acctcdn.msftauth.net/converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1
200 OK 18 kB URL GET HTTP/2 acctcdn.msftauth.net/converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type ASCII text, with very long lines (61169)
Hash 9c1139152aa7f4aa47e386654dcdd5a9
5ffc6a9e66220c6f829a8bd93eba584079852992
2518655800698c89ae0bbc34b3b362c13e558bcb3ea4bd6c2cf4bbcf9e87b927
GET /converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1 HTTP/1.1
Host: acctcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
Origin: https://ms-rev-proxy.wontless-maniform.workers.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 50728
cache-control: public, max-age=604800
content-md5: XlkY6UOibS5AN710GAdhEA==
content-type: text/css
date: Tue, 28 Nov 2023 02:47:25 GMT
etag: 0x8DBEF0A1A46A088
last-modified: Mon, 27 Nov 2023 05:31:27 GMT
server: ECAcc (ska/F68F)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: e463769f-b01e-0074-702f-21042e000000
x-ms-version: 2009-09-19
content-length: 17755
X-Firefox-Spdy: h2
acctcdn.msftauth.net/jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1
200 OK 5.6 kB URL GET HTTP/2 acctcdn.msftauth.net/jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type ASCII text, with very long lines (622)
Hash 865bb4b537e358915660db75599ad5aa
d9b87009f598335e5ffb7385ee6921031491e6c5
6475d6174947ecc39ac5182a69bd78193a13af57b3a53c1d2c34836e85f4d0bd
GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1
Host: acctcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
Origin: https://ms-rev-proxy.wontless-maniform.workers.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 451372
cache-control: public, max-age=604800
content-md5: tZ45+ZIcr8oUnrloW1H2Vg==
content-type: application/javascript
date: Tue, 28 Nov 2023 02:47:25 GMT
etag: 0x8DBEB1841A886BA
last-modified: Wed, 22 Nov 2023 05:02:41 GMT
server: ECAcc (ska/F6D3)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 8c4e5b71-e01e-0045-768a-1d0e3d000000
x-ms-version: 2009-09-19
content-length: 5564
X-Firefox-Spdy: h2
acctcdn.msftauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
200 OK 1.4 kB URL GET HTTP/2 acctcdn.msftauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators
Hash ee5c8d9fb6248c938fd0dc19370e90bd
d01a22720918b781338b5bbf9202b241a5f99ee4
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1
Host: acctcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 178587
cache-control: public, max-age=604800
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
content-type: image/svg+xml
date: Tue, 28 Nov 2023 02:47:25 GMT
etag: 0x8DBED72F17509C2
last-modified: Sat, 25 Nov 2023 04:56:53 GMT
server: ECAcc (ska/F751)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: d9f4cc70-c01e-007b-2a05-208d31000000
x-ms-version: 2009-09-19
content-length: 1435
X-Firefox-Spdy: h2
acctcdn.msftauth.net/lightweightsignuppackage_Nreg4WmMAZlCkur8WjjFhg2.js?v=1
200 OK 53 kB URL GET HTTP/2 acctcdn.msftauth.net/lightweightsignuppackage_Nreg4WmMAZlCkur8WjjFhg2.js?v=1
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type ASCII text, with very long lines (1593)
Hash 36b7a0e1698c01994292eafc5a38c586
ef6db7c9fd4ddf3e15e1d752bb6009d5381d3fe7
46d757345ba4c78ca451d14102117dcb1c7dfb326abac767d22e9a70028e9130
GET /lightweightsignuppackage_Nreg4WmMAZlCkur8WjjFhg2.js?v=1 HTTP/1.1
Host: acctcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
Origin: https://ms-rev-proxy.wontless-maniform.workers.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 548406
cache-control: public, max-age=604800
content-md5: 5wgfu35hJvuCXkuYX6MN0A==
content-type: application/javascript
date: Tue, 28 Nov 2023 02:47:25 GMT
etag: 0x8DBE6CBE6976DFC
last-modified: Thu, 16 Nov 2023 17:46:02 GMT
server: ECAcc (ska/F6ED)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 9371495c-e01e-0069-43a8-1c6b17000000
x-ms-version: 2009-09-19
content-length: 53291
X-Firefox-Spdy: h2
acctcdn.msftauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
200 OK 29 kB URL GET HTTP/2 acctcdn.msftauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type ASCII text, with very long lines (4786), with CRLF, LF line terminators
Hash 5f50584b68d931b8bb85f523f15baa14
faf4bd348f40016bce0abf54f167c7923b303abb
3c829dcf48768082a6177b77ae4e499337ed4c8bd056705cdb1e979f7b6efce5
GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1
Host: acctcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
Origin: https://ms-rev-proxy.wontless-maniform.workers.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 521767
cache-control: public, max-age=604800
content-md5: o3vbuPQYpAFMmawTk+WKWA==
content-type: application/javascript
date: Tue, 28 Nov 2023 02:47:25 GMT
etag: 0x8DBEA5970760862
last-modified: Tue, 21 Nov 2023 06:16:46 GMT
server: ECAcc (ska/F6BB)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: cc07f949-701e-00b8-32e6-1c7473000000
x-ms-version: 2009-09-19
content-length: 28582
X-Firefox-Spdy: h2
acctcdn.msftauth.net/lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1
200 OK 7.2 kB URL GET HTTP/2 acctcdn.msftauth.net/lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (28966)
Hash 81dc5422a6b78a3ace79fb819f08532a
69a71ee4e5f0d42e9c063e2779c94723e1a9b0f1
776221b564851dad676d3da0d257b589d03cf0de38e18379da0be3b83ff16dbd
GET /lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1 HTTP/1.1
Host: acctcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
Origin: https://ms-rev-proxy.wontless-maniform.workers.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 357825
cache-control: public, max-age=604800
content-md5: 4Ta/akFj3682LuM6XM4hQQ==
content-type: application/javascript
date: Tue, 28 Nov 2023 02:47:25 GMT
etag: 0x8DBEBE651118F1A
last-modified: Thu, 23 Nov 2023 05:37:43 GMT
server: ECAcc (ska/F7BA)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 02921456-601e-0071-4464-1e8324000000
x-ms-version: 2009-09-19
content-length: 7203
X-Firefox-Spdy: h2
acctcdn.msftauth.net/images/favicon.ico?v=2
200 OK 17 kB URL GET HTTP/2 acctcdn.msftauth.net/images/favicon.ico?v=2
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Hash 12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
GET /images/favicon.ico?v=2 HTTP/1.1
Host: acctcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 430360
cache-control: public, max-age=604800
content-md5: EuPayFgGHQiAI7K9SOL6lg==
content-type: image/x-icon
date: Tue, 28 Nov 2023 02:47:26 GMT
etag: 0x8DBEB183607F20F
last-modified: Wed, 22 Nov 2023 05:02:22 GMT
server: ECAcc (ska/F6F5)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: d91078e6-b01e-0058-39bb-1d6104000000
x-ms-version: 2009-09-19
content-length: 17174
X-Firefox-Spdy: h2
acctcdn.msftauth.net/oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1
200 OK 106 kB URL GET HTTP/2 acctcdn.msftauth.net/oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type ASCII text, with very long lines (54969), with CRLF, LF line terminators
Size 106 kB (105716 bytes)
Hash 302e6041fa5b4d48cbbbad2c402c14d7
66273c7a4d569c1c5e566d9bf15af4bae6beeb83
6202c1621c9126a5089e97e5c1f092c6ebd2271875015564cc73957fd5e8b758
GET /oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1 HTTP/1.1
Host: acctcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 33207
cache-control: public, max-age=604800
content-md5: aLM4Wm3/yNZOAZgyrMkY7Q==
content-type: application/javascript
date: Tue, 28 Nov 2023 02:47:26 GMT
etag: 0x8DBEF0A2C499085
last-modified: Mon, 27 Nov 2023 05:31:57 GMT
server: ECAcc (ska/F76B)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 383fabad-401e-00e7-1f57-219e5f000000
x-ms-version: 2009-09-19
content-length: 105716
X-Firefox-Spdy: h2
acctcdn.msftauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
200 OK 673 B URL GET HTTP/2 acctcdn.msftauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1864), with no line terminators
Hash bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1
Host: acctcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 592910
cache-control: public, max-age=604800
content-md5: DhdidjYrlCeaRJJRG/y9mA==
content-type: image/svg+xml
date: Tue, 28 Nov 2023 02:47:26 GMT
etag: 0x8DBE984F54A3C74
last-modified: Mon, 20 Nov 2023 04:55:46 GMT
server: ECAcc (ska/F753)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: fbf7d3cf-101e-0092-7340-1ceb55000000
x-ms-version: 2009-09-19
content-length: 673
X-Firefox-Spdy: h2
acctcdn.msftauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg
200 OK 179 B URL GET HTTP/2 acctcdn.msftauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with no line terminators
