 15:50:15 GMT
Last-Modified: Tue, 28 Mar 2023 05:09:35 GMT
ETag: "6dcca4251e29d9b62eed0d74e45bee8f2040862e62659747ee3511ea179f2ae6"
X-Powered-By: ASP.NET
x-content-type-options: nosniff
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: A0BE23BAE11B4E2CB95D7B325504037C Ref B: OSL30EDGE0408 Ref C: 2023-03-28T15:58:20Z
Date: Tue, 28 Mar 2023 15:58:19 GMT
support.microsoft.com/
2.18.172.114301 Moved Permanently 0 B IP 2.18.172.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.136.192/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-length: 0
server: Kestrel
location: https://support.microsoft.com/en-US
request-context: appId=
x-correlationid: 0HMPF0GD45CFB:0000004E
x-operationid: 072daeb7d6f53cca62b41c56e6e3eae9
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Tue, 28 Mar 2023 15:58:20 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 28 Mar 2023 15:58:20 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/uZbx-si.png
143.198.136.192200 OK 5.4 kB URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/uZbx-si.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 42 x 702, 8-bit grayscale, non-interlaced\012- data
Hash 51147eb9734c3c0caf22aa77a80d96f0
dc33807cd0c0c35bb98d8e23efe2d625137a43f5
92d8510869b3d581401a93130fa72e4b54c5bf28dc8005994c5248d9afbfc37b
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/uZbx-si.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:20 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:50 GMT
ETag: "1501-5f7f7ebe718db"
Accept-Ranges: bytes
Content-Length: 5377
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
143.198.136.192/tj7/9chrmx0973xu9x08x/nOxp-sett.png
143.198.136.192200 OK 463 B URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/nOxp-sett.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 33 x 31, 8-bit colormap, non-interlaced\012- data
Hash 905d91c276116928fa306ea732723fa9
092604f6a8786e46a7dee06065d29d2896fcf568
9cffd13c2ce05ebe032709a88fa59504e1218a12b175ec40d5aab280c18be51e
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/nOxp-sett.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:20 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:48 GMT
ETag: "1cf-5f7f7ebcc20e8"
Accept-Ranges: bytes
Content-Length: 463
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
support.microsoft.com/en-US
2.18.172.114200 OK 24 kB URL HTTP/2 support.microsoft.com/en-US
IP 2.18.172.114:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1478), with CRLF, LF line terminators
Hash 7af46a807e8ea951a922c9c1aafa7720
90ee590e91182bbb45b2bb6159a880426073d622
7f4aaffbe6d869765ce286d4fa945e867d72c6738ef7ed4862ee05432a720f91
GET /en-US HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://143.198.136.192/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: Kestrel
request-context: appId=
x-correlationid: 0HMPF0GD45CFB:0000004F
x-operationid: e9ec78b4991b2229b7671988ad09a894
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-encoding: gzip
expires: Tue, 28 Mar 2023 15:58:20 GMT
cache-control: max-age=0, no-cache, private
pragma: no-cache
date: Tue, 28 Mar 2023 15:58:20 GMT
content-length: 23886
strict-transport-security: max-age=86400 ; includeSubDomains
set-cookie: EXPID=534600ef-a6a9-43d6-99f0-5f4e192f6c35; max-age=31536000; path=/; secure; samesite=none
ak_bmsc=765336D4B04806325A1D828961595403~000000000000000000000000000000~YAAQZQplX3JaqhSHAQAA6RTxKBNWA4MYlD7EURtVGSLMa9VI0EcFDKt8HP3ALog6/9UNxBCLyPdhIIUexYj8iuH+s/OAsgOyHrZQRvqRtHH6FGfpBZ3YBq20/i+f4clR1fNhyF8c8jD3xtqf9CNUd0xLcikSY5BovaD2W/ywdQHoVnGzpsHo03kyJYC3KkH/nkHY7lNPC4VLJgDZ3eh3wTAVXbjU6Yxm6Q73Kv+/c9MLd8Ybh5PSflwFebVaNfXcZp1YBxziqWF1zW00C0pzXaPe2Im9RwdDjnB9IqNma8vai0CMMyrvJ9teHGbVAEIuKOXHwqhC/2xKTPNm6EhUQqfYftN7U+MFD/XI1ksbAsWtxAxt6ZWaAAmy2f6vxepJq9zH+Qt9vz0Hdfrw; Domain=.microsoft.com; Path=/; Expires=Tue, 28 Mar 2023 17:58:20 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.191.242.233101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.242.233:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: OPL7EvbHffLjlh5J8t2SLg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: B3m55dzEdelqLslz5E4+qxiZtyk=
support.microsoft.com/css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U
2.18.172.114200 OK 1.3 kB URL HTTP/2 support.microsoft.com/css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U
IP 2.18.172.114:0
File type ASCII text, with very long lines (4873), with no line terminators
Hash 980d2f51140df4a6347102960ceb0282
9225687f02246a11e61f9b2e4602e43368ae4839
88658b7776899cac32aae184f9e8ce8707c2fd00827844f1fb24661d4cca1cb8
GET /css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d93cd346ef7089"
last-modified: Thu, 09 Feb 2023 22:10:11 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATABNE1H1:00000002
x-operationid: b6aaf70cde0425da4903e5fb37a673c4
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1277
cache-control: private, max-age=28527300
date: Tue, 28 Mar 2023 15:58:20 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
2.18.172.114200 OK 1.1 kB URL HTTP/2 support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
IP 2.18.172.114:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (2867), with no line terminators
Hash 6477e3936b0e197b65cc1ff23763e340
096188c0ef95054d95c5dafe755df0106428c0b1
2056691cd1dcca7ad51f6c386f8c7baa4954a164b9b10d41a668910a8e91b854
GET /css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d946ecac3c4438"
last-modified: Wed, 22 Feb 2023 18:37:10 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOL0GAVE0JM:00000002
x-operationid: a787865460805e45a4ed6a8d8eb3b741
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1096
cache-control: private, max-age=28693055
date: Tue, 28 Mar 2023 15:58:20 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=YGV57BU430a7ZsW5KMqnuRyMdbmYgAZw1My61NVoXnI
2.18.172.114200 OK 457 B URL HTTP/2 support.microsoft.com/css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=YGV57BU430a7ZsW5KMqnuRyMdbmYgAZw1My61NVoXnI
IP 2.18.172.114:0
File type ASCII text, with very long lines (1176), with no line terminators
Hash aa795408c331dfaffab3545718661469
135fdb999daec028f2e75b0f8c04903a77312efd
67672916726b635cbb6ef236ca23f4ebf9d457a15c32bdeaf0cf57333d3bfc09
GET /css/userstatesigninheaderview/user-state-sign-in-header-view.css?v=YGV57BU430a7ZsW5KMqnuRyMdbmYgAZw1My61NVoXnI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd3d8f76898"
last-modified: Thu, 09 Feb 2023 22:14:16 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATD2K46LS:00000003
x-operationid: 4e1e65f9a5dcbd438d51ed8ee235d2e6
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 457
cache-control: private, max-age=28534120
date: Tue, 28 Mar 2023 15:58:20 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI
2.18.172.114200 OK 219 kB URL HTTP/2 support.microsoft.com/lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI
IP 2.18.172.114:0
File type ASCII text, with very long lines (65460)
Size 219 kB (218885 bytes)
Hash cc521a7256e94d43df24fc6ccf1cabc9
783de4bf06ccd26af4eb56f6d8a7473a551c3135
0e379b6c1a7940b9d0cb6277c2b30e71e228bdc4f80417e785dd1b54ce122662
GET /lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d960ec754aa11f"
last-modified: Mon, 27 Mar 2023 20:41:08 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPF0FMKBRQG:00000003
x-operationid: 895647489c05a50686499570cfa4b715
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 218885
cache-control: private, max-age=76
date: Tue, 28 Mar 2023 15:58:20 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w
2.18.172.114200 OK 5.7 kB URL HTTP/2 support.microsoft.com/js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w
IP 2.18.172.114:0
File type ASCII text, with CRLF line terminators
Hash 1a5373f3c18d893ea7793c15e7823b4b
dfa62d27a25503bd56b9da0f5b8e4eece4dc4af6
4877b869b10a33d65ec3fb27064a62177222171abdf5c635d709cdc63677202b
GET /js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d93cd42c69ee47"
last-modified: Thu, 09 Feb 2023 22:16:36 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATE6LP715:00000003
x-operationid: b9c892bd5daa72879e796e66ae1f8bb4
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 5700
cache-control: private, max-age=28531485
date: Tue, 28 Mar 2023 15:58:20 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM
2.18.172.114200 OK 370 B URL HTTP/2 support.microsoft.com/js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM
IP 2.18.172.114:0
File type ASCII text, with CRLF line terminators
Hash 5590a7dc56b6f43b99568fe62e2d03cf
f2923af0b22bd272acbbcd68958a7df4169ec703
f594937c23c9154cc20ef4522bebb8ac61cae53824ad6e02660c381b396b952d
GET /js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd346ef60aa"
last-modified: Thu, 09 Feb 2023 22:10:11 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATABNE7TR:00000005
x-operationid: 51607aea3d1cb3147dd5e10983c20ef3
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 370
cache-control: private, max-age=28534471
date: Tue, 28 Mar 2023 15:58:20 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo
2.18.172.114200 OK 847 B URL HTTP/2 support.microsoft.com/js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo
IP 2.18.172.114:0
File type ASCII text, with CRLF line terminators
Hash f98824c7874bdc9841e01fbaa01543b4
b730428ca089dbe0723ff771a684a289152fea92
04384335b3aec1cfec1fd9f4502c5d59af217d9ae49f0015e4ceeef3f10bcb72
GET /js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95b63110b87a7"
last-modified: Mon, 20 Mar 2023 19:35:03 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMP9F9QRNTIA:00000002
x-operationid: 339e5f86b50090f398deab88aaa43966
