Report - crm.kia.com.au/CrmAu/link.asp?mode=7&msg_seq=5580&mem_seq=83822&msg_id=2021122410531132&msg_mem_id=0&respStart=2021-12-24&respEnd=2021-12-31&tktype=LINK_03&link_id=2021122410531132_3&redirectURL=http://derakh.vxx8na.badfolk.org/new/YWtoaWxzaW5naC5wYXRpbEB1YnMuY29t

Report Overview

Visitedpublic

2023-12-08 08:48:44

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
crm.kia.com.au	unknown	unknown	No data	No data	2.1 kB	2.0 kB	58.87.45.107
pub-d89e3188311c46f49978b9555d4c9596.r2.dev	unknown	2022-08-23	2023-07-11 08:36:29	2023-12-08 06:57:08	1.1 kB	131 kB	104.18.2.35
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-08 08:16:59	449 B	31 kB	151.101.130.137
www.office.com	2755	1999-04-20	2014-02-12 02:02:36	2023-12-08 02:26:00	1.2 kB	2.7 kB	13.107.6.156
aadcdn.msauth.net	1421	2018-10-25	2018-11-19 11:50:03	2023-12-07 18:13:05	9.1 kB	355 kB	13.107.246.53
smtpjs.com	309535	2016-01-30	2016-02-01 17:59:05	2023-12-08 06:57:08	435 B	1.2 kB	109.169.71.112
api.ipify.org	3267	2014-01-05	2014-10-06 14:38:43	2023-12-07 05:32:35	460 B	205 B	64.185.227.156
derakh.vxx8na.badfolk.org	unknown	unknown	No data	No data	477 B	543 B	103.68.166.129
login.microsoftonline.com	25	2002-07-09	2017-02-19 08:06:40	2019-07-18 10:58:27	4.0 kB	40 kB	20.190.177.83

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-08 08:48:37	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-12-08 08:48:37	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-12-08 08:48:37	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-12-08 08:48:38	low	Client IP	64.185.227.156	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-08	medium	pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html	Outlook
2023-12-08	medium	pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html	Outlook

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392	ScriptElement	11 kB	2024-08-20	2024-08-20
URL login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392 IP / ASN 20.190.177.83 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 11 kB (10895 bytes) MD5 f8371b94e7b0137341b826e08720d265 SHA1 932ecc0a4dc007e028d1cc566aaf5371be85bb68 SHA256 bfa3c557c6b6d014380cd7388f4e00dcb4d6c6cdb4f291c2e27bf109ed5421fb Format Code Loading...

	login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=UbQp9dISoHWqNK8njnC9NSHVVd30SHUqs1OZFJ80bbEUm7lED56LV65SB0hpv5md7geS2PZbNN8xjMVoZt12_WrSONiZkYXaWk2HrYdtWhzci6KxLgdrkSd8E60iJn5U&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0	ScriptElement	11 kB	2024-08-20	2024-08-20
URL login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=UbQp9dISoHWqNK8njnC9NSHVVd30SHUqs1OZFJ80bbEUm7lED56LV65SB0hpv5md7geS2PZbNN8xjMVoZt12_WrSONiZkYXaWk2HrYdtWhzci6KxLgdrkSd8E60iJn5U&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 IP / ASN 20.190.177.148 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 11 kB (11086 bytes) MD5 23a5170753482c5962244a39bfca76e2 SHA1 0b7b1084f1f4648a93a3a4941854fa089233f95f SHA256 f2559d66a7de2c6cf17a26c96b864b1950ec0f5fb68ead358ddf62acd15eddd3 Format Code Loading...

	login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0	ScriptElement	11 kB	2024-08-20	2024-08-20
URL login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 IP / ASN 20.190.177.83 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 11 kB (11086 bytes) MD5 bc03bfa273ec1000cce9cb2800a69145 SHA1 9260157c4522a9a0a856101ad5db06f2a0aff089 SHA256 1679c707242f09424cc8020e757838b6a766b1cf56b4e7d7f2e933786a6ba306 Format Code Loading...

	pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com	ScriptElement	3.2 kB	2023-12-08	2024-08-20
URL pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2023-12-08 Last Seen 2024-08-20 Times Seen 204 Size 3.2 kB (3237 bytes) MD5 118a77c10b3a777b9a88138683517a85 SHA1 8f54de183632e6368dec071cdd9f67b3b0438ff4 SHA256 32281321ec3e63999e67678d78727438d5e1dee8ce2769bdf374ca80dfd7f886 Format Code Loading...

	aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js	ScriptElement	120 kB	2023-03-08	2025-08-08
URL aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js IP / ASN 13.107.246.53 #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-08 Last Seen 2025-08-08 Times Seen 14146 Size 120 kB (119648 bytes) MD5 75cf78d0e38c65a538ad253ca9e48dbe SHA1 bf0452e4a42a9af3b69d5d8c3a3a0433f14921b6 SHA256 df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0 Format Code Loading...

	pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com	ScriptElement	235 B	2023-03-07	2025-05-08
URL pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-05-08 Times Seen 1518 Size 235 B (235 bytes) MD5 d5663ca14896beb4426cb2b7d4d1f91a SHA1 b13ce03a3f77e79bd161408887f4678d351efa02 SHA256 fe682d3a5bc92582598075d4fdce81ab9b112e785eaaf855f841f78f33dd3080 Format Code Loading...

	login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0	ScriptElement	12 kB	2023-06-14	2025-04-25
URL login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 IP / ASN 20.190.177.83 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2023-06-14 Last Seen 2025-04-25 Times Seen 11521 Size 12 kB (12281 bytes) MD5 bbcef4a154c1228c1c97c4ef01a30ada SHA1 23daa3a4d9b0a6310edd3882191ec6ab51ce6b4f SHA256 6fa6c39c879b2fb55cfd9d0258916c68b5f750ae42312f510e44a4451f06e272 Format Code Loading...

	login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0	ScriptElement	402 B	2023-03-26	2025-08-09
URL login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 IP / ASN 20.190.177.83 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-26 Last Seen 2025-08-09 Times Seen 59098 Size 402 B (402 bytes) MD5 87efd6715519349131af142156db73f5 SHA1 c97a4e521b65745b007efc70d310bc3d881592e7 SHA256 03bde50da68e75d14367644f9f52809af9b55dbba6c171ce2c7b93523cdc5578 Format Code Loading...

	aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js	ScriptElement	183 kB	2023-10-31	2024-09-20
URL aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js IP / ASN 13.107.246.53 #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded false Resource Info First Seen 2023-10-31 Last Seen 2024-09-20 Times Seen 1170 Size 183 kB (182930 bytes) MD5 be630e623d7ee30720abfe258d7e77f9 SHA1 28e1655eac90fc1f5a93f16366739ddfc9f04638 SHA256 87e738d94f83503f243a4544d7c78a6dadd01c261a6a58fa5085715652029ab9 Format Code Loading...

	smtpjs.com/v3/smtp.js	ScriptElement	868 B	2023-03-07	2025-08-09
URL smtpjs.com/v3/smtp.js IP / ASN 109.169.71.112 #20860 Iomart Cloud Services Limited Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-09 Times Seen 2110 Size 868 B (868 bytes) MD5 73572da03234fa6d561c64b59c152230 SHA1 5de5efc900b7eaf2b93b02f7c4c260fa938ef983 SHA256 1fd711cb491a361ef91e29c50de0680a4b156c0b34bb91e18570d0037263a776 Format Code Loading...

	login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0	ScriptElement	4.2 kB	2023-10-31	2025-06-26
URL login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 IP / ASN 20.190.177.83 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2023-10-31 Last Seen 2025-06-26 Times Seen 1176 Size 4.2 kB (4168 bytes) MD5 50eb9faffcfc4f56e8d5babbbd9cfe96 SHA1 f35f8ca2245390b09199e6f3aeb76480b2c540a0 SHA256 7ad506113198d4fdd9774dce119a61881bf39ffd1da7b92eec5b290c96a01a90 Format Code Loading...

	pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com	ScriptElement	0 B	0001-01-01	2025-08-09
URL pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-09 Times Seen 5738446 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0	ScriptElement	593 B	2023-10-31	2025-08-08
URL login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 IP / ASN 20.190.177.83 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2023-10-31 Last Seen 2025-08-08 Times Seen 1220 Size 593 B (593 bytes) MD5 130d91ea1e7ea7721687440cd741e93e SHA1 4883e88e0b99498d9cf23331dc9fee04b36a4162 SHA256 4db3ace66daacec4548d13dd8f9124459a2ba4dc539ca5ab03b725e0486a14e3 Format Code Loading...