Hash 2974998c6b3220b65aa137f4b08f57f8
f4f08da689179de68ee40cd12ecdcc5ac54b3979
96d52bd03e244a44931a541a807067792d638dd29ec14a87a78f2be85d12d19a
GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1
Host: acctcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 38223
cache-control: public, max-age=604800
content-md5: 5h8LmH5/oEhH5cNR2+nY3g==
content-type: image/svg+xml
date: Tue, 28 Nov 2023 02:47:26 GMT
etag: 0x8DBEF0A2244B117
last-modified: Mon, 27 Nov 2023 05:31:40 GMT
server: ECAcc (ska/F74F)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 91770c1d-c01e-00ef-024c-21c64e000000
x-ms-version: 2009-09-19
content-length: 179
X-Firefox-Spdy: h2
acctcdn.msftauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
200 OK 3.5 kB URL GET HTTP/2 acctcdn.msftauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type ASCII text, with very long lines (746)
Hash 87effb0bb533c1d79f5c94fd9e30c14d
4e4f5f3cddddbfddb46a1626d7ce579a639de389
617e32ca57507098771fd30af6b9dcab063448f6d7e0bc6d6557dd1895f80543
GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1
Host: acctcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
Origin: https://ms-rev-proxy.wontless-maniform.workers.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1340
cache-control: public, max-age=604800
content-md5: GpB463eVzCq5vobQLSGoUw==
content-type: application/javascript
date: Tue, 28 Nov 2023 02:47:26 GMT
etag: 0x8DBEF0A1A3DD0D0
last-modified: Mon, 27 Nov 2023 05:31:27 GMT
server: ECAcc (ska/F744)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 090e6816-c01e-0013-06a2-219702000000
x-ms-version: 2009-09-19
content-length: 3505
X-Firefox-Spdy: h2
signup.live.com/API/ReportClientEvent
404 Not Found 1.2 kB URL OPTIONS HTTP/2 signup.live.com/API/ReportClientEvent
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerMicrosoft Corporation
Subjectaccount.live.com
Fingerprint7A:12:37:29:E7:F4:D6:DA:AA:3B:35:7C:CF:2A:69:DF:67:AC:CF:56
ValidityMon, 30 Oct 2023 19:55:11 GMT - Thu, 24 Oct 2024 19:55:11 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
OPTIONS /API/ReportClientEvent HTTP/1.1
Host: signup.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: canary,content-type,hpgid,scid,tcxt,uaid,uiflvr,x-ms-apitransport,x-ms-apiversion
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
Origin: https://ms-rev-proxy.wontless-maniform.workers.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
content-length: 1245
content-type: text/html
p3p: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
amserver: eusXXXXgn00005F
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 4CE6BDC31CC94D7EB2F2CD896AD0ED59 Ref B: OSL30EDGE0407 Ref C: 2023-11-28T02:47:27Z
date: Tue, 28 Nov 2023 02:47:27 GMT
X-Firefox-Spdy: h2
fpt.live.com/Images/Clear.PNG?ctx=jscb1.0&session_id=1a296bc49a534bae83c66462f464f915&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wJm9zPUxpbnV4IHg4Nl82NCZscHJvYz00OCZvbD10cnVlJnByb3N1Yj0yMDEwMDEwMSZvc2NwdT1MaW51eCB4ODZfNjQmZXZhbD0zNyZhcHB2PTUuMCAoWDExKSZscz1mYWxzZSZtdHA9MCZuYz00MSZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4MTAyNCZ0ej0wJmRzdD0wJnR6bz0wJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fdmxjX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2RldmFsdnIlM0RmYWxzZSUyNnBsdWdpbl9zdmdfdmlld2VyJTNEZmFsc2UlMjZwbHVnaW5famF2YSUzRGZhbHNlJmZoPTFlNTUwMTcyZmVkZmJiMDNhY2M1NGQ3N2RjNGFlZDMzJmZuPTgmZmRtPTAsODAwLDIyMDAwMDAwLDAsNDAsMCw4ODAyMCw4LDAsMCZsaD1odHRwcyUzQSUyRiUyRmZwdC5saXZlLmNvbSUyRiUzRnNlc3Npb25faWQlM0QxYTI5NmJjNDlhNTM0YmFlODNjNjY0NjJmNDY0ZjkxNSUyNkN1c3RvbWVySWQlM0QzM2UwMTkyMS00ZDY0LTRmOGMtYTA1NS01YmRhZmZkNWUzM2QlMjZQYWdlSWQlM0RTVSZkcj1odHRwcyUzQSUyRiUyRm1zLXJldi1wcm94eS53b250bGVzcy1tYW5pZm9ybS53b3JrZXJzLmRldiUyRiZ3PThEQkVGQkM1QkI5RjM2QyZpZD1kNGFmMWI0ZC02Mzg3LTdjYmItYjQzOS00OGM4ZmFhYjE0MmQmYT0=&PageId=SU&met=eyJmcGwiOjE3MDExMzk2NDc0ODYsImJydyI6IjEuMDAiLCJkaXMiOiIwLjAwIiwidG16IjoiMS4wMCIsImxhbiI6IjAuMDAiLCJzb2YiOiI0NjQuMDAiLCJleHQiOiIxLjAwIiwicHJiIjoiMjMuMDAiLCJHZXRDYW52YXNEYXRhIjoiMC4wMCIsInBsIjoxLCJmcCI6IjU2My4wMCJ9