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 847
cache-control: private, max-age=30857947
date: Tue, 28 Mar 2023 15:58:20 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4
2.18.172.114200 OK 1.9 kB URL HTTP/2 support.microsoft.com/js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4
IP 2.18.172.114:0
File type ASCII text, with very long lines (6261)
Hash d860a5eba2cb21a350c6b002a30b03de
a4514156fbd14905578dd4441bc6a1c51eb8162d
379799b97d2437e7280a8d952fe80856341c6deb95c2c0fe5f9ce4a453bd57d9
GET /js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd345be2e2a"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATAF6QE2N:00000004
x-operationid: 0c33f4345f817b6f011038a201c6071e
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1876
cache-control: private, max-age=28534607
date: Tue, 28 Mar 2023 15:58:20 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/Support.Main.min.js?v=W8dFf-_6LsYeYnFrrDAnlly_2cW523R5VJTM1vuKsW4
2.18.172.114200 OK 22 kB URL HTTP/2 support.microsoft.com/js/Support.Main.min.js?v=W8dFf-_6LsYeYnFrrDAnlly_2cW523R5VJTM1vuKsW4
IP 2.18.172.114:0
File type Unicode text, UTF-8 text, with very long lines (58115)
Hash 346042724064663e4703eb878a76f2e8
5be94cfbbba4d5605cf855c2d533f7052c0941ea
31248879913e4176107880394c4a89e17321203e33227f3c46ceeb61e2d63eaf
GET /js/Support.Main.min.js?v=W8dFf-_6LsYeYnFrrDAnlly_2cW523R5VJTM1vuKsW4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d93cd3d990e1b6"
last-modified: Thu, 09 Feb 2023 22:14:17 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATD2K44N1:00000008
x-operationid: db6acdf5015599ddcb8586ddf0df78c4
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 22335
cache-control: private, max-age=28531574
date: Tue, 28 Mar 2023 15:58:20 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM
2.18.172.114200 OK 75 kB URL HTTP/2 support.microsoft.com/js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM
IP 2.18.172.114:0
File type Unicode text, UTF-8 text, with very long lines (65454)
Hash 905e4956b0ee0ce4dacb9d8d6aa748b6
4be710784f7df01c5d86dfb68ede898a82554b06
96be4a840515cb727871c66b3c40195b19b089cb6631040f6829984682af64ae
GET /js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d94c908da8eb8a"
last-modified: Wed, 01 Mar 2023 22:52:52 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOQL02L0OMJ:00000002
x-operationid: 5b8b5494cf9f7a6fc6840973a3afbd03
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 75066
cache-control: private, max-age=29644168
date: Tue, 28 Mar 2023 15:58:20 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/SocContent/officeShared
2.18.172.114200 OK 636 B URL HTTP/2 support.microsoft.com/SocContent/officeShared
IP 2.18.172.114:0
File type ASCII text, with very long lines (1576), with no line terminators
Hash c552445dfdd7ea4de00874233e3d88cc
2ba812615470808e26780d736122c7d46c2bec0e
ba5215c29d63a42b9cef03ab2506f7a28f3446880a5e7c5b38f47cb809da637c
GET /SocContent/officeShared HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 28 Mar 2023 15:58:20 GMT
x-correlationid: 559d2c16-4626-4c5a-8c89-33a91b4a9ee5
x-usersessionid: 559d2c16-4626-4c5a-8c89-33a91b4a9ee5
x-officefe: OdcSupFrontEnd_IN_4
x-officeversion: 16.0.16322.42701
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=31536000
expires: Wed, 27 Mar 2024 15:58:20 GMT
date: Tue, 28 Mar 2023 15:58:20 GMT
content-length: 636
set-cookie: EXPID=88bf4265-4b83-49f7-8035-dfe9b03911d0; expires=Thu, 28-Mar-2024 15:58:20 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/MeControlCallout.Main.min.js?v=z8A9eaXPs1zFIC_swsevu3o3DKi6YuzedODbJugVTXM
2.18.172.114200 OK 1.4 kB URL HTTP/2 support.microsoft.com/js/MeControlCallout.Main.min.js?v=z8A9eaXPs1zFIC_swsevu3o3DKi6YuzedODbJugVTXM
IP 2.18.172.114:0
File type ASCII text, with very long lines (3103)
Hash b07d3f6fdb6a8fb7b089fab2824977dd
0249397d04d129b62e78062ed998ced6a985cf2d
39b9721fc16771b8ce8d75a439b3ff461871a10a612a52752afea1316a8981d9
GET /js/MeControlCallout.Main.min.js?v=z8A9eaXPs1zFIC_swsevu3o3DKi6YuzedODbJugVTXM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fc6deb55"
last-modified: Thu, 09 Feb 2023 22:08:06 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9HC2Q1K:00000005
x-operationid: 76d8dcd77a3516abcc1e065f2e041877
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1364
cache-control: private, max-age=28534654
date: Tue, 28 Mar 2023 15:58:20 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/SocContent/articleCss
2.18.172.114200 OK 18 kB URL HTTP/2 support.microsoft.com/SocContent/articleCss
IP 2.18.172.114:0
File type Unicode text, UTF-8 text, with very long lines (65518), with no line terminators
Hash eb4cf7babe624ca5751ffc0bd0029da7
d9014486ade1ac5c32014c707acc93b0eb51d0b4
3f66a84c6c0db43726cd535a95616bf062cc999f9d872768cfe5cf20e3452657
GET /SocContent/articleCss HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 28 Mar 2023 15:58:20 GMT
x-correlationid: b9442ceb-ecf4-4e68-958e-89b308b234f9
x-usersessionid: b9442ceb-ecf4-4e68-958e-89b308b234f9
x-officefe: OdcSupFrontEnd_IN_4
x-officeversion: 16.0.16322.42701
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=31536000
expires: Wed, 27 Mar 2024 15:58:20 GMT
date: Tue, 28 Mar 2023 15:58:20 GMT
content-length: 17812
set-cookie: EXPID=3b61293b-4d16-418a-a6fe-48be23088653; expires=Thu, 28-Mar-2024 15:58:20 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/SocContent/css
2.18.172.114200 OK 23 kB URL HTTP/2 support.microsoft.com/SocContent/css
IP 2.18.172.114:0
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Hash 68f3c668bd3369699a9e554c2294ff29
b06cb70c310a429d5000361e3ab7bb07146b23f6
392a288aaa8044b0344dc11b86a8291ec3ec7094f4efa773666e7048a5f98576
GET /SocContent/css HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 28 Mar 2023 15:58:20 GMT
x-correlationid: d72bec68-7db8-400d-bb8c-8d31697a64be
x-usersessionid: d72bec68-7db8-400d-bb8c-8d31697a64be
x-officefe: OdcSupFrontEnd_IN_12
x-officeversion: 16.0.16322.42701
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
content-encoding: gzip
content-length: 22921
cache-control: public, max-age=31535999
expires: Wed, 27 Mar 2024 15:58:20 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
vary: Accept-Encoding
set-cookie: EXPID=5527da83-f094-42d8-8d44-6d3a46a051e3; expires=Thu, 28-Mar-2024 15:58:20 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.1.min.js
152.199.19.160200 OK 31 kB URL HTTP/2 ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.1.min.js
IP 152.199.19.160:0
File type ASCII text, with very long lines (65451)
Hash 01ed540a1edc0b1cae4b91ef5d576be3
0f4aa0ea331348a4c2bca0f3898dd681646455c4
da348028c4b581592016ee99ec4ee38cdaaac87d2c0317962c52c18a9338a101
GET /ajax/jQuery/jquery-3.5.1.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 19775626
cache-control: public,max-age=31536000
content-type: application/javascript
date: Tue, 28 Mar 2023 15:58:21 GMT
etag: "80e72fc8fd6fd61:0"
last-modified: Tue, 11 Aug 2020 16:38:03 GMT
server: ECAcc (ska/F74F)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30976
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/mic.png
143.198.136.192200 OK 194 B URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/mic.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash df0a213a8bc598e53c8513b360fc910e
b8cb3eac6254ced5dcf57beecf3758a4a9bc8c26
c6ea65b06c0f199ee8073ae19b9909fa004de0bc3d5c9d6402693e14e0ae979f
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/mic.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:20 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:55 GMT
ETag: "c2-5f7f7ec30dd32"
Accept-Ranges: bytes
Content-Length: 194
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
support.microsoft.com/socbundles/article
2.18.172.114200 OK 15 kB URL HTTP/2 support.microsoft.com/socbundles/article
IP 2.18.172.114:0
File type ASCII text, with very long lines (62046), with no line terminators
Hash a7a35095b42d66f97324a02e61aeabbd
fc5b2ce888868bb62b40f2b580c16d0e23b53f4a
138863d8ea2818321a86df2e3f72b28feb8348def4d72d5d29b09d57fe235a83
GET /socbundles/article HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 28 Mar 2023 15:58:20 GMT
x-correlationid: 9f7301ad-bee0-4dda-8c3a-49d742a2667c
x-usersessionid: 9f7301ad-bee0-4dda-8c3a-49d742a2667c
x-officefe: OdcSupFrontEnd_IN_11
x-officeversion: 16.0.16322.42701
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=0
expires: Tue, 28 Mar 2023 15:58:21 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
content-length: 15150
set-cookie: EXPID=ef9344b9-784b-4f63-9fb0-9a44d13ad2d8; expires=Thu, 28-Mar-2024 15:58:20 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css
95.101.11.81200 OK 473 B URL HTTP/1.1 statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css
IP 95.101.11.81:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (342), with CRLF line terminators
Hash a40589609d8e75c109e93abbff0dcf60
76ae9c943d54022e24b90467713a73a431eddd6d
2c959c2618be84448b26de18639db8a66126449c6ebb29f4f6d33e00adb5b069
GET /statics/override.css HTTP/1.1
Host: statics-marketingsites-neu-ms-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 11 Jun 2019 23:22:13 GMT
ETag: 0x8D6EEC3A2D67C35
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 794b2968-c01e-0059-40d6-660f8c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 473
Unused62: 8096267
Date: Tue, 28 Mar 2023 15:58:21 GMT
Connection: keep-alive
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
95.101.11.74200 OK 4.1 kB URL HTTP/2 img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
IP 95.101.11.74:0
ASN #20940 Akamai International B.V.