	unknown	DomTimer	241 B	2023-10-31	2025-01-09
URL IP / ASN 0.0.0.0 #0 Introduced by DomTimer Embedded false Resource Info First Seen 2023-10-31 Last Seen 2025-01-09 Times Seen 1168 Size 241 B (241 bytes) MD5 5cb28f4fb234a13e4ef72986a4191561 SHA1 aadcaab83ba6a7bfcf718eecd4177595cc45c562 SHA256 f5b5b00c6360e697fd33fd27b2171e49a65a8b8c49b9ddc6107940cb607ac123 Format Code Loading...

	code.jquery.com/jquery-3.1.1.min.js	ScriptElement	87 kB	2023-03-07	2025-08-09
URL code.jquery.com/jquery-3.1.1.min.js IP / ASN 151.101.130.137 #54113 FASTLY Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-09 Times Seen 120524 Size 87 kB (86709 bytes) MD5 e071abda8fe61194711cfc2ab99fe104 SHA1 f647a6d37dc4ca055ced3cf64bbc1f490070acba SHA256 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Format Code Loading...

	login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=UbQp9dISoHWqNK8njnC9NSHVVd30SHUqs1OZFJ80bbEUm7lED56LV65SB0hpv5md7geS2PZbNN8xjMVoZt12_WrSONiZkYXaWk2HrYdtWhzci6KxLgdrkSd8E60iJn5U&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0	ScriptElement	106 B	2023-06-21	2025-08-08
URL login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=UbQp9dISoHWqNK8njnC9NSHVVd30SHUqs1OZFJ80bbEUm7lED56LV65SB0hpv5md7geS2PZbNN8xjMVoZt12_WrSONiZkYXaWk2HrYdtWhzci6KxLgdrkSd8E60iJn5U&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 IP / ASN 20.190.177.148 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2023-06-21 Last Seen 2025-08-08 Times Seen 1606 Size 106 B (106 bytes) MD5 b524b1297911a39f4a4d5165b932f781 SHA1 ab75fee67b6089f129830917a2e8c2fda6a23582 SHA256 7061d39ee40e8f7a47e5a0efb673e446080fbbfcbd38c4fdeaf37deb0c6df605 Format Code Loading...

	api.ipify.org/?format=jsonp&callback=getPublic	ScriptElement	33 B	2023-03-07	2025-06-22
URL api.ipify.org/?format=jsonp&callback=getPublic IP / ASN 64.185.227.156 #18450 WEBNX Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-06-22 Times Seen 1525 Size 33 B (33 bytes) MD5 b1fdb43145cf7c3f6f2a1370889232f1 SHA1 19cd287ba1ffae5908cf8d53d13abc302dac6f9c SHA256 9a751b74811a7c42413bc5109600706395ac8a8c057f7e6a55fc45b7ea41b191 Format Code Loading...

HTTP Transactions (31)

URL IP Response Size

58.87.45.107

444 B

URL HTTP

IP / ASN

58.87.45.107

#9524 AutoEverSystems Corp.

Requested byN/A

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (403)

First Seen2023-12-08

Last Seen2023-12-08

Times Seen1

Size444 B (444 bytes)