200 OK 0 B URL GET HTTP/2 fpt.live.com/Images/Clear.PNG?ctx=jscb1.0&session_id=1a296bc49a534bae83c66462f464f915&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wJm9zPUxpbnV4IHg4Nl82NCZscHJvYz00OCZvbD10cnVlJnByb3N1Yj0yMDEwMDEwMSZvc2NwdT1MaW51eCB4ODZfNjQmZXZhbD0zNyZhcHB2PTUuMCAoWDExKSZscz1mYWxzZSZtdHA9MCZuYz00MSZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4MTAyNCZ0ej0wJmRzdD0wJnR6bz0wJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fdmxjX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2RldmFsdnIlM0RmYWxzZSUyNnBsdWdpbl9zdmdfdmlld2VyJTNEZmFsc2UlMjZwbHVnaW5famF2YSUzRGZhbHNlJmZoPTFlNTUwMTcyZmVkZmJiMDNhY2M1NGQ3N2RjNGFlZDMzJmZuPTgmZmRtPTAsODAwLDIyMDAwMDAwLDAsNDAsMCw4ODAyMCw4LDAsMCZsaD1odHRwcyUzQSUyRiUyRmZwdC5saXZlLmNvbSUyRiUzRnNlc3Npb25faWQlM0QxYTI5NmJjNDlhNTM0YmFlODNjNjY0NjJmNDY0ZjkxNSUyNkN1c3RvbWVySWQlM0QzM2UwMTkyMS00ZDY0LTRmOGMtYTA1NS01YmRhZmZkNWUzM2QlMjZQYWdlSWQlM0RTVSZkcj1odHRwcyUzQSUyRiUyRm1zLXJldi1wcm94eS53b250bGVzcy1tYW5pZm9ybS53b3JrZXJzLmRldiUyRiZ3PThEQkVGQkM1QkI5RjM2QyZpZD1kNGFmMWI0ZC02Mzg3LTdjYmItYjQzOS00OGM4ZmFhYjE0MmQmYT0=&PageId=SU&met=eyJmcGwiOjE3MDExMzk2NDc0ODYsImJydyI6IjEuMDAiLCJkaXMiOiIwLjAwIiwidG16IjoiMS4wMCIsImxhbiI6IjAuMDAiLCJzb2YiOiI0NjQuMDAiLCJleHQiOiIxLjAwIiwicHJiIjoiMjMuMDAiLCJHZXRDYW52YXNEYXRhIjoiMC4wMCIsInBsIjoxLCJmcCI6IjU2My4wMCJ9
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://fpt.live.com/?session_id=1a296bc49a534bae83c66462f464f915&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU
Certificate IssuerMicrosoft Corporation
Subjectfpt.microsoft.com
Fingerprint3F:B9:F2:C3:B2:76:96:86:68:0E:6B:DE:0F:C3:AE:F0:D6:4A:CF:AF
ValiditySun, 29 Oct 2023 09:56:08 GMT - Wed, 23 Oct 2024 09:56:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Images/Clear.PNG?ctx=jscb1.0&session_id=1a296bc49a534bae83c66462f464f915&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wJm9zPUxpbnV4IHg4Nl82NCZscHJvYz00OCZvbD10cnVlJnByb3N1Yj0yMDEwMDEwMSZvc2NwdT1MaW51eCB4ODZfNjQmZXZhbD0zNyZhcHB2PTUuMCAoWDExKSZscz1mYWxzZSZtdHA9MCZuYz00MSZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4MTAyNCZ0ej0wJmRzdD0wJnR6bz0wJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fdmxjX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2RldmFsdnIlM0RmYWxzZSUyNnBsdWdpbl9zdmdfdmlld2VyJTNEZmFsc2UlMjZwbHVnaW5famF2YSUzRGZhbHNlJmZoPTFlNTUwMTcyZmVkZmJiMDNhY2M1NGQ3N2RjNGFlZDMzJmZuPTgmZmRtPTAsODAwLDIyMDAwMDAwLDAsNDAsMCw4ODAyMCw4LDAsMCZsaD1odHRwcyUzQSUyRiUyRmZwdC5saXZlLmNvbSUyRiUzRnNlc3Npb25faWQlM0QxYTI5NmJjNDlhNTM0YmFlODNjNjY0NjJmNDY0ZjkxNSUyNkN1c3RvbWVySWQlM0QzM2UwMTkyMS00ZDY0LTRmOGMtYTA1NS01YmRhZmZkNWUzM2QlMjZQYWdlSWQlM0RTVSZkcj1odHRwcyUzQSUyRiUyRm1zLXJldi1wcm94eS53b250bGVzcy1tYW5pZm9ybS53b3JrZXJzLmRldiUyRiZ3PThEQkVGQkM1QkI5RjM2QyZpZD1kNGFmMWI0ZC02Mzg3LTdjYmItYjQzOS00OGM4ZmFhYjE0MmQmYT0=&PageId=SU&met=eyJmcGwiOjE3MDExMzk2NDc0ODYsImJydyI6IjEuMDAiLCJkaXMiOiIwLjAwIiwidG16IjoiMS4wMCIsImxhbiI6IjAuMDAiLCJzb2YiOiI0NjQuMDAiLCJleHQiOiIxLjAwIiwicHJiIjoiMjMuMDAiLCJHZXRDYW52YXNEYXRhIjoiMC4wMCIsInBsIjoxLCJmcCI6IjU2My4wMCJ9 HTTP/1.1
Host: fpt.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fpt.live.com/?session_id=1a296bc49a534bae83c66462f464f915&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
content-type: text/html
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-HTTPAPI/2.0
access-control-allow-origin: *
set-cookie: fptctx2=J2lVSzXLZLjGnFoFngsBvCYRbaL7dpB2PKZPmxyzcQXMsRfdc4ADgKQ6y0kkq8R91J3OkuuyufvKuzddwmD7snjir4Mogrz8ZQEhFFkDehQDdm6pOgswtt7sFQ2I1%252fYh6ok2s1I6tIhLy%252fgZYm6IMGEymk3HI0ubn4ZysXzrP%252f%252f7jQ9RNlFJOZIeHwqZe0o0fCIvdtiFLBhGxW1zzcnDySpiOpA2AyI2Gutkf8x1DMT7vB04eDLtcUduE7dvVw67puBYcjuEWzAmgGhDP%252bcEOIUHEDRrwotOkv6DffO9Nj0%253d; domain=.live.com; path=/; secure; samesite=lax; httponly
MUID=d4af1b4d63877cbbb43948c8faab142d; expires=Thu, 28 Nov 2024 02:47:28 GMT; domain=.live.com; path=/; secure; samesite=lax; httponly
date: Tue, 28 Nov 2023 02:47:27 GMT
X-Firefox-Spdy: h2
ms-rev-proxy.wontless-maniform.workers.dev/Resources/images/favicon.ico
0 B URL GET ms-rev-proxy.wontless-maniform.workers.dev/Resources/images/favicon.ico
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerGoogle Trust Services LLC
Subjectwontless-maniform.workers.dev
Fingerprint78:7F:A1:89:25:4D:05:E3:7C:77:9C:F8:AC:1B:7F:9A:F2:9A:A5:B1
ValidityWed, 01 Nov 2023 22:09:20 GMT - Tue, 30 Jan 2024 22:09:19 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert OpenPhish phishing Outlook
GET /Resources/images/favicon.ico HTTP/1.1