File type PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f14c20150a003d7ce4de57c298f0fba
daa53cf17cc45878a1b153f3c3bf47dc9669d78f
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
GET /cms/api/am/imageFileData/RE1Mu3b?ver=5c31 HTTP/1.1
Host: img-prod-cms-rt-microsoft-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 4054
content-type: image/png
access-control-allow-origin: *
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
last-modified: Tue, 21 Mar 2023 21:28:45 GMT
x-source-length: 4054
x-datacenter: northeu
x-activityid: 60ae8c31-b81c-4a60-a78d-f0f73ed25c40
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
cache-control: public, max-age=236273
expires: Fri, 31 Mar 2023 09:36:14 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231
2.18.173.151200 OK 23 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231
IP 2.18.173.151:0
File type Unicode text, UTF-8 text, with very long lines (64241)
Hash 09800dff9a5770bdc368ae73ec89b229
52864194fec1b7fa70ba6e8bda68f0d8f27b21d1
d981d06eaec00bf7feef2b5dc799c3b50332ee867b8048109d45cb6a97e52557
GET /onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 13 Dec 2022 20:44:18 GMT
x-activity-id: e0ba9742-9e0a-46e2-9ac8-f1af67b30f54
x-appversion: 1.0.8349.33967
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-11-11T02:52:14.0000000Z}
ms-operation-id: de38bdd2a32ec64d9a993e889dba99e3
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-12-13T20:44:18
x-s2: 2022-12-13T20:44:19
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 22729
cache-control: public, max-age=22481183
expires: Wed, 13 Dec 2023 20:44:44 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV47501203.0
ms-cv-esi: CASMicrosoftCV47501203.0
x-rtag: RT
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/seo.png
143.198.136.192200 OK 21 kB URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/seo.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash d6a6abff8300306298b9839210a01272
5d816e96fe022415f817bc580273bb6e3c58fb33
8d3a47bb7fede0db929ed92f8ebaee71fc12e3b4cc4f43362f3fc304d6fd130b
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/seo.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:20 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:48 GMT
ETag: "5095-5f7f7ebcad8e3"
Accept-Ranges: bytes
Content-Length: 20629
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
www.microsoft.com/videoplayer/js/vxpiframe.js
2.18.173.151200 OK 6.3 kB URL HTTP/2 www.microsoft.com/videoplayer/js/vxpiframe.js
IP 2.18.173.151:0
File type ASCII text, with very long lines (13602)
Hash 009d92e8af9d884776822cbb40471dab
8215ca8a1c6d3c6b68c99aa3bc84df2ad57386f7
7ca4a25996ab5129a87d219a3382b645e266b1e43b6f3052770dc23bf15e7fb6
GET /videoplayer/js/vxpiframe.js HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/en-US
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: private, no-transform
content-type: application/x-javascript; charset=utf-8
x-activity-id: c55c2b7a-747c-4ca3-9f43-0e36870c6567
x-appversion: 1.0.8377.8392
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-12-08T12:39:44.0000000Z}
ms-operation-id: d9e1e41a6a314a4e83041b8467a8936f
p3p: CP="CAO CONi OTR OUR DEM ONL"
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 28 Mar 2023 15:58:21 GMT
content-length: 6332
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4750124a.0
ms-cv-esi: CASMicrosoftCV4750124a.0
set-cookie: akacd_OneRF=1687795101~rv=100~id=896d0763f929f3f9fa3d3065bb466279; path=/; Expires=Mon, 26 Jun 2023 15:58:21 GMT; Secure; SameSite=None
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1
2.18.173.151200 OK 36 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1
IP 2.18.173.151:0
File type ASCII text, with very long lines (42133)
Hash d95e11ceb03f2345a320093cab78025e
61a86a14316100b63da779f7e173849643e687f5
e51a46060665f507a73982f7aa0a4088fc5b371023c237fefa0a1d806b56f6b0
GET /onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 24 Jan 2023 18:49:01 GMT
x-activity-id: 7acc4066-8c24-4216-b307-e65f0d7adf97
x-appversion: 1.0.8405.38376
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-01-06T05:19:12.0000000Z}
ms-operation-id: 276317a3e7c97a4986744af24c94a19f
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2023-01-24T18:49:01
x-s2: 2023-01-24T18:49:01
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 35900
cache-control: public, max-age=26103071
expires: Wed, 24 Jan 2024 18:49:32 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV475012ac.0
ms-cv-esi: CASMicrosoftCV475012ac.0
x-rtag: RT
X-Firefox-Spdy: h2
wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
13.107.237.53200 OK 82 kB URL HTTP/2 wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (63888), with no line terminators
Hash e51f388b62281af5b4a9193cce419941
364f3d737462b7fd063107fe2c580fdb9781a45a
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
GET /mscc/lib/v2/wcp-consent.js HTTP/1.1
Host: wcpstatic.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: max-age=43200
content-length: 81726
content-type: application/javascript
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
age: 9461
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2f3ba352-001e-003f-6578-619f7d000000
x-ms-version: 2009-09-19
x-azure-ref: 0nQ4jZAAAAABd2EQqF7MOT6RjQ7pEuXD9U1ZHMjBFREdFMDYxMAAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
date: Tue, 28 Mar 2023 15:58:20 GMT
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/microsoft.png
143.198.136.192200 OK 1.0 kB URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/microsoft.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/microsoft.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:48 GMT
ETag: "415-5f7f7ebc72fb3"
Accept-Ranges: bytes
Content-Length: 1045
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
2.18.173.151200 OK 26 kB URL HTTP/2 www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
IP 2.18.173.151:0
File type Web Open Font Format, TrueType, length 26288, version 0.0\012- data
Hash d0263dc03be4c393a90bda733c57d6db
8a032b6deab53a33234c735133b48518f8643b92
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
GET /mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
last-modified: Mon, 16 May 2022 07:01:33 GMT
x-activity-id: 365be2ca-45e3-4b50-a3c5-4615d200d3f9
x-appversion: 1.0.8153.36695
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-29T04:23:10.0000000Z}
ms-operation-id: 890ba5c6ed640248b06de8544496c48b
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 26288
cache-control: public, max-age=15303784
expires: Thu, 21 Sep 2023 19:01:25 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV4750147b.0
ms-cv-esi: CASMicrosoftCV4750147b.0
x-rtag: RT
X-Firefox-Spdy: h2
support.microsoft.com/css/Glyphs/SupMDL2_v4_69.woff2
2.18.172.114200 OK 30 kB URL HTTP/2 support.microsoft.com/css/Glyphs/SupMDL2_v4_69.woff2
IP 2.18.172.114:0
File type Web Open Font Format (Version 2), TrueType, length 29588, version 0.0\012- data
Hash f04217f47619ac51664e7a65b3f77b48
c32c07c33ba8850f282492b2bd38be170b556541
5975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61
GET /css/Glyphs/SupMDL2_v4_69.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 29588
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1d93cd345be4514"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
request-context: appId=
x-correlationid: 0HMOATAF6QE2N:0000000C
x-operationid: ba8b01cde138b4c70a8fa265737a057d
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=28534723
date: Tue, 28 Mar 2023 15:58:21 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
2.18.173.151200 OK 34 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
IP 2.18.173.151:0
File type Web Open Font Format (Version 2), TrueType, length 34052, version 0.0\012- data
Hash 36397a3bc139c6e9f81d383f060f080a
3f4f86c10920d4ed345f4858b6cde9f93e1aeb81
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
GET /static/fonts/segoe-ui/west-european/normal/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 34052
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "588d483e9c7d51:0"
cache-control: public, max-age=451062
expires: Sun, 02 Apr 2023 21:16:03 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
2.18.173.151200 OK 29 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
IP 2.18.173.151:0
File type Web Open Font Format (Version 2), TrueType, length 29388, version 0.0\012- data
Hash 6e75a94d5f7170a1ab532d32c2a35755
9c1b6fff544089941bbeddbcf529c3f0b46d853a
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
GET /static/fonts/segoe-ui/west-european/Semibold/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 29388
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "5b68d583e9c7d51:0"
cache-control: public, max-age=155694
expires: Thu, 30 Mar 2023 11:13:15 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
support.microsoft.com/socfonts/DevCMDL2.2.50.woff
2.18.172.114200 OK 18 kB URL HTTP/2 support.microsoft.com/socfonts/DevCMDL2.2.50.woff
IP 2.18.172.114:0
File type Web Open Font Format, TrueType, length 18316, version 0.0\012- data
Hash 0cedbb5e7888349e4705a66ede3dd01c
bff3c70dbd94c866bdefc48e7bba1d8f359577ac
12d95d8d400eeafa0258e9d29d6ea5ef0ec9cfc1410b75e47976fcb3f92082b0
GET /socfonts/DevCMDL2.2.50.woff HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/SocContent/css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: font/x-woff
last-modified: Wed, 08 Feb 2023 13:22:44 GMT
accept-ranges: bytes
etag: "0aa706dc03bd91:0"
x-correlationid: 70065751-9c2c-4c50-88be-f28ea4c1b02e
x-usersessionid: 70065751-9c2c-4c50-88be-f28ea4c1b02e
x-officefe: OdcSupFrontEnd_IN_13
x-officeversion: 16.0.16208.42700
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
content-length: 18316
cache-control: public, max-age=7776000
date: Tue, 28 Mar 2023 15:58:21 GMT
access-control-allow-origin:
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler
2.18.172.114302 Found 0 B URL HTTP/2 support.microsoft.com/en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler
IP 2.18.172.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /en-us/authentication/silentsignin?ru=%2Fen-us%2Fsilentsigninhandler HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
content-length: 0
server: Kestrel
location: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156159013448918.YzAwMTMwZmQtNjVkZC00ZmRlLWEwMDMtZDZkZjc5YzdlMjk4N2MxYmYxMTktY2EyMC00NzhhLTkxZWQtNzVmMTVjMmQ0Yzg1&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-iHR9Wfvt_-IJDJ9wuByW-8y-UokZNTbLslum14M--Sh8UXctE8ykQv9ky2XHh2-bVAsUdb2VguZZWmeRXxkuHLmc0UNj8ArITTgV7Xb1mG8Sg7S7ZpbVuaG3FfrszTININSKXLxQ_GoLqRVMGAXRrBxRCbYv3n4-a9OCqG4YEX9tv4KFS8QTm9rPb0ldhyGZFsCQW9nT39tPazDesAvbyYrbyMsIsq3wZzBzy55lhHCaiu0H7s9-j0PQ7ipfm1TxuVZT0kjucYVi0SCDuVxDW9O49ySCybIqDHHjF29a5n9FKVsaxbh6m6F7DI5hf0WO0sETE0-CB8v1WnZDxE9a2U&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
request-context: appId=
x-correlationid: 0HMPF0GD79EQF:000000C5
x-operationid: bbea74804a206a4cef291c4ca2a9fad8
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Tue, 28 Mar 2023 15:58:21 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 28 Mar 2023 15:58:21 GMT