MD5095d87b04a5d89cf11c09300ff3dd9d8

SHA180a111b4553aec9581fcf4527763699ebd29bf91

SHA2565b707dbf3101fc931db281d8a1699c844466ea87fc3d46dc5e759879ac3aa2aa

HTTP Headers

GET /CrmAu/link.asp?mode=7&msg_seq=5580&mem_seq=83822&msg_id=2021122410531132&msg_mem_id=0&respStart=2021-12-24&respEnd=2021-12-31&tktype=LINK_03&link_id=2021122410531132_3&redirectURL=http://derakh.vxx8na.badfolk.org/new/YWtoaWxzaW5naC5wYXRpbEB1YnMuY29t HTTP/1.1
Host: crm.kia.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 444
Content-Type: text/html
Location: http://crm.kia.com.au/response/LinkManager.jsp?mode=7&msg_seq=5580&mem_seq=83822&msg_id=2021122410531132&msg_mem_id=0&respStart=2021-12-24&respEnd=2021-12-31&tktype=LINK_03&msgkey=84086&link_id=2021122410531132_3&redirectURL=http%3A%2F%2Fderakh%2Evxx8na%2Ebadfolk%2Eorg%2Fnew%2FYWtoaWxzaW5naC5wYXRpbEB1YnMuY29t
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDSSSBCABB=IMGEHBBBBNFLGHLLECGFBKPC; path=/
X-Powered-By: ASP.NET
Date: Fri, 08 Dec 2023 08:48:26 GMT

crm.kia.com.au/response/LinkManager.jsp?mode=7&msg_seq=5580&mem_seq=83822&msg_id=2021122410531132&msg_mem_id=0&respStart=2021-12-24&respEnd=2021-12-31&tktype=LINK_03&msgkey=84086&link_id=2021122410531132_3&redirectURL=http%3A%2F%2Fderakh%2Evxx8na%2Ebadfolk%2Eorg%2Fnew%2FYWtoaWxzaW5naC5wYXRpbEB1YnMuY29t

58.87.45.107

216 B

URL HTTP

IP / ASN

58.87.45.107

#9524 AutoEverSystems Corp.

Requested byN/A

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

First Seen2023-12-08

Last Seen2023-12-08

Times Seen1

Size216 B (216 bytes)

MD52a0e7650f47fae4d0c8f23ed46891b4c

SHA1133ca3453db89d7a91bee017dc7cc44b913b0699

SHA25690d97067a534084d0deeba383e6cc756bfc28625d112af657db4bd5787eb7dd3

HTTP Headers

GET /response/LinkManager.jsp?mode=7&msg_seq=5580&mem_seq=83822&msg_id=2021122410531132&msg_mem_id=0&respStart=2021-12-24&respEnd=2021-12-31&tktype=LINK_03&msgkey=84086&link_id=2021122410531132_3&redirectURL=http%3A%2F%2Fderakh%2Evxx8na%2Ebadfolk%2Eorg%2Fnew%2FYWtoaWxzaW5naC5wYXRpbEB1YnMuY29t HTTP/1.1
Host: crm.kia.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDSSSBCABB=IMGEHBBBBNFLGHLLECGFBKPC
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store
Pragma: no-cache
Content-Length: 216
Content-Type: text/html;charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 08 Dec 2023 08:48:27 GMT

crm.kia.com.au/favicon.ico

58.87.45.107

223 B

URL HTTP

crm.kia.com.au/favicon.ico

IP / ASN

58.87.45.107

#9524 AutoEverSystems Corp.

Requested byN/A

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text

First Seen2023-12-08

Last Seen2023-12-08

Times Seen59

Size223 B (223 bytes)

MD5c26b6e4e64672cf75b9c1ff69661700c

SHA16233c5bfb7a0d1fab692c1d77a697f973fb0830d

SHA256cbbc60ce1cde5da4933bfbb47e8e5b189c34eb6415a209783751197fb7d3b895

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: crm.kia.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://crm.kia.com.au/response/LinkManager.jsp?mode=7&msg_seq=5580&mem_seq=83822&msg_id=2021122410531132&msg_mem_id=0&respStart=2021-12-24&respEnd=2021-12-31&tktype=LINK_03&msgkey=84086&link_id=2021122410531132_3&redirectURL=http%3A%2F%2Fderakh%2Evxx8na%2Ebadfolk%2Eorg%2Fnew%2FYWtoaWxzaW5naC5wYXRpbEB1YnMuY29t
Cookie: ASPSESSIONIDSSSBCABB=IMGEHBBBBNFLGHLLECGFBKPC
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: https://crm.kia.com.au/crmAu/errStatus.htm
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 08 Dec 2023 08:48:27 GMT
Content-Length: 223

derakh.vxx8na.badfolk.org/new/YWtoaWxzaW5naC5wYXRpbEB1YnMuY29t

103.68.166.129

149 B

URL HTTP

derakh.vxx8na.badfolk.org/new/YWtoaWxzaW5naC5wYXRpbEB1YnMuY29t

IP / ASN

103.68.166.129

#38719 Dreamscape Networks Limited

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2023-12-08

Last Seen2023-12-08

Times Seen2

Size149 B (149 bytes)