Host: ms-rev-proxy.wontless-maniform.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=1a296bc49a534bae83c66462f464f915&id=d4af1b4d-6387-7cbb-b439-48c8faab142d&w=8DBEFBC5BB9F36C&tkt=taBcrIH61PuCVH7eNCyH0I1otfYAPn9VOPY9aMX8tO09IB4IRyMGrqtX2RIo6jYgizjEacjB0DTx1ZzISwXxg0q7FmYOEK%252b7iPHoLRFcYnRXM3vCqioKJOg2w%252bDjI5mmQUcFysfpwCW5RpbG1WDTDAtDKBaLPJAPvxEmpKLe96QQbWcOv%252f6tIuhtm707s70TccIfXp8o7k4eLu5VpfYcflWucNJFddO0ryTt3xi6prdi1a6z3kv%252fQR4EaYOSj8rdehopBgiW9fI17tjbzb3yylILLy4RmEU7%252bQg7Y9OwvpGfLrmuC5HSSPd3hlILYYV3TcVkcq2EB%252bNWW79iCppjbg%253d%253d&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d
200 OK 2.7 kB URL GET HTTP/2 fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=1a296bc49a534bae83c66462f464f915&id=d4af1b4d-6387-7cbb-b439-48c8faab142d&w=8DBEFBC5BB9F36C&tkt=taBcrIH61PuCVH7eNCyH0I1otfYAPn9VOPY9aMX8tO09IB4IRyMGrqtX2RIo6jYgizjEacjB0DTx1ZzISwXxg0q7FmYOEK%252b7iPHoLRFcYnRXM3vCqioKJOg2w%252bDjI5mmQUcFysfpwCW5RpbG1WDTDAtDKBaLPJAPvxEmpKLe96QQbWcOv%252f6tIuhtm707s70TccIfXp8o7k4eLu5VpfYcflWucNJFddO0ryTt3xi6prdi1a6z3kv%252fQR4EaYOSj8rdehopBgiW9fI17tjbzb3yylILLy4RmEU7%252bQg7Y9OwvpGfLrmuC5HSSPd3hlILYYV3TcVkcq2EB%252bNWW79iCppjbg%253d%253d&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://fpt.live.com/?session_id=1a296bc49a534bae83c66462f464f915&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU
Certificate IssuerMicrosoft Corporation
Subjectfpt.microsoft.com
Fingerprint3F:B9:F2:C3:B2:76:96:86:68:0E:6B:DE:0F:C3:AE:F0:D6:4A:CF:AF
ValiditySun, 29 Oct 2023 09:56:08 GMT - Wed, 23 Oct 2024 09:56:08 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2904), with no line terminators
Hash 7781b702c60a0ba6b99d7a873a4ac28e
c86e045a74448ee57afc62dc1af271353cb9bd27
e31752a5a8bf18e5fb705b125b5e56081520d1082a5282fe7467939a5f0624f0
GET /Clear.HTML?ctx=Ls1.0&wl=False&session_id=1a296bc49a534bae83c66462f464f915&id=d4af1b4d-6387-7cbb-b439-48c8faab142d&w=8DBEFBC5BB9F36C&tkt=taBcrIH61PuCVH7eNCyH0I1otfYAPn9VOPY9aMX8tO09IB4IRyMGrqtX2RIo6jYgizjEacjB0DTx1ZzISwXxg0q7FmYOEK%252b7iPHoLRFcYnRXM3vCqioKJOg2w%252bDjI5mmQUcFysfpwCW5RpbG1WDTDAtDKBaLPJAPvxEmpKLe96QQbWcOv%252f6tIuhtm707s70TccIfXp8o7k4eLu5VpfYcflWucNJFddO0ryTt3xi6prdi1a6z3kv%252fQR4EaYOSj8rdehopBgiW9fI17tjbzb3yylILLy4RmEU7%252bQg7Y9OwvpGfLrmuC5HSSPd3hlILYYV3TcVkcq2EB%252bNWW79iCppjbg%253d%253d&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d HTTP/1.1
Host: fpt2.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fpt.live.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-encoding: gzip
set-cookie: MUID=d4af1b4d63877cbbb43948c8faab142d; expires=Thu, 28 Nov 2024 02:47:28 GMT; domain=.microsoft.com; path=/; secure; samesite=lax; httponly
vary: Accept-Encoding
server: Microsoft-HTTPAPI/2.0
access-control-allow-origin: *
date: Tue, 28 Nov 2023 02:47:27 GMT
X-Firefox-Spdy: h2
ms-rev-proxy.wontless-maniform.workers.dev/
200 OK 191 kB URL User Request GET HTTP/2 ms-rev-proxy.wontless-maniform.workers.dev/
IP
Certificate IssuerGoogle Trust Services LLC
Subjectwontless-maniform.workers.dev
Fingerprint78:7F:A1:89:25:4D:05:E3:7C:77:9C:F8:AC:1B:7F:9A:F2:9A:A5:B1
ValidityWed, 01 Nov 2023 22:09:20 GMT - Tue, 30 Jan 2024 22:09:19 GMT
Size 191 kB (190935 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert OpenPhish phishing Outlook
GET / HTTP/1.1
Host: ms-rev-proxy.wontless-maniform.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 28 Nov 2023 02:47:25 GMT
content-type: text/html; charset=utf-8
cf-ray: 82cf4935fef156bd-OSL
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: no-store
expires: -1
link: <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=dns-prefetch, <https://acctcdn.msauth.net>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net>; rel=dns-prefetch
set-cookie: amsc=qKrESOw8qSMGIxOD2lfBOF7bJ4WTFw1fHZXUUUdpOZXa2N85ajIMQ0De938xp4gXxhprnMDe5cUc8um5KfnCSTb964XoWpfzQfpLLJKgnv+U95EPft1V6ksgDNbhSzlUwKbwSEpFfANC/E8wdZPwoDG1OvqmzQsXaofsHjWECQgFiyG11/lte/bo+mQeKcwtQ7ioGbvM91uyKADGOYAcS+7ABVPtU5n+PoBsnKmSQyP34qW4sqTcRO5jneD1+4+LRvhfURYjyc/bLZRXX2NQ0LhLZSPn5P2wDgzcfURw8jk=:2:3c; domain=.live.com; path=/; secure; HttpOnly; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
access-control-allow-credentials: true
amserver: scuXXXXig00005N
p3p: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff
x-dns-prefetch-control: on
x-frame-options: deny
x-ms-amserver: scuXXXX005N (2.0.3120.0)