set-cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8PY55fRSQr1CrcRGN2fDm-iVQtWd4KxaCFVoiB-e_z87U4Y8Yd2RHqEvjBV8nJyK2sENHmlQvJaFBvvmMPqW8X8K65kB5rHjro8rCY66oZsER3GeN5y4vCR0OyZ0FGdPyAYbsg4aQcT4FvO3w1ipDhSkyQYMh9jKmu6DxCLaMMENOBolIDmLW9VafME7BgXmBIn7MDUFJSsUTUqEps9ySdwAV-6O9qFN-1NJLjzm7Br_dJkCLxLQZrmugIrhqdbcvKi_M90pmX2LD2vfArcRPuU=N; expires=Tue, 28 Mar 2023 16:13:21 GMT; path=/signin-oidc; secure; samesite=none; httponly
.AspNetCore.Correlation.I9LJJm0xG9qS5XUK-jOA7BqSfX3ekKZvplwRJOsZMtE=N; expires=Tue, 28 Mar 2023 16:13:21 GMT; path=/signin-oidc; secure; samesite=none; httponly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d09f346e-3b3f-4bbc-b4cd-ad6f9df1ab6e.png
95.101.95.18200 OK 4.2 kB URL HTTP/2 support.content.office.net/en-us/media/d09f346e-3b3f-4bbc-b4cd-ad6f9df1ab6e.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash b93f7321e326ca5c00d52e5df0357efa
5620e44d1318a3fa8c3f3f7685d76706752f4e36
5b00dfd36987ed6f3f48ba6eac2f7d177b9eb6526ef82f2cc786549bad43b5ec
GET /en-us/media/d09f346e-3b3f-4bbc-b4cd-ad6f9df1ab6e.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 4246
content-type: image/png
content-md5: uT9zIeMmylwA1S5d8DV++g==
last-modified: Fri, 04 Mar 2022 07:17:52 GMT
etag: 0x8D9FDAF18FAABFA
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2bd0d184-901e-002d-6e1f-39d613000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png
95.101.95.18200 OK 4.6 kB URL HTTP/2 support.content.office.net/en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash c59d7f179b1837d03040c0673c5ec15d
e219f3e3a6a01233b84bb27ef7ebe941a792a3af
e83c28f43b70c9d58e8f8758e547b985577f5a38045f1b5a63169913f02a0cc5
GET /en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 4596
content-type: image/png
content-md5: xZ1/F5sYN9AwQMBnPF7BXQ==
last-modified: Fri, 04 Mar 2022 07:17:49 GMT
etag: 0x8D9FDAF172969CD
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 00d2a09e-301e-001b-4110-5a5b63000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d6ba446c-4077-4462-bfc9-7ddf7c07d7bd.png
95.101.95.18200 OK 4.3 kB URL HTTP/2 support.content.office.net/en-us/media/d6ba446c-4077-4462-bfc9-7ddf7c07d7bd.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash dc66df4b133bbbeed776ca86b5ad68da
eab70e67489815ac093d17c1922a5dc5cf8c0ef0
8cbbbe47e52239d7d23ae19946fc2b2e3c6e95dcf7631c807af7a811c89cb78e
GET /en-us/media/d6ba446c-4077-4462-bfc9-7ddf7c07d7bd.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 4280
content-type: image/png
content-md5: 3GbfSxM7u+7XdsqGta1o2g==
last-modified: Fri, 04 Mar 2022 20:23:50 GMT
etag: 0x8D9FE1CE54267E6
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 20c6b4f4-c01e-0042-78b9-93dce0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png
95.101.95.18200 OK 3.4 kB URL HTTP/2 support.content.office.net/en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash b7b315e5398a5177f50394fc16f577a6
23d3cbf6a21d4fc6c275e70cd71e9f276bb4db52
92aa5dec4f2ee690cf1f8230fd67ed58b5918a7d1b0137dee46e6751fb439da6
GET /en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 3425
content-type: image/png
content-md5: t7MV5TmKUXf1A5T8FvV3pg==
last-modified: Fri, 04 Mar 2022 07:17:31 GMT
etag: 0x8D9FDAF0BEDAF8E
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b9b9a6bc-d01e-002c-399e-ba89cf000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png
95.101.95.18200 OK 785 B URL HTTP/2 support.content.office.net/en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 859052ca7e07aca482d0ef74f86b45b6
d680c1c7c84a04ab96bc23adecee5efc4bc71bb4
4c238159bdfd032eb6ef4fefe83f453d3166adeb2331ba61dbdd67dfa6d0ed36
GET /en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 785
content-type: image/png
content-md5: hZBSyn4HrKSC0O90+GtFtg==
last-modified: Wed, 09 Mar 2022 06:23:54 GMT
etag: 0x8DA0195629FEC6D
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b6f56529-201e-0017-52bc-accc6b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png
95.101.95.18200 OK 210 B URL HTTP/2 support.content.office.net/en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 2-bit colormap, non-interlaced\012- data
Hash 5e136d738c93fdb32c08fdb249905c1f
abeaa733ead9d6a3843aae402afe8d8fbf0452bf
5a639ac902dffec0b8174e7a2dda2e18c8038b76ff5c88ec507984e71b7b4a1b
GET /en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 210
content-type: image/png
content-md5: XhNtc4yT/bMsCP2ySZBcHw==
last-modified: Fri, 04 Mar 2022 07:17:30 GMT
etag: 0x8D9FDAF0B81DF68
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b07e7aca-101e-000c-3c0f-9bf268000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png
95.101.95.18200 OK 2.7 kB URL HTTP/2 support.content.office.net/en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 4ef082afe9892d1af2bf56ebbbe43b24
6af8951ab396523fd8339b2df591835838d15c42
664490c5ed805c089f854c1edf01d005f170730a3614d19c60375eb7c3b08fdf
GET /en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 2703
content-type: image/png
content-md5: TvCCr+mJLRryv1bru+Q7JA==
last-modified: Fri, 04 Mar 2022 07:17:28 GMT
etag: 0x8D9FDAF0AA3B079
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 23f6ee29-401e-0011-2262-f9ffd4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png
95.101.95.18200 OK 150 kB URL HTTP/2 support.content.office.net/en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png
IP 95.101.95.18:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size 150 kB (150348 bytes)
Hash 9aea7c1dc69d1cea907c024eab971118
4986a5deab1bb0c9f0a66e5ea996bce6f56683aa
ce4c6516f665d6893fdbe6e537c75e52213793bc2a6c55457fa63ebf1344112f
GET /en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 150348
content-type: image/png
content-md5: mup8HcadHOqQfAJOq5cRGA==
last-modified: Thu, 27 Oct 2022 22:24:37 GMT
etag: 0x8DAB86A08773082
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 37276f0b-d01e-0013-1d80-f2416c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/kxFy-clip.png
143.198.136.192200 OK 542 B URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/kxFy-clip.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 66 x 68, 8-bit colormap, non-interlaced\012- data
Hash 0e9558d2d6e8000ce5c6c749c8fc67c2
f7ba9490807ef70bb6195150d6287cd54b7fefd0
91fb42a68a122344fd78cfd5f0cf9d06ff6d307fd4a5c68f40231c5950ece9a1
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/kxFy-clip.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:53 GMT
ETag: "21e-5f7f7ec1bd05d"
Accept-Ranges: bytes
Content-Length: 542
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
143.198.136.192/tj7/9chrmx0973xu9x08x/minimize.jpeg
143.198.136.192200 OK 17 kB URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/minimize.jpeg
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3\012- data
Hash 4bf52eb9b3efce840add1a90d83a40e5
6348a7617dfce3165e07af53a48df7892d62ffe1
a85f1e749a829c5c909837844c6b53ce0a9ae2adb7c8eac0e7b96c372c679a0d
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/minimize.jpeg HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:49 GMT
ETag: "4315-5f7f7ebe1e92c"
Accept-Ranges: bytes
Content-Length: 17173
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js
13.107.238.53200 OK 41 kB URL HTTP/2 js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65395)
Hash 55818559c4b6ba78df32cb70031f131d
ddc4679746116244e252e11afb375abff63f6a01
442ae4a4cf13427c9a72e8af83dcba065a16231cec3e10088c634cf02708b393
GET /scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js HTTP/1.1
Host: js.monitor.azure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: RlzwH95FOkmm6gksZWAC+w==
last-modified: Thu, 18 Aug 2022 21:40:45 GMT
etag: 0x8DA81624EF9033C
x-cache: TCP_HIT
x-ms-request-id: 88b32127-101e-002b-72a3-5d2caf000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.6
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0e7IhZAAAAADE/pe/NIVMSI19XgqJl4l2QU1TMDRFREdFMTgxOQBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
x-azure-ref: 0nQ4jZAAAAABtR0kGp6ceT4iWyjjFKvNwU1ZHMjBFREdFMDUyMgBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Tue, 28 Mar 2023 15:58:20 GMT
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/okPE-vs.png
143.198.136.192200 OK 313 B URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/okPE-vs.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 37 x 38, 8-bit grayscale, non-interlaced\012- data
Hash f8176054bb2e264452c0d7c3a1a1093c
dd3145e0f95a236e073a780a2529febf409d4f2b
bf8ebf2c2aeb4d8310341694baf1ed935d35c68c1572588af85b4775d5cf500e
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/okPE-vs.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:48 GMT
ETag: "139-5f7f7ebcfd9b6"
Accept-Ranges: bytes
Content-Length: 313
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
support.microsoft.com/css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI
2.18.172.114200 OK 654 B URL HTTP/2 support.microsoft.com/css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI
IP 2.18.172.114:0
File type ASCII text, with very long lines (1877), with no line terminators
Hash 0d5d7ed2a6b811caffa8f525e3f71610
553802ca3a157bfd1fd028f494b792c201eb1ef7
8af71052a0ee40641e37dc7ec367a380e1d88cdc057a71b460f397085c011fcc
GET /css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd3903fb455"
last-modified: Thu, 09 Feb 2023 22:12:14 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATD1USELT:00000004
x-operationid: 1a5945489342e777d3ba9f9b3ebabcaf
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 654
cache-control: private, max-age=28534285
date: Tue, 28 Mar 2023 15:58:21 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/sitewide/articleCss-overwrite.css?v=Agp_0EWD3V-aZnCFUrPvHDFynjvCYTVYUcRwnbKUcJc
2.18.172.114200 OK 218 B URL HTTP/2 support.microsoft.com/css/sitewide/articleCss-overwrite.css?v=Agp_0EWD3V-aZnCFUrPvHDFynjvCYTVYUcRwnbKUcJc
IP 2.18.172.114:0
File type ASCII text, with very long lines (592), with no line terminators
Hash ee52039f75c0cc68ae07376cf6c09632
d46f85e21d23f52dc13a0c88482fe5f3988fbbd0
14e18ed1e0a9ea3854480e4ea2275b4390dac10036090f98e105c4d04de51fd1
GET /css/sitewide/articleCss-overwrite.css?v=Agp_0EWD3V-aZnCFUrPvHDFynjvCYTVYUcRwnbKUcJc HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95cecb3a34a50"
last-modified: Wed, 22 Mar 2023 18:32:48 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPB0GDQO40M:00000002
x-operationid: 0fb9083ea8f40b8ea4bea848fbb85ae1
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 218
cache-control: private, max-age=31464358
date: Tue, 28 Mar 2023 15:58:21 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI
2.18.172.114200 OK 1.5 kB URL HTTP/2 support.microsoft.com/css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI
IP 2.18.172.114:0
File type ASCII text, with very long lines (4370), with no line terminators
Hash 99ba2848ba9a06514e6cc579f6995206
632460dae575c7c20a27b5716c236d9debe4b9ed
85455b4dd8114d33bedf87384aa0ee36a67b38183452686a76c2846d11caf3f1
GET /css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd345be2792"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATAF6QE2N:00000007
x-operationid: bcf7a863a55c2f3056da2b8d1ebda881
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1492
cache-control: private, max-age=28534756
date: Tue, 28 Mar 2023 15:58:21 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
2.18.172.114200 OK 3.1 kB URL HTTP/2 support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