MD5f7e820fa88d16e2ccdf9c24ba97494ae

SHA15cef1dafc4b2f7411b3c7d8c978d7ee1c6f64f6c

SHA2566ea00a280446eaf3ae2d858c4fcfbb4645191c3fc40c719dee0067175fedb491

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /new/YWtoaWxzaW5naC5wYXRpbEB1YnMuY29t HTTP/1.1
Host: derakh.vxx8na.badfolk.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://crm.kia.com.au/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Dec 2023 08:48:30 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 149
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=d6ceb4a4f848042e6b0ee72c077bf211; path=/
Upgrade: h2,h2c
Vary: Accept-Encoding
Content-Encoding: gzip

pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html

104.18.2.35

21 kB

URL HTTPS

pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html

IP / ASN

104.18.2.35

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (64651), with CRLF line terminators

First Seen2023-12-08

Last Seen2024-08-20

Times Seen204

Size21 kB (20709 bytes)

MD58c5882e6702c337ea109a2b96793c460

SHA11b0745a7643762bd368cbbade524875ee2ca30ae

SHA2560ecbd9ed32cb678b3bb835f54ccba95bca19042944952a3d94042d6a6ca68064

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /aas.html HTTP/1.1
Host: pub-d89e3188311c46f49978b9555d4c9596.r2.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://derakh.vxx8na.badfolk.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 08 Dec 2023 08:48:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"8c5882e6702c337ea109a2b96793c460"
Last-Modified: Fri, 08 Dec 2023 05:33:50 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8323bfee6a745687-OSL
Content-Encoding: gzip

GET code.jquery.com/jquery-3.1.1.min.js

151.101.130.137

200 OK

30 kB

URL GET HTTPS

code.jquery.com/jquery-3.1.1.min.js

IP / ASN

151.101.130.137

#54113 FASTLY

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeASCII text, with very long lines (32030)

First Seen2023-03-07

Last Seen2025-08-09

Times Seen120524

Size30 kB (30070 bytes)

MD5e071abda8fe61194711cfc2ab99fe104

SHA1f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA25685556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D

ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

HTTP Headers

GET /jquery-3.1.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 08 Dec 2023 08:48:30 GMT
age: 7224709
x-served-by: cache-lga21947-LGA, cache-bma1664-BMA
x-cache: HIT, HIT
x-cache-hits: 119, 54706
x-timer: S1702025311.958641,VS0,VE0
vary: Accept-Encoding
content-length: 30070
X-Firefox-Spdy: h2

GET www.office.com/estslogout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F

13.107.6.156

302 Found

0 B

URL GET HTTPS

www.office.com/estslogout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F

IP / ASN

13.107.6.156

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738446

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerMicrosoft Corporation

Subjectportal.office.com

FingerprintD1:DA:D6:CC:38:6B:DB:BB:03:27:D0:A9:DF:4F:CF:72:9E:E7:92:F4

ValidityMon, 04 Dec 2023 17:51:23 GMT - Thu, 28 Nov 2024 17:51:23 GMT

HTTP Headers

GET /estslogout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F HTTP/1.1
Host: www.office.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
location: https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0
vary: Accept-Encoding
set-cookie: OH.SID=2b15516e-5396-4b21-a281-d4d994638fae; path=/; secure; samesite=none; httponly
OH.DCAffinity=OH-noe; expires=Fri, 08 Dec 2023 16:48:31 GMT; path=/; secure; samesite=none; httponly
OH.FLID=d46d8672-6079-4b88-90e4-32d27efefb8c; expires=Sun, 08 Dec 2024 08:48:31 GMT; path=/; secure; samesite=none; httponly
MUID=19CFDFF46F306766299CCC156E3E66C8; path=/; secure; expires=Wed, 01-Jan-2025 08:48:31 GMT; domain=office.com
request-context: appId=
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge,chrome=1
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 0FC9511BAB334B168C33EAD65247B552 Ref B: SVG20EDGE0308 Ref C: 2023-12-08T08:48:31Z
date: Fri, 08 Dec 2023 08:48:30 GMT
content-length: 0
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