x-ms-amserver-tm: 109ms
x-ms-request-id: c26a0ad8-2e11-4997-aaf2-956a1fb31d2c
x-msedge-ref: Ref A: C26A0AD82E114997AAF2956A1FB31D2C Ref B: OSL30EDGE0511 Ref C: 2023-11-28T02:47:24Z
x-ua-compatible: IE=edge, chrome=1
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KMuDDfpC053Lq580WkrXg%2F6lqU6%2BfC7dRb7uJ1OdTn%2BN%2B8%2BBTOFd1wJa1heF1gSwdr0ahdRuE5vyAXZecFKEyIa9puiff%2F7egEvKrBHfXWSsV6%2BNn9ajKhfwE1ZY5qRKkyRGpvipMR%2B7FN%2BwLaqNiayhwkU7NdaG081MWfM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ms-rev-proxy.wontless-maniform.workers.dev/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
200 OK 1.9 kB URL GET HTTP/3 ms-rev-proxy.wontless-maniform.workers.dev/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerGoogle Trust Services LLC
Subjectwontless-maniform.workers.dev
Fingerprint78:7F:A1:89:25:4D:05:E3:7C:77:9C:F8:AC:1B:7F:9A:F2:9A:A5:B1
ValidityWed, 01 Nov 2023 22:09:20 GMT - Tue, 30 Jan 2024 22:09:19 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1982), with no line terminators
Hash 4b5c228b4faba433d06ec569ed855b2d
a7d3882b93e332460e7c59510a6a811ef011983f
eb19d76cd1fad39abf0f2778991883a5cf9ff560117ce8f7c64124e71471b4ed
Analyzer Verdict Alert OpenPhish phishing Outlook
GET /Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1
Host: ms-rev-proxy.wontless-maniform.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: MicrosoftApplicationsTelemetryDeviceId=7bec349c-0c45-4eff-b987-dbe4b2b01cea; clrc={%2219689%22%3a[%22d7PFy/1V%22%2c%22+VC+x0R6%22]}
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 28 Nov 2023 02:47:33 GMT
content-type: image/svg+xml
cf-ray: 82cf4973ad6256ab-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 7
cache-control: no-store
etag: W/"0640fe4913da1:0"
last-modified: Thu, 09 Nov 2023 20:19:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
access-control-allow-credentials: true
amserver: wusXXXXig00000M
p3p: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff
x-msedge-ref: Ref A: 2A579CE725584CDE8E61114C300785CE Ref B: OSL30EDGE0212 Ref C: 2023-11-28T02:47:26Z
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R3PD1PtV3mddA2Too3An7FbCacFc6Q6g3lL9ATpiFcioQYtLN%2BEm9L0ADgV%2BAKaTP6nnD7wSGkzX3Rp00wciTWPssJ1FjCwdXqHflP2fogiVgQ7okKSj2%2Bi0qwedUhfuXdFA1E3bJBa%2BIqNxM%2FW%2Brq6DzKKPpy6kRLOmvCw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
ms-rev-proxy.wontless-maniform.workers.dev/API/ClientEvents
200 OK 67 B URL POST HTTP/3 ms-rev-proxy.wontless-maniform.workers.dev/API/ClientEvents
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerGoogle Trust Services LLC
Subjectwontless-maniform.workers.dev
Fingerprint78:7F:A1:89:25:4D:05:E3:7C:77:9C:F8:AC:1B:7F:9A:F2:9A:A5:B1
ValidityWed, 01 Nov 2023 22:09:20 GMT - Tue, 30 Jan 2024 22:09:19 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 2426e038aae53f8b994e22fa261cfd26
3e347bd076470d974ee6a3d510457a3b6a11c45e
d4fe1821b11cfdac589957598cf8d690d2224ad49a6fa9f2eaae5082fd07f578
Analyzer Verdict Alert OpenPhish phishing Outlook
POST /API/ClientEvents HTTP/1.1
Host: ms-rev-proxy.wontless-maniform.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
hpgid: 200639
canary: LgGPayqQ9+M5LHN/5MHuyNltVNFtiBDMjIbBd9YKNniXRFzF6TyEbJnkTkN7n5ZZyfDIDgkKWR0Mg/70P9vBSC2bYAMsNe1WsgSOmdXRWC4KpJWndIighU7U9M+cGipHa6JezrcbjMvPfd9n+1g+Xyh5czVM06VKab6a4v3AqSfYeUNWgTCD/4O2jHNOvANepO/psle+8883eJ9swB+JW2tLWm+MQUx74Ocxnbl8Fr+5CSkPtbADK935Jyowo35d:2:3c
uaid: 1a296bc49a534bae83c66462f464f915
tcxt: oR9f6+i7id4AwEao5IunLJTCpt335tOx8aFVPrPfhwf32sD3/WLvY2+tvTjjgDAS2Sw7WuqfZN4DiddgYzg6vHQcwUKzRLmk8KutcizaeGpzjGPV3tXbhI7oBqDzyDApgDn8SjpK2gJC+Q9SHEyjVNbvPyT1Ju+NNukx1w/9rfXaENKcaVl7jaSgOsBRT9sYthkpgpkvJaMgTprxXktLKHK1kany8rD4Z3K1HeDfHwVQZ5FH5W5eA7B01MtnrID5fCP55tHp6vVPFy+260Qli+o+a9SpYO7mA2XF7bVZhK80jv6rMCLt5sjffvmA2OvVt/CCnkBE1HBbUo/ymVLMYrLb2hvBduv0A+ByIsIvSoq5R0L3PXRgIorUdTbGzkOqZaojjhdljbI3pk0tstaabDAn+mxn0qPOjOXwTJU+cyZQD6Z1HHT4dJGo5BD74199P6W5l18FWapCZvhfkE7DBiTgvGVu6L6HUCl1o5BmnbEL/QShpEUguAMQFNwsXWrIkjnhB67w4I9KVBgBD9o/3oP5uW1ZWZXNOTsGfWqC0ag=:2:3
x-ms-apiVersion: 3
x-ms-apiTransport: fetch
Content-Type: application/json; charset=utf-8
Content-Length: 8295
Origin: https://ms-rev-proxy.wontless-maniform.workers.dev
DNT: 1
Connection: keep-alive