IP 2.18.172.114:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (10532), with no line terminators
Hash 0737acfed55616de4eda800b15cbf1fb
7e896a35974259d41ced3e2b70f564f3c34df4f8
8da6bcf631d27020b2ff6b788648d0f124f69ee5806e37ce415cdf9d4b88b8c9
GET /css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fc6dcc3b"
last-modified: Thu, 09 Feb 2023 22:08:06 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9HC2Q08:00000003
x-operationid: 4052353e8561fa8359cf8f718f5e1cd5
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 3141
cache-control: private, max-age=28534611
date: Tue, 28 Mar 2023 15:58:21 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4
2.18.172.114200 OK 814 B URL HTTP/2 support.microsoft.com/css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4
IP 2.18.172.114:0
File type ASCII text, with very long lines (2230), with no line terminators
Hash e22f91333200d597a00d4e98527400e1
76659fa749d8848ace64e464941316325b07bb42
831d28e62fbfbb7488dc3471184f9116ebc453bed3464870815e22c9e2240233
GET /css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fd9f1cb6"
last-modified: Thu, 09 Feb 2023 22:08:08 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9TTJPSF:00000007
x-operationid: a8c1176152eae790e1c66cc9e7ef4244
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 814
cache-control: private, max-age=28534383
date: Tue, 28 Mar 2023 15:58:21 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/-EBq-current.png
143.198.136.192200 OK 1.2 kB URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/-EBq-current.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 27 x 28, 8-bit colormap, non-interlaced\012- data
Hash 35629cc2adc804353a548305f1217206
cda6e89c5f6a644683aea6999a5d11e00dc64275
c1d52e31f7fc13cbb3efca8b0ec937ddd97a5ec545c4dad26193429db10d8662
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/-EBq-current.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:48 GMT
ETag: "48a-5f7f7ebc5b8d3"
Accept-Ranges: bytes
Content-Length: 1162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
support.microsoft.com/css/glyphs/SupMDL2_v4_69.woff2
2.18.172.114200 OK 30 kB URL HTTP/2 support.microsoft.com/css/glyphs/SupMDL2_v4_69.woff2
IP 2.18.172.114:0
File type Web Open Font Format (Version 2), TrueType, length 29588, version 0.0\012- data
Hash f04217f47619ac51664e7a65b3f77b48
c32c07c33ba8850f282492b2bd38be170b556541
5975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61
GET /css/glyphs/SupMDL2_v4_69.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 29588
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1d93cd2fd9f6794"
last-modified: Thu, 09 Feb 2023 22:08:08 GMT
request-context: appId=
x-correlationid: 0HMOAT9TTJQ9L:0000000C
x-operationid: 6d6743342ea344f98126edce9edbb2ed
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=28534818
date: Tue, 28 Mar 2023 15:58:21 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png
95.101.95.18200 OK 94 kB URL HTTP/2 support.content.office.net/en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png
IP 95.101.95.18:0
File type PNG image data, 2006 x 426, 8-bit colormap, non-interlaced\012- data
Hash f2378ce679cd470615bc0f5fdfb04868
377f63641a07739d73b4b119c927dc43a853d5cf
d66573493a7baebfb1ebf6913e924129bebf36b563d84a7e613a6418a79637fd
GET /en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 94486
content-type: image/png
content-md5: 8jeM5nnNRwYVvA9f37BIaA==
last-modified: Thu, 07 Oct 2021 18:46:47 GMT
etag: 0x8D989C2D12875EB
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: eec53ea8-501e-007f-5450-abaafb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/arrow.svg
143.198.136.192200 OK 193 B URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/arrow.svg
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 1b49457044fe0f969a601eade5b861ee
bb0139e4c98ac050717094b636612ce758a42062
65e5c584d029650c691506517be54c0046cb94f48b8522d7c78d3a550220691f
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/arrow.svg HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:46 GMT
ETag: "c1-5f7f7ebb157d0"
Accept-Ranges: bytes
Content-Length: 193
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/svg+xml
support.content.office.net/en-us/media/d245e220-3337-404c-b0cc-c0684b680f7e.png
95.101.95.18200 OK 9.4 kB URL HTTP/2 support.content.office.net/en-us/media/d245e220-3337-404c-b0cc-c0684b680f7e.png
IP 95.101.95.18:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash ebd667c89f68bf45837e47001c909015
c258e7eaa89971ff277d22bad64e71025d3b16f3
b51cbe1af99579551b84a0dd4310f2cc763aba6885f9e302cb164c67c661bc9d
GET /en-us/media/d245e220-3337-404c-b0cc-c0684b680f7e.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 9385
content-type: image/png
content-md5: 69ZnyJ9ov0WDfkcAHJCQFQ==
last-modified: Fri, 04 Mar 2022 07:17:50 GMT
etag: 0x8D9FDAF17BE6653
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e2b523d6-601e-0039-6a9f-e19e7c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/Z5BR-network.png
143.198.136.192200 OK 607 B URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/Z5BR-network.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 63 x 70, 8-bit colormap, non-interlaced\012- data
Hash 2cd03a547f00cad010f9038619df45de
912f919836a77a514c76b990aceaf5e930a24024
c56a8ae4818963e0d71eda4ebf46b4f2cdd3a238537dc8e99711fb690d272a73
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/Z5BR-network.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:46 GMT
ETag: "25f-5f7f7eba70811"
Accept-Ranges: bytes
Content-Length: 607
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
143.198.136.192/tj7/9chrmx0973xu9x08x/s-S4-acc.png
143.198.136.192200 OK 813 B URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/s-S4-acc.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 77 x 72, 8-bit colormap, non-interlaced\012- data
Hash d648c1837d01495eccd63e053491f72a
991d8f6c72777239472410d6129fd5f25ed9d134
9edbf56b360080f5d6765dce77353b8130e9f8316ad34c68f6c2792cdc446321
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/s-S4-acc.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:53 GMT
ETag: "32d-5f7f7ec16df29"
Accept-Ranges: bytes
Content-Length: 813
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156159013448918.YzAwMTMwZmQtNjVkZC00ZmRlLWEwMDMtZDZkZjc5YzdlMjk4N2MxYmYxMTktY2EyMC00NzhhLTkxZWQtNzVmMTVjMmQ0Yzg1&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-iHR9Wfvt_-IJDJ9wuByW-8y-UokZNTbLslum14M--Sh8UXctE8ykQv9ky2XHh2-bVAsUdb2VguZZWmeRXxkuHLmc0UNj8ArITTgV7Xb1mG8Sg7S7ZpbVuaG3FfrszTININSKXLxQ_GoLqRVMGAXRrBxRCbYv3n4-a9OCqG4YEX9tv4KFS8QTm9rPb0ldhyGZFsCQW9nT39tPazDesAvbyYrbyMsIsq3wZzBzy55lhHCaiu0H7s9-j0PQ7ipfm1TxuVZT0kjucYVi0SCDuVxDW9O49ySCybIqDHHjF29a5n9FKVsaxbh6m6F7DI5hf0WO0sETE0-CB8v1WnZDxE9a2U&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
40.126.32.137200 OK 59 kB URL HTTP/1.1 login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156159013448918.YzAwMTMwZmQtNjVkZC00ZmRlLWEwMDMtZDZkZjc5YzdlMjk4N2MxYmYxMTktY2EyMC00NzhhLTkxZWQtNzVmMTVjMmQ0Yzg1&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-iHR9Wfvt_-IJDJ9wuByW-8y-UokZNTbLslum14M--Sh8UXctE8ykQv9ky2XHh2-bVAsUdb2VguZZWmeRXxkuHLmc0UNj8ArITTgV7Xb1mG8Sg7S7ZpbVuaG3FfrszTININSKXLxQ_GoLqRVMGAXRrBxRCbYv3n4-a9OCqG4YEX9tv4KFS8QTm9rPb0ldhyGZFsCQW9nT39tPazDesAvbyYrbyMsIsq3wZzBzy55lhHCaiu0H7s9-j0PQ7ipfm1TxuVZT0kjucYVi0SCDuVxDW9O49ySCybIqDHHjF29a5n9FKVsaxbh6m6F7DI5hf0WO0sETE0-CB8v1WnZDxE9a2U&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
IP 40.126.32.137:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (42201), with CRLF, LF line terminators
Hash e2bd900a58798a3b2f390c7da9fce615
b845eb2076b77c7f12bb1e4b46b0bd118cd50620
aacdd6c254d219f692468b72737d2fd0ba466192a0b67bc6fc39d4b59b1421a5
GET /common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156159013448918.YzAwMTMwZmQtNjVkZC00ZmRlLWEwMDMtZDZkZjc5YzdlMjk4N2MxYmYxMTktY2EyMC00NzhhLTkxZWQtNzVmMTVjMmQ0Yzg1&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-iHR9Wfvt_-IJDJ9wuByW-8y-UokZNTbLslum14M--Sh8UXctE8ykQv9ky2XHh2-bVAsUdb2VguZZWmeRXxkuHLmc0UNj8ArITTgV7Xb1mG8Sg7S7ZpbVuaG3FfrszTININSKXLxQ_GoLqRVMGAXRrBxRCbYv3n4-a9OCqG4YEX9tv4KFS8QTm9rPb0ldhyGZFsCQW9nT39tPazDesAvbyYrbyMsIsq3wZzBzy55lhHCaiu0H7s9-j0PQ7ipfm1TxuVZT0kjucYVi0SCDuVxDW9O49ySCybIqDHHjF29a5n9FKVsaxbh6m6F7DI5hf0WO0sETE0-CB8v1WnZDxE9a2U&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/
Connection: keep-alive
Cookie: brcap=0; MSFPC=GUID=27491a5fca0c436896bdbf20a1588da0&HASH=2749&LV=202205&V=4&LU=1652883922743; ESTSSSOTILES=1; AADSSOTILES=1; buid=0.ARoAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevruHNYX5kFU2kEfBA8bcAEwQC27L9mt1BInuTBF1fXe0-7V8o7fcH4rEnFRelk5yV7hja_49kb24JjMoo6jRXkjl9Ou_FPyIdP9in5OnDFuscgAA; fpc=Av4p5eaUltZBnIP_klhDkt5qwEtIAQAAALYDtdsOAAAA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msauth.net>; rel=dns-prefetch, <https://aadcdn.msftauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: ae2af3c7-0a06-45e5-b5c2-92e3c0de2700
x-ms-ests-server: 2.1.14990.5 - NEULR2 ProdSlices
x-ms-clitelem: 1,0,0,,
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: buid=0.ARoAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrsaZQvT34eSN2KXjarUnotlWIYqmGSxxNwtsTkCnOjcqGSIFwVvMGcN6ZxVraiYwkCudRJ5o8u_zN7y6EGtAT7_hMZ56Abr6-lualhNuexDcgAA; expires=Thu, 27-Apr-2023 15:58:21 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=Av4p5eaUltZBnIP_klhDkt5qwEtIAQAAAOIEtdsOAAAA; expires=Thu, 27-Apr-2023 15:58:21 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABAAEAAAD--DLA3VO7QrddgJg7WevrcF5cCvPSHz_VXJq6gTSPjugvozmIEyCHakIApIWOC8ZU3KIwuSbOOeUuUzq_Kkp_0NIu3wRsSaZoPGBET5sbl51ERF8-1845qtFh_yzAkkkaVqHXc_asLoi7MKaIC3WZbwgPlvMs4zjr13fUwiqfFz6NSWHoHnSxLDkV1x1sBZsgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 28 Mar 2023 15:58:20 GMT
Content-Length: 59269
143.198.136.192/tj7/9chrmx0973xu9x08x/qsbs-firewall.png
143.198.136.192200 OK 920 B URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/qsbs-firewall.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 77 x 63, 8-bit colormap, non-interlaced\012- data
Hash b0495ede4c875843fec037c794e9ff9a
c813aefba255a5cc53aea7811f987ccb551c3128
52b762d47c066e16300675d56cc359b504ffd3239438c96eb973864311bb7b79
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/qsbs-firewall.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:47 GMT
ETag: "398-5f7f7ebc1e0c7"
Accept-Ranges: bytes
Content-Length: 920
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
143.198.136.192/tj7/9chrmx0973xu9x08x/def.png
143.198.136.192200 OK 3.8 kB URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/def.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 77a2ffc5545f87551d74781201de9b3b
c9c3798afd2ae95aa3bba3c428335d49c8255b06
316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/def.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:47 GMT
ETag: "efa-5f7f7ebbcc0b7"
Accept-Ranges: bytes
Content-Length: 3834
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=3c51336a-b8f5-4621-5a6c-7196bfeaebe5&partnerId=smcconvergence&idpflag=proxy
40.126.32.137200 OK 1.3 kB URL HTTP/1.1 login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=3c51336a-b8f5-4621-5a6c-7196bfeaebe5&partnerId=smcconvergence&idpflag=proxy