Cookie: MicrosoftApplicationsTelemetryDeviceId=7bec349c-0c45-4eff-b987-dbe4b2b01cea
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 28 Nov 2023 02:47:27 GMT
content-type: application/json; charset=utf-8
cf-ray: 82cf49494ff956ab-OSL
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: no-store
expires: -1
set-cookie: amsc=2cAn7qkFRO3qMs13JCnKaB84WBZScYDvPPzdpO2aMjMOpsbdAMRx7WoAowOgCVcGSMnER8xg25w4noqUpW6AT2Tz3akEXpYv0nMx9A1BTp60AJ+6ixSmoggFGCIu8HUF8GypW758jgaRzwtlLPj5GFVeAbneBQHXLYF/JXE/3i6rA4fGSgdtnAazZtdd4Ny42nXMSS+9kvbTHavA+6iEwO5QXYkw+rBIbHXu+bREpGi1naA6YInIb+QLtyX9KuOw:2:3c; domain=.live.com; path=/; secure; HttpOnly; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-credentials: true
amserver: eusXXXXgn00000B
p3p: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff
x-frame-options: deny
x-ms-amserver: eusXXXX000B (2.0.3120.1)
x-ms-amserver-tm: 0ms
x-ms-request-id: 20d6fda3-63a4-4857-974f-b13dcb2d78dc
x-msedge-ref: Ref A: 20D6FDA363A44857974FB13DCB2D78DC Ref B: OSL30EDGE0413 Ref C: 2023-11-28T02:47:27Z
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4%2FZJ%2B9NICSDHsGptywgJ%2BY0cZCV2jjRsUywJ%2FewJuZ%2FmaGG3EvL4VWcFySMlqx2GZN%2B1EcPD9MCRrEu8tI2pHouWEPBl9n6fUI5p6QJdzgst%2FImbejvofPZga9DETVLB5MZ4OfaFamWQwUaaD0BPZjTUdEi7gMCu%2Fjef0U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
ms-rev-proxy.wontless-maniform.workers.dev/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
200 OK 3.7 kB URL GET HTTP/3 ms-rev-proxy.wontless-maniform.workers.dev/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerGoogle Trust Services LLC
Subjectwontless-maniform.workers.dev
Fingerprint78:7F:A1:89:25:4D:05:E3:7C:77:9C:F8:AC:1B:7F:9A:F2:9A:A5:B1
ValidityWed, 01 Nov 2023 22:09:20 GMT - Tue, 30 Jan 2024 22:09:19 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3695), with no line terminators
Hash d633a913e6f3b1f45774b9874dfc85e0
5ba1344048578062c93cfddfdf8458477eaca476
c1fbfbd9a81fc4d9c9539a65bdfb4c6738926b8d4681b0346706196413e92714
Analyzer Verdict Alert OpenPhish phishing Outlook
GET /Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1
Host: ms-rev-proxy.wontless-maniform.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 28 Nov 2023 02:47:26 GMT
content-type: image/svg+xml
cf-ray: 82cf4944bea856ab-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: no-store
etag: W/"0640fe4913da1:0"
last-modified: Thu, 09 Nov 2023 20:19:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
access-control-allow-credentials: true
amserver: scuXXXXig000005
p3p: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff
x-msedge-ref: Ref A: 7D7F53F94F3A4E06BAE27CD3B70859B4 Ref B: OSL30EDGE0411 Ref C: 2023-11-28T02:47:26Z
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BC%2BOzyNhop6XpowaL6s%2FGNtPlW5zD8SnesJLPJ6ReLfUF3JgRUD2y1FSKszuLKrZ1Bg9rxvcd%2F7usjCVsRdBsx1z5IQavCIdZGKp8qeKCmrf46rvx6rp3N1HkZciExz2vgw0fCf0x7mSBbB%2BbXm6EhrXlP%2FDMGfH6Tbkj0A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
fpt.live.com/?session_id=1a296bc49a534bae83c66462f464f915&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU
200 OK 26 kB URL GET HTTP/2 fpt.live.com/?session_id=1a296bc49a534bae83c66462f464f915&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerMicrosoft Corporation
Subjectfpt.microsoft.com
Fingerprint3F:B9:F2:C3:B2:76:96:86:68:0E:6B:DE:0F:C3:AE:F0:D6:4A:CF:AF
ValiditySun, 29 Oct 2023 09:56:08 GMT - Wed, 23 Oct 2024 09:56:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?session_id=1a296bc49a534bae83c66462f464f915&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU HTTP/1.1
Host: fpt.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-HTTPAPI/2.0
access-control-allow-origin: *
set-cookie: fptctx2=taBcrIH61PuCVH7eNCyH0I1otfYAPn9VOPY9aMX8tO09IB4IRyMGrqtX2RIo6jYgizjEacjB0DTx1ZzISwXxg0q7FmYOEK%252b7iPHoLRFcYnRXM3vCqioKJOg2w%252bDjI5mmQUcFysfpwCW5RpbG1WDTDAtDKBaLPJAPvxEmpKLe96QQbWcOv%252f6tIuhtm707s70TccIfXp8o7k4eLu5VpfYcflWucNJFddO0ryTt3xi6prdi1a6z3kv%252fQR4EaYOSj8rdehopBgiW9fI17tjbzb3yylILLy4RmEU7%252bQg7Y9OwvpGfLrmuC5HSSPd3hlILYYV3TcVkcq2EB%252bNWW79iCppjbg%253d%253d; domain=.live.com; path=/; secure; samesite=lax; httponly
MUID=ab4094be33da4878a12451f240bd4003; expires=Thu, 28 Nov 2024 02:47:27 GMT; domain=.live.com; path=/; secure; samesite=lax; httponly
date: Tue, 28 Nov 2023 02:47:26 GMT
X-Firefox-Spdy: h2
ms-rev-proxy.wontless-maniform.workers.dev/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
0 B URL GET ms-rev-proxy.wontless-maniform.workers.dev/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerGoogle Trust Services LLC
Subjectwontless-maniform.workers.dev
Fingerprint78:7F:A1:89:25:4D:05:E3:7C:77:9C:F8:AC:1B:7F:9A:F2:9A:A5:B1
ValidityWed, 01 Nov 2023 22:09:20 GMT - Tue, 30 Jan 2024 22:09:19 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert OpenPhish phishing Outlook
GET /Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1
Host: ms-rev-proxy.wontless-maniform.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
ms-rev-proxy.wontless-maniform.workers.dev/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
200 OK 3.7 kB URL GET HTTP/3 ms-rev-proxy.wontless-maniform.workers.dev/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerGoogle Trust Services LLC
Subjectwontless-maniform.workers.dev
Fingerprint78:7F:A1:89:25:4D:05:E3:7C:77:9C:F8:AC:1B:7F:9A:F2:9A:A5:B1
ValidityWed, 01 Nov 2023 22:09:20 GMT - Tue, 30 Jan 2024 22:09:19 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3695), with no line terminators
Hash d633a913e6f3b1f45774b9874dfc85e0
5ba1344048578062c93cfddfdf8458477eaca476
c1fbfbd9a81fc4d9c9539a65bdfb4c6738926b8d4681b0346706196413e92714
Analyzer Verdict Alert OpenPhish phishing Outlook
GET /Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1
Host: ms-rev-proxy.wontless-maniform.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: MicrosoftApplicationsTelemetryDeviceId=7bec349c-0c45-4eff-b987-dbe4b2b01cea
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 28 Nov 2023 02:47:33 GMT
content-type: image/svg+xml
cf-ray: 82cf49737d5856ab-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 7
cache-control: no-store
etag: W/"0640fe4913da1:0"
last-modified: Thu, 09 Nov 2023 20:19:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
access-control-allow-credentials: true
amserver: scuXXXXig000005
p3p: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff
x-msedge-ref: Ref A: 7D7F53F94F3A4E06BAE27CD3B70859B4 Ref B: OSL30EDGE0411 Ref C: 2023-11-28T02:47:26Z
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4tgEYsltPzjaCVnX5GPMkIQr9EVVlFFNiX2S7G8r%2FgT4bZg7MHEdBqwwxuoIdTZzq%2BwpweUrN7cHUeNekUUrJ0aZnu668gX5PhzR%2BfnEstQk2jqbGNICiOLGTu6qv2rGyEiZ7imNMeynL4pB0dM3lbY132wrDoJxPajZO9Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
ms-rev-proxy.wontless-maniform.workers.dev/Resources/images/favicon.ico
200 OK 17 kB URL GET HTTP/3 ms-rev-proxy.wontless-maniform.workers.dev/Resources/images/favicon.ico
IP
Requested by https://ms-rev-proxy.wontless-maniform.workers.dev/
Certificate IssuerGoogle Trust Services LLC
Subjectwontless-maniform.workers.dev
Fingerprint78:7F:A1:89:25:4D:05:E3:7C:77:9C:F8:AC:1B:7F:9A:F2:9A:A5:B1
ValidityWed, 01 Nov 2023 22:09:20 GMT - Tue, 30 Jan 2024 22:09:19 GMT
File type MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Hash 12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
Analyzer Verdict Alert OpenPhish phishing Outlook
GET /Resources/images/favicon.ico HTTP/1.1
Host: ms-rev-proxy.wontless-maniform.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ms-rev-proxy.wontless-maniform.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: MicrosoftApplicationsTelemetryDeviceId=7bec349c-0c45-4eff-b987-dbe4b2b01cea
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 28 Nov 2023 02:47:33 GMT
content-type: image/x-icon
cf-ray: 82cf49737d5a56ab-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 7
cache-control: no-store
etag: W/"0640fe4913da1:0"
last-modified: Thu, 09 Nov 2023 20:19:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
access-control-allow-credentials: true
amserver: wusXXXXig0000A5
p3p: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff
x-msedge-ref: Ref A: 808F5477447A4CCEA2C614B3C357CD64 Ref B: OSL30EDGE0212 Ref C: 2023-11-28T02:47:26Z
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQyIbnsB2sPm55MD7Aa3MYJOgUdjiBNmdYgNC%2FDPJkJpHhjgS0xq%2BaeZjJ8W96iZBFVu0%2FFjTgjCqIB1%2B03QUxOUZGc0icHT3P6mVrUEaaixZTp24KHJG1CyNbAgClhzlxuEApSA%2FU1hvKg1iHNScl3rJMQVaLtKAJaA9L8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
172.67.208.86
0.0.0.0
0.0.0.0