IP 40.126.32.137:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 7d366bfa7c9b7951156ee8aba87da979
37591dff2710f5dc1fa49930c6243a64959d85c3
3211675897496be86ecb797bb8a5423f756caec84aef713cd4e794f808b8e2d8
GET /savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=3c51336a-b8f5-4621-5a6c-7196bfeaebe5&partnerId=smcconvergence&idpflag=proxy HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Cookie: brcap=0; MSFPC=GUID=27491a5fca0c436896bdbf20a1588da0&HASH=2749&LV=202205&V=4&LU=1652883922743; ESTSSSOTILES=1; AADSSOTILES=1; buid=0.ARoAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrsaZQvT34eSN2KXjarUnotlWIYqmGSxxNwtsTkCnOjcqGSIFwVvMGcN6ZxVraiYwkCudRJ5o8u_zN7y6EGtAT7_hMZ56Abr6-lualhNuexDcgAA; fpc=Av4p5eaUltZBnIP_klhDkt5qwEtIAQAAAOIEtdsOAAAA; esctx=PAQABAAEAAAD--DLA3VO7QrddgJg7WevrcF5cCvPSHz_VXJq6gTSPjugvozmIEyCHakIApIWOC8ZU3KIwuSbOOeUuUzq_Kkp_0NIu3wRsSaZoPGBET5sbl51ERF8-1845qtFh_yzAkkkaVqHXc_asLoi7MKaIC3WZbwgPlvMs4zjr13fUwiqfFz6NSWHoHnSxLDkV1x1sBZsgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 0ce88054-ea20-43c2-9a5e-e9ab16e42b00
x-ms-ests-server: 2.1.14990.5 - NEULR2 ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: fpc=Av4p5eaUltZBnIP_klhDkt5qwEtIAQAAAOIEtdsOAAAA; expires=Thu, 27-Apr-2023 15:58:21 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 28 Mar 2023 15:58:20 GMT
Content-Length: 1305
143.198.136.192/tj7/9chrmx0973xu9x08x/antivirus.png
143.198.136.192200 OK 17 kB URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/antivirus.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash f6e5701a264992107acc4583ed4ae622
a6df615fcb3a05bf4aefa62221127970956e5de6
45eb621e5fa1258a63f8e53d8032a1acd8805366bf0ea4c5f48cb2adbeaaa28f
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/antivirus.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:53 GMT
ETag: "427d-5f7f7ec121cd1"
Accept-Ranges: bytes
Content-Length: 17021
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6143
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 15:58:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6143
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 15:58:21 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ada29e049501b12a35b0bcc5f68e3e57
5c1ba9bffbcc9007e7f119dbb3197db34a12f8da
b45583b5845129386a456e03fbdba25305c8d6d9fb5a8f01d783816ced080629
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10744
x-amzn-requestid: d693d820-7eed-47a3-9b0b-8f43c141bd3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbogF0poAMFTAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220c9c-22ab350146e8a3a606f74c42;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: KAI78tfv0ATn1DQvBGyodBs9UWsIGdj1Fa50KowbUAO4ab2ceaYhMw==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:49:26 GMT
age: 65335
etag: "5c1ba9bffbcc9007e7f119dbb3197db34a12f8da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
2.18.173.151200 OK 28 kB URL HTTP/2 www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
IP 2.18.173.151:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16813), with CRLF, LF line terminators
Hash 747d3e330868a8eaab7874e34d407bd2
9b616a62b00d26cf7d901ff3c4322ab3964326d1
daf43685beeaa17fd4ea49088c1756f2dc07058b238e851df74f55ecfab2929b
GET /en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/en-US
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-transform
content-type: text/html; charset=utf-8
x-activity-id: b2b43b59-5423-48c5-9048-50d87c7353c0
x-appversion: 1.0.8468.43152
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
ms-operation-id: af1767fc3e1ecb40bc6f330b22f3fd21
p3p: CP="CAO CONi OTR OUR DEM ONL"
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 28 Mar 2023 15:58:21 GMT
content-length: 28057
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV47501ca0.0
ms-cv-esi: CASMicrosoftCV47501ca0.0
set-cookie: akacd_OneRF=1687795101~rv=23~id=884dd0a69d083110f0c8dacfd0e2e8ab; path=/; Expires=Mon, 26 Jun 2023 15:58:21 GMT; Secure; SameSite=None
x-rtag: RT
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: I3GuoZ4ZxAtz0sKe3wrW67aitLlCAbaZkiPw23fl0F3FoumJDEnXiQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 10:12:21 GMT
age: 20760
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fdd8a3f935830ca9e5ffdb5824acebc
39caaddec703fdad962d03fff8687bad2c1df4ad
6fe6301fb3610c3e8a9b62671579db53189bb62ead4cf5ab30a1f1e0b90b8ca2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7537
x-amzn-requestid: 2fb06f69-4757-4ba5-9f20-6e829127b931
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbqWETgoAMFV5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca8-6421e38b3a0ac0590ffa8b52;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:44 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: JZfiBSqQdWXqpaxSlepC6hEJ888ja6o10GW0KziDifD8KdTmDTn0eQ==
via: 1.1 4e4278a2778e72cc34feef6db603088c.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:05:18 GMT
age: 64383
etag: "39caaddec703fdad962d03fff8687bad2c1df4ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png
34.120.237.76200 OK 20 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e093e7b5c12cfc2aee601f823ea47e
d76b3958471b2ed70a2b52f078ec638748fdb441
de4fc669195611c4ea6fe7d920482987aef077973b4973c01e2f362aeb18c2ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 20349
x-amzn-requestid: 8e810007-5602-40d0-b103-da5421381d67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbpjHdcoAMFSuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca3-22f4671a5cd5fab36268ae3f;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:39 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: -rX6JXPNzVJyz9ykqPUCTNBUK9NOK2CAwrrVNPsoVfCDIEeH3AS3bQ==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:55:30 GMT
age: 64971
etag: "d76b3958471b2ed70a2b52f078ec638748fdb441"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1da68df9d96e2758e37b9f15daab027b
5ff19ed6dc5752aa4b15fb88da972b736fd55783
ad924425946dbdf309c764e7097e676185516301feb7722b30d95ffd50b4353f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7426
x-amzn-requestid: 85a30298-4613-4a96-bdba-0899fe9f9475
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdcsgGZsoAMFQkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220e4f-10db431e7632048d7b15e0ec;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:44:47 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: JDa9YUJ9xo5mo8tb7poZC8XJDp6USTidZjWEwTZCrioJxR7vur6uJw==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:00:12 GMT
age: 64689
etag: "5ff19ed6dc5752aa4b15fb88da972b736fd55783"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 789f11978a1149984408fbbb9a2b3f81
078bd523107096bab5e26d42b18e316c253f1ca7
7974980290443b64126f512686261150cd27331cb7b32a96d1167a97d046e8a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8961
x-amzn-requestid: 9277e35d-8fe8-482e-b65c-b132dfcbd87e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbqBGl0IAMFy4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca6-7869936b33cbf3633c68e7ac;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Xz5zjv-po5mgSFz_kkZZ5Hvw9SxY-3d-J2DpvFWxM-iI4jXTsUbiyg==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 10:16:22 GMT
age: 20519
etag: "078bd523107096bab5e26d42b18e316c253f1ca7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
login.live.com/Me.htm?v=3
40.126.31.68200 OK 1.1 kB URL HTTP/1.1 login.live.com/Me.htm?v=3
IP 40.126.31.68:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
Hash 9c08f0f5b411918572bb176b56d4b747
12814f1ffd1c414337cfc57da7561f4386ec8b67
d9f196403747ff4bbf6c3d61c7319f51e33be05825ac3b5200665e6e5ee26c0e
GET /Me.htm?v=3 HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=315360000
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Fri, 25 Mar 2033 15:58:21 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: R3_BL2
x-ms-request-id: 96232037-34f1-46e6-a8a0-4ba4878bea87
PPServer: PPV: 30 H: BL02EPF000016AF V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=c0b744afcfec4e61a133b76643ef9dfa; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=N<=1680019101&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Tue, 28 Mar 2023 15:58:21 GMT
Content-Length: 1132
143.198.136.192/tj7/9chrmx0973xu9x08x/virus-images.png
143.198.136.192200 OK 33 kB URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/virus-images.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 200 x 191, 8-bit/color RGBA, non-interlaced\012- data
Hash 68c7d1836cf921e767b980e8ce6d845b
395fc474214809b1282fc589e4a8f0be81b16adc
870e9d768ba46521935ced4cee560acfbb4f12370e5476dc6a2a45f0141a8392
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/virus-images.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:46 GMT
ETag: "8256-5f7f7ebac37c0"
Accept-Ranges: bytes
Content-Length: 33366
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
www.microsoft.com/mwf/css/MWF_20230313_66247431/west-european/default/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0&include_base=true
2.18.173.151200 OK 22 kB URL HTTP/2 www.microsoft.com/mwf/css/MWF_20230313_66247431/west-european/default/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0&include_base=true
IP 2.18.173.151:0
File type Unicode text, UTF-8 text, with very long lines (64174)
Hash c525127a72097b4f3ff72f20cbb16f10
e4026ae6b0987efafa99631574a80b92d701155d
286a6ec3d34691c0b980e09a03306c1ee822ff0ef0592ff030deeb71187d495c
GET /mwf/css/MWF_20230313_66247431/west-european/default/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0&include_base=true HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Mon, 27 Mar 2023 18:42:10 GMT
x-activity-id: b1113592-a596-4897-bce6-ee0ee39047c4
x-appversion: 1.0.8468.43152
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
ms-operation-id: 420fce3260126443ae1ef5007838f77c
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-s1: 2023-03-27T18:42:11
x-s2: 2023-03-27T18:42:11
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=31459428
expires: Tue, 26 Mar 2024 18:42:09 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
content-length: 21782
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV475020ad.0
ms-cv-esi: CASMicrosoftCV475020ad.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2
2.18.173.151200 OK 23 kB URL HTTP/2 www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2
IP 2.18.173.151:0
File type Web Open Font Format (Version 2), TrueType, length 22904, version 0.0\012- data
Hash c654a623ad90bb3dcd769dbbac34d863
8719de38f17d8e4d73e2a5e4e867d63dd3965baa
deec787cca1b9436e080478742a0299e0db1a9712543a72d2cdc8373fc45a432
GET /mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Mon, 16 May 2022 14:07:31 GMT
x-activity-id: e70f917b-6fcd-4b96-b7a7-97f8c9a3322e
x-appversion: 1.0.8153.36695
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-29T04:23:10.0000000Z}
ms-operation-id: 61cd73c50a64f14ba9f024fb26b8e4cb
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 22904
cache-control: public, max-age=17007951
expires: Wed, 11 Oct 2023 12:24:12 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV475020a9.0
ms-cv-esi: CASMicrosoftCV475020a9.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/mscomhp/_scrf/css/themes=default.device=uplevel_web_pc_moz/76-fd2264/19-19fa02/cb-ddc7e5?ver=2.0&_cf=02242021_3231
2.18.173.151200 OK 4.4 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/mscomhp/_scrf/css/themes=default.device=uplevel_web_pc_moz/76-fd2264/19-19fa02/cb-ddc7e5?ver=2.0&_cf=02242021_3231
IP 2.18.173.151:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (30540)
Hash 8d9b94114ca442a693b4b42f9b3e5e6d
0c83e8bca6400fec5f9e8a5f00c638581f8f8964
df92c807f4ab492ac914712d40440ee2f3bbcb8479f3f7c7ae9cc2004ee9e0a3
GET /onerfstatics/marketingsites-neu-prod/west-european/mscomhp/_scrf/css/themes=default.device=uplevel_web_pc_moz/76-fd2264/19-19fa02/cb-ddc7e5?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 01 Feb 2022 23:29:21 GMT
x-activity-id: 73b609d7-461f-42f0-8b11-b96f5f26ae13
x-appversion: 1.0.8061.4385
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-01-26T10:26:10.0000000Z}
ms-operation-id: e10933a303aa964b83eda21bcb981948
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-02-01T23:29:21
x-s2: 2022-02-01T23:29:21
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
unused62: 8096267
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=16092245
expires: Sat, 30 Sep 2023 22:02:26 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
content-length: 4369
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV475020ae.0
ms-cv-esi: CASMicrosoftCV475020ae.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/mwf/js/MWF_20230313_66247431/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0
2.18.173.151200 OK 16 kB URL HTTP/2 www.microsoft.com/mwf/js/MWF_20230313_66247431/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0
IP 2.18.173.151:0
File type ASCII text, with very long lines (32913)
Hash 0bbdd019a5883814c9b3066e14d32040
6c8bf2b2ca295f63da3dd00177e0f92eb6dff5a7
d7baf348469dc40ecc20a3ad3bd9bd91fac0e2730aca7da3e5a5435f29c44b7e
GET /mwf/js/MWF_20230313_66247431/button/glyph/heading/image/list/pagebehaviors/selectmenu/slider?apiVersion=1.0 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
last-modified: Mon, 27 Mar 2023 18:41:46 GMT
x-activity-id: 4d31b880-0c9e-4cc9-961b-8b8cb48f5626
x-appversion: 1.0.8468.43152
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
ms-operation-id: 97551b1fda7f17459dd96c0f3d697714
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-s1: 2023-03-27T18:41:47
x-s2: 2023-03-27T18:41:47
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=31459404
expires: Tue, 26 Mar 2024 18:41:45 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
content-length: 15548
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV475020cf.0
ms-cv-esi: CASMicrosoftCV475020cf.0
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/49-a00ab0/92-02e55d/d5-bf34c0/a9-078595/c6-188593/20-927336/44-f01b50/48-7cd437/e6-6b0cce/38-612ec2/ed-0fe1b2/8f-f92bc5/6f-2bab60/1c-f5690b/40-4a3a67/76-82dcbc/8f-3cb0d7/24-0b8102/66-24c457/89-14589c/ab-5499e7/fe-0d4f73/e1-5e7bbe/22-c58acf/21-4ee9db/f3-0fe860/9d-004e7f/28-b05709/2c-4dd93a/f6-de95f9/c6-38e19f/70-9cf744/2f-059bb7/4a-d36a4c/b9-ab82c2/7b-e9553a/1f-7a1d7d/97-4b42ca/47-c8e45f/ea-bc80c4/dc-f723c4/2b-1a1a95/e4-4ea025/90-8d6f4c/d9-095267/4b-8dbc84/ae-07eb21?ver=2.0&_cf=02242021_3231
2.18.173.151200 OK 80 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/49-a00ab0/92-02e55d/d5-bf34c0/a9-078595/c6-188593/20-927336/44-f01b50/48-7cd437/e6-6b0cce/38-612ec2/ed-0fe1b2/8f-f92bc5/6f-2bab60/1c-f5690b/40-4a3a67/76-82dcbc/8f-3cb0d7/24-0b8102/66-24c457/89-14589c/ab-5499e7/fe-0d4f73/e1-5e7bbe/22-c58acf/21-4ee9db/f3-0fe860/9d-004e7f/28-b05709/2c-4dd93a/f6-de95f9/c6-38e19f/70-9cf744/2f-059bb7/4a-d36a4c/b9-ab82c2/7b-e9553a/1f-7a1d7d/97-4b42ca/47-c8e45f/ea-bc80c4/dc-f723c4/2b-1a1a95/e4-4ea025/90-8d6f4c/d9-095267/4b-8dbc84/ae-07eb21?ver=2.0&_cf=02242021_3231
IP 2.18.173.151:0
File type ASCII text, with very long lines (49834)
Hash 224a515b9359fe4012b8c7319a7f6d3f
982c40534d77842abf10629828ab49ebff9b4543
1d28456deef085e03fba27663753453c301c8283fabfc12e9866afb6629b56ae
GET /onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/49-a00ab0/92-02e55d/d5-bf34c0/a9-078595/c6-188593/20-927336/44-f01b50/48-7cd437/e6-6b0cce/38-612ec2/ed-0fe1b2/8f-f92bc5/6f-2bab60/1c-f5690b/40-4a3a67/76-82dcbc/8f-3cb0d7/24-0b8102/66-24c457/89-14589c/ab-5499e7/fe-0d4f73/e1-5e7bbe/22-c58acf/21-4ee9db/f3-0fe860/9d-004e7f/28-b05709/2c-4dd93a/f6-de95f9/c6-38e19f/70-9cf744/2f-059bb7/4a-d36a4c/b9-ab82c2/7b-e9553a/1f-7a1d7d/97-4b42ca/47-c8e45f/ea-bc80c4/dc-f723c4/2b-1a1a95/e4-4ea025/90-8d6f4c/d9-095267/4b-8dbc84/ae-07eb21?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 13 Dec 2022 19:27:35 GMT
x-activity-id: 5475b4ba-afa9-449f-bb17-76d9359f5b00
x-appversion: 1.0.8349.33967
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-11-11T02:52:14.0000000Z}
ms-operation-id: 8c94162993d64b43bfacf8ca9a176113
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-12-13T19:27:35
x-s2: 2022-12-13T19:27:35
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=22476554
expires: Wed, 13 Dec 2023 19:27:35 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
content-length: 80008
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV475020bc.0
ms-cv-esi: CASMicrosoftCV475020bc.0
x-rtag: RT
X-Firefox-Spdy: h2
login.microsoftonline.com/common/instrumentation/reportstaticmecontroltelemetry?hpgid=7&hpgact=1800&client-request-id=541e284b-1e2f-4710-baba-7359e2eb164b&hpgrequestid=ae2af3c7-0a06-45e5-b5c2-92e3c0de2700
40.126.32.137200 OK 265 B URL HTTP/1.1 login.microsoftonline.com/common/instrumentation/reportstaticmecontroltelemetry?hpgid=7&hpgact=1800&client-request-id=541e284b-1e2f-4710-baba-7359e2eb164b&hpgrequestid=ae2af3c7-0a06-45e5-b5c2-92e3c0de2700
IP 40.126.32.137:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with no line terminators
Hash e995d2dc8182cd4a3bf094b26c1b5b07
173c89611c11c6be0cfe16b07e3d537b682c37f2
c149019520bb6b1ec150eaf9791405db266ad244a846fcd4af0ce2e2c720cd26
POST /common/instrumentation/reportstaticmecontroltelemetry?hpgid=7&hpgact=1800&client-request-id=541e284b-1e2f-4710-baba-7359e2eb164b&hpgrequestid=ae2af3c7-0a06-45e5-b5c2-92e3c0de2700 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638156159013448918.YzAwMTMwZmQtNjVkZC00ZmRlLWEwMDMtZDZkZjc5YzdlMjk4N2MxYmYxMTktY2EyMC00NzhhLTkxZWQtNzVmMTVjMmQ0Yzg1&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-iHR9Wfvt_-IJDJ9wuByW-8y-UokZNTbLslum14M--Sh8UXctE8ykQv9ky2XHh2-bVAsUdb2VguZZWmeRXxkuHLmc0UNj8ArITTgV7Xb1mG8Sg7S7ZpbVuaG3FfrszTININSKXLxQ_GoLqRVMGAXRrBxRCbYv3n4-a9OCqG4YEX9tv4KFS8QTm9rPb0ldhyGZFsCQW9nT39tPazDesAvbyYrbyMsIsq3wZzBzy55lhHCaiu0H7s9-j0PQ7ipfm1TxuVZT0kjucYVi0SCDuVxDW9O49ySCybIqDHHjF29a5n9FKVsaxbh6m6F7DI5hf0WO0sETE0-CB8v1WnZDxE9a2U&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
Content-Type: text/plain;charset=UTF-8
Content-Length: 33
Origin: https://login.microsoftonline.com
Connection: keep-alive
Cookie: brcap=0; MSFPC=GUID=27491a5fca0c436896bdbf20a1588da0&HASH=2749&LV=202205&V=4&LU=1652883922743; ESTSSSOTILES=1; AADSSOTILES=1; buid=0.ARoAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrsaZQvT34eSN2KXjarUnotlWIYqmGSxxNwtsTkCnOjcqGSIFwVvMGcN6ZxVraiYwkCudRJ5o8u_zN7y6EGtAT7_hMZ56Abr6-lualhNuexDcgAA; fpc=Av4p5eaUltZBnIP_klhDkt5qwEtIAQAAAOIEtdsOAAAA; esctx=PAQABAAEAAAD--DLA3VO7QrddgJg7WevrcF5cCvPSHz_VXJq6gTSPjugvozmIEyCHakIApIWOC8ZU3KIwuSbOOeUuUzq_Kkp_0NIu3wRsSaZoPGBET5sbl51ERF8-1845qtFh_yzAkkkaVqHXc_asLoi7MKaIC3WZbwgPlvMs4zjr13fUwiqfFz6NSWHoHnSxLDkV1x1sBZsgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 9c94eaea-30c1-4330-8ca0-c0211a772b00
x-ms-ests-server: 2.1.14990.5 - NEULR1 ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: fpc=Av4p5eaUltZBnIP_klhDkt5qwEtIAQAAAOIEtdsOAAAA; expires=Thu, 27-Apr-2023 15:58:21 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 28 Mar 2023 15:58:21 GMT
Content-Length: 265
support.microsoft.com/signin-oidc
2.18.172.114302 Found 0 B URL HTTP/2 support.microsoft.com/signin-oidc
IP 2.18.172.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /signin-oidc HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 477
Origin: https://login.microsoftonline.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
server: Kestrel
location: /en-us/silentsigninhandler
request-context: appId=
x-correlationid: 0HMPF0GD79EQF:000000C6
x-operationid: 585075272a340ad781c04beb19352da0
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Tue, 28 Mar 2023 15:58:22 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 28 Mar 2023 15:58:22 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
login.live.com/Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc
40.126.31.68200 OK 4.9 kB URL HTTP/1.1 login.live.com/Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc
IP 40.126.31.68:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (10755)
Hash c89c9ae49954549d99f9c9171868930e
d0b1565fe23596c118e3e817833a22eebc0ee06b
19e82fe1eb83a3957ed58a70748ced776da934ba8bf11609fc7164d33bb8161c
GET /Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=https%3a%2f%2flogin.microsoftonline.com&owreply=https%3a%2f%2fsupport.microsoft.com%2fsignin-oidc HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Tue, 28 Mar 2023 15:57:21 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-DNS-Prefetch-Control: on
Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: R3_BL2
x-ms-request-id: 9a207231-b7bf-48a2-b1c2-fbff9f491762
PPServer: PPV: 30 H: BL02PF0FD161414 V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=b74878c62af74b2da2a1c426d33ec0bd; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=12<=1680019101&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
OParams=11O.Dfl5NgstFCte8X1HPOd4pgG2ko18MFoei4VfUkONtBTY!yGaQApLz4!h*RnSoc3*8St3DcZY1VKHl37DN14gcOLKjZco4rmKeZg0bZm6CWQHynWvcNSLHbEpYCfSnmC0Ss!i5vm6084NCzF4ozmjDIMEoGotJ*gChzGwAfrhm8cetTcgltHj8AXkHYnLTNZB*ceE7YYaTJdcojf3cyq1ZnWlZn4M6jJ0RCaUAWbd0gopA36ybcjLJckjYzyq9m!EMlu*2H18IVnnaw!aeJE3VFQ$; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Tue, 28 Mar 2023 15:58:21 GMT
Content-Length: 4859
support.microsoft.com/en-us/silentsigninhandler
2.18.172.114200 OK 424 B URL HTTP/2 support.microsoft.com/en-us/silentsigninhandler
IP 2.18.172.114:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 9fe1678ac20768638cb473f5ef4484a3
df4cd66c7f8f1686f5454f1175ab07f61272f9e0
4463a4ecd35b7b4eea43d8c13095c2dd281721f59d1905da80e4fe7fa42de4ce
GET /en-us/silentsigninhandler HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: Kestrel
request-context: appId=
x-correlationid: 0HMPF0GD79EQF:000000C7
x-operationid: a7889f9dc2c979edb505faa77f463e9e
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
vary: Accept-Encoding
content-encoding: gzip
expires: Tue, 28 Mar 2023 15:58:22 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 28 Mar 2023 15:58:22 GMT
content-length: 424
strict-transport-security: max-age=86400 ; includeSubDomains
set-cookie: EXPID=3e720d30-c843-4504-aaef-c151004985d2; max-age=31536000; path=/; secure; samesite=none
ak_bmsc=3064F95362F4AEC25173D9A8D0F4D309~000000000000000000000000000000~YAAQZQplX3paqhSHAQAAVxnxKBOv2AyJGU2Tz/LnSjE39nkol8maZ+t5T3Rg2+fXjgWpZ4Y3eNdI95n71tR7uZjwgCKki4KDM3iyZQeCjYYORdUxTSJpT1GusRxCBV+z4iLpSshVNKyE7FJmWJOT6tei5Z3ft/SJhhxnsKLuNq5gWktQ/44Z0By04/OHCTQRFDWncxUu6Ap1MSoRHA68p73nhDk7XOXOyBhwHa3e6TqMgBybnRTup5yC9NertsJ/19FM41jdcVYZOcMKtapGr2uVPx1s6N4ffwBRLh1hyr4e6cB2Dzwpr7JpO/u+4hzagSPWQ/tEFOS9yNg4wxRTyeq0bsXLQo9OHvnaBBEPdv+/EFsNgjE+0+puxOxRyAwWc8i+BpBlWjqFnzbF; Domain=.microsoft.com; Path=/; Expires=Tue, 28 Mar 2023 17:58:22 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
13.107.237.53200 OK 82 kB URL HTTP/2 wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (63888), with no line terminators
Hash e51f388b62281af5b4a9193cce419941
364f3d737462b7fd063107fe2c580fdb9781a45a
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
GET /mscc/lib/v2/wcp-consent.js HTTP/1.1
Host: wcpstatic.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: max-age=43200
content-length: 81726
content-type: application/javascript
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
age: 9462
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2f3ba352-001e-003f-6578-619f7d000000
x-ms-version: 2009-09-19
x-azure-ref: 0ng4jZAAAAAD6WtsfXy1jQKDsnyX1CEVyU1ZHMjBFREdFMDUxNwAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/dfa0b592/coreui.statics/externalscripts/jquery/jquery-3.5.1.min.js
2.18.173.151200 OK 31 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/dfa0b592/coreui.statics/externalscripts/jquery/jquery-3.5.1.min.js
IP 2.18.173.151:0
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash 7800d0ad4e07822dcdcd087c3841ee3b
3279b7f56b6c431dcbfa907549f599c629e93233
927473bbef3c67ecbb4afb89ecd548efcb0493c581c4e3542ef8e1dd03f302fc
GET /onerfstatics/marketingsites-neu-prod/_h/dfa0b592/coreui.statics/externalscripts/jquery/jquery-3.5.1.min.js HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 16 May 2022 06:01:07 GMT
x-activity-id: 8dffb4d3-9b57-4f47-b6a5-682492c57639
x-appversion: 1.0.8153.36695
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-29T04:23:10.0000000Z}
ms-operation-id: 44f03ef48b035a47aea55caae288ece0
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 30958
cache-control: public, max-age=16123287
expires: Sun, 01 Oct 2023 06:39:49 GMT
date: Tue, 28 Mar 2023 15:58:22 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV475023aa.0
ms-cv-esi: CASMicrosoftCV475023aa.0
x-rtag: RT
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/en07.php
143.198.136.192401 Unauthorized 84 B URL HTTP/1.0 143.198.136.192/tj7/9chrmx0973xu9x08x/en07.php
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 52bf3ccddb64ba07d5d6d79fdfba4765
f369871f7f1efa470a92ebb8ab98ad26b6754965
11359d75d1ccf8ead98ba93030fb3e9050157c154ac53255f9dda71f1465c3d7
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/en07.php HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
Upgrade-Insecure-Requests: 1
HTTP/1.0 401 Unauthorized
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Set-Cookie: PHPSESSID=2gfgv8u1vjdg7bgst5h9qr3pb3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
WWW-Authenticate: Basic realm="Call Microsoft Security Helpline immediately. "
Refresh: 0; url=/tj7/9chrmx0973xu9x08x/en07.php
Content-Length: 84
Connection: close
Content-Type: text/html; charset=UTF-8
logincdn.msauth.net/16.000/content/js/MeControl_y7hQ8zvzxipQwKkN4y1uWg2.js
192.229.221.185200 OK 6.1 kB URL HTTP/2 logincdn.msauth.net/16.000/content/js/MeControl_y7hQ8zvzxipQwKkN4y1uWg2.js
IP 192.229.221.185:0
File type ASCII text, with very long lines (17286), with no line terminators
Hash cd96cd9fa056539f3f233cadee462c3d
08fb721d663673885713c9252b03e05cc3d00938
d714cf6f5d9610c9fab9e0b725701a71bd5f73587ff505a8c86a209e6a6ede30
GET /16.000/content/js/MeControl_y7hQ8zvzxipQwKkN4y1uWg2.js HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com/
Origin: https://login.live.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1703340
cache-control: public, max-age=31536000
content-md5: zZbNn6BWU58/Izyt7kYsPQ==
content-type: application/x-javascript
date: Tue, 28 Mar 2023 15:58:22 GMT
etag: 0x8DB1952FEA1D8AD
last-modified: Tue, 28 Feb 2023 06:14:05 GMT
server: ECAcc (ska/F756)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: d773bd4d-a01e-003d-1310-522d72000000
x-ms-version: 2009-09-19
content-length: 6055
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.136.192/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 28 Mar 2023 14:05:11 GMT
expires: Tue, 28 Mar 2023 16:05:11 GMT
cache-control: public, max-age=7200
age: 6791
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/cross.svg
143.198.136.192200 OK 586 B URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/cross.svg
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , Unicode text, UTF-8 text, with very long lines (584), with no line terminators
Hash bc1f7dd210381c4c10bd93c4bccdc587
76d3599df283231936edf5b2a31d15e8e76c22dd
50dc14b3d1fdd6aeeb9f2ca92062357bacecbf8f05992346ffe4178fd81ff68c
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/cross.svg HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:52 GMT
ETag: "24a-5f7f7ec08d69b"
Accept-Ranges: bytes
Content-Length: 586
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
143.198.136.192/tj7/9chrmx0973xu9x08x/cross.png
143.198.136.192200 OK 386 kB URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/cross.png
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced\012- data
Size 386 kB (386359 bytes)
Hash be42ad7752720327d28bf52dbdbb64c2
f4cce31b9236319aa9c87fee038638d1de12c07d
c3ad6aa1c03fd108854f008cfec2753ba623e1470a4d61798b5d8c050e474868
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/cross.png HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 15:58:21 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:49 GMT
ETag: "5e537-5f7f7ebe0b0c7"
Accept-Ranges: bytes
Content-Length: 386359
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
104.18.10.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP 104.18.10.207:0
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.136.192/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 15:58:20 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 25463348
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7af112f04b12b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://143.198.136.192
Connection: keep-alive
Referer: http://143.198.136.192/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 15:58:20 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"02d223393e00c273efdcb1ade8f4f8b1"
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
cdn-cachedat: 01/05/2023 11:07:49
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-edgestorageid: 1080
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 3d6010c360925704ac7495991edba787
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7af112f048dbb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1
13.107.238.53200 OK 0 B URL HTTP/2 mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, no-transform, max-age=43200
content-type: application/javascript
content-encoding: br
expires: Wed, 29 Mar 2023 01:50:10 GMT
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0HAojZAAAAAC/076l5Qf/QpiOQ+5rnxe8QU1TMDRFREdFMTgyMgBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0nQ4jZAAAAACy3i+D3SuSQJCc2/Pf8zi2U1ZHMjBFREdFMDYxNABlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/88-3d3ba4/8b-cbe548?ver=2.0&_cf=02242021_3231
2.18.173.151200 OK 0 B URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/88-3d3ba4/8b-cbe548?ver=2.0&_cf=02242021_3231
IP 2.18.173.151:0
GET /onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/88-3d3ba4/8b-cbe548?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4t1lL?pid=ocpVideo1-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&reporting=true&market=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 28 Feb 2023 18:25:17 GMT
x-activity-id: eff7ddc3-e1a7-4847-9ce7-31615bdb571e
x-appversion: 1.0.8433.39987
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-02-03T06:12:54.0000000Z}
ms-operation-id: c722c4c270c1a041919665eab5f01370
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2023-02-28T18:25:17
x-s2: 2023-02-28T18:25:17
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 69603
cache-control: public, max-age=29125639
expires: Wed, 28 Feb 2024 18:25:40 GMT
date: Tue, 28 Mar 2023 15:58:21 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV475020ca.0
ms-cv-esi: CASMicrosoftCV475020ca.0
x-rtag: RT
X-Firefox-Spdy: h2
js.monitor.azure.com/scripts/c/ms.analytics-web-3.2.7.min.js
13.107.238.53200 OK 0 B URL HTTP/2 js.monitor.azure.com/scripts/c/ms.analytics-web-3.2.7.min.js
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /scripts/c/ms.analytics-web-3.2.7.min.js HTTP/1.1
Host: js.monitor.azure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: Sb/q47QLN6j5URAwRjCa2Q==
last-modified: Wed, 05 Oct 2022 16:53:02 GMT
etag: 0x8DAA6F2110CCD22
x-cache: TCP_HIT
x-ms-request-id: b9bbd555-b01e-00cd-407e-5ec3d4000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.7
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0gzMeZAAAAAB+WDJ8hC4xTJvF6RFQRTY5QU1TMDRFREdFMTkxOQBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
x-azure-ref: 0nQ4jZAAAAAAWsXWaueyXSqJ/ZHJkBcxdU1ZHMjBFREdFMDYxMABmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Tue, 28 Mar 2023 15:58:20 GMT
X-Firefox-Spdy: h2
143.198.136.192/tj7/9chrmx0973xu9x08x/_Fm7-alert.mp3
143.198.136.192206 Partial Content 0 B URL HTTP/1.1 143.198.136.192/tj7/9chrmx0973xu9x08x/_Fm7-alert.mp3
IP 143.198.136.192:0
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert quad9 Sinkholed
GET /tj7/9chrmx0973xu9x08x/_Fm7-alert.mp3 HTTP/1.1
Host: 143.198.136.192
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://143.198.136.192/tj7/9chrmx0973xu9x08x/index.html
HTTP/1.1 206 Partial Content
Date: Tue, 28 Mar 2023 15:58:20 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 28 Mar 2023 15:57:52 GMT
ETag: "31080-5f7f7ec03d5c8"
Accept-Ranges: bytes
Content-Length: 200832
Content-Range: bytes 0-200831/200832
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: audio/mpeg
mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meBoot.min.js
13.107.238.53200 OK 0 B URL HTTP/2 mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meBoot.min.js
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /scripts/me/MeControl/10.23038.5/en-US/meBoot.min.js HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
last-modified: Fri, 24 Mar 2023 01:15:24 GMT
etag: "1d95e28c88634a3"
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0TC4iZAAAAAAjIag5uUM0Qq6JWNO1FPa+QU1TMDRFREdFMTkxMgBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0nQ4jZAAAAAD2Jv7QNqkdSZ7bhLs6wORZU1ZHMjBFREdFMDUxMwBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2
mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meCore.min.js
13.107.238.53200 OK 0 B URL HTTP/2 mem.gfx.ms/scripts/me/MeControl/10.23038.5/en-US/meCore.min.js
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /scripts/me/MeControl/10.23038.5/en-US/meCore.min.js HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
last-modified: Thu, 16 Feb 2023 20:57:48 GMT
etag: "1d9428c615427a1"
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0mFIiZAAAAACuGL56CXX/TIucxU+vJUIxQU1TMDRFREdFMTgxNgBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0nQ4jZAAAAAB8Xut/L9uQTZAtyzJwqXdPU1ZHMjBFREdFMDUxMwBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 28 Mar 2023 15:58:21 GMT
X-Firefox-Spdy: h2