13.107.246.53

200 OK

673 B

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1864), with no line terminators

First Seen2023-04-12

Last Seen2025-08-09

Times Seen86359

Size673 B (673 bytes)

MD5bc3d32a696895f78c19df6c717586a5d

SHA19191cb156a30a3ed79c44c0a16c95159e8ff689d

SHA2560e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 673
content-type: image/svg+xml
content-encoding: gzip
content-md5: DhdidjYrlCeaRJJRG/y9mA==
last-modified: Thu, 13 Feb 2020 02:05:12 GMT
etag: 0x8D7B0292911C366
x-cache: TCP_HIT
x-ms-request-id: ed96d3ae-e01e-000d-74ab-26e868000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0kedtZQAAAACupD86JF1LQampgMI1tRAVQU1TMDRFREdFMTkxOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAACHbeGuNY/4SoyAQO1Ys95RU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:30 GMT
X-Firefox-Spdy: h2

GET www.office.com/estslogout?ru=/

13.107.6.156

302 Found

0 B

URL GET HTTPS

www.office.com/estslogout?ru=/

IP / ASN

13.107.6.156

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738446

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerMicrosoft Corporation

Subjectportal.office.com

FingerprintD1:DA:D6:CC:38:6B:DB:BB:03:27:D0:A9:DF:4F:CF:72:9E:E7:92:F4

ValidityMon, 04 Dec 2023 17:51:23 GMT - Thu, 28 Nov 2024 17:51:23 GMT

HTTP Headers

GET /estslogout?ru=/ HTTP/1.1
Host: www.office.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
location: https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=UbQp9dISoHWqNK8njnC9NSHVVd30SHUqs1OZFJ80bbEUm7lED56LV65SB0hpv5md7geS2PZbNN8xjMVoZt12_WrSONiZkYXaWk2HrYdtWhzci6KxLgdrkSd8E60iJn5U&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0
vary: Accept-Encoding
set-cookie: OH.SID=4957e1ef-eb3f-4af3-a84c-629fdbabdce4; path=/; secure; samesite=none; httponly
OH.DCAffinity=OH-noe; expires=Fri, 08 Dec 2023 16:48:31 GMT; path=/; secure; samesite=none; httponly
OH.FLID=14c7fcf9-e37b-4eb1-98b8-58ecef2f94a5; expires=Sun, 08 Dec 2024 08:48:31 GMT; path=/; secure; samesite=none; httponly
MUID=27D3A9DFF05D69211199BA3EF15368FC; path=/; secure; expires=Wed, 01-Jan-2025 08:48:31 GMT; domain=office.com
request-context: appId=
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge,chrome=1
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 6EF08618A91E495AB50B4240311AECC8 Ref B: SVG20EDGE0308 Ref C: 2023-12-08T08:48:31Z
date: Fri, 08 Dec 2023 08:48:30 GMT
content-length: 0
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png

13.107.246.53

200 OK

240 B

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typePNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-04-27

Last Seen2025-08-09

Times Seen12115

Size240 B (240 bytes)

MD57cc096da6aa2dba3f81fcc1c8262157c

SHA1a50776316f0220ed7cd7882a68c742a8861c999d

SHA256ab50358475adae73a435466c72d1a48ab124e8ae06614663716a46dce5ac8b83

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
content-length: 240
content-type: image/png
content-md5: fMCW2mqi26P4H8wcgmIVfA==
last-modified: Fri, 02 Nov 2018 20:25:10 GMT
etag: 0x8D64101494D74DC
x-cache: TCP_HIT
x-ms-request-id: 92018a62-801e-000b-1e7e-251264000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0kedtZQAAAABCMc/HGzVeSJRo0ikq9R++QU1TMDRFREdFMTgxNgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAAB+zR/TYjC1S49foQW/Osg3U1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:30 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9.png

13.107.246.53

200 OK

1.1 kB

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9.png

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-04-10

Last Seen2025-08-08

Times Seen3304

Size1.1 kB (1057 bytes)

MD5ed9c9eb0dce17d752bedea6b5acda6d9

SHA1eca56c4904354eed5da0debcd6bd66856ab4784d

SHA256f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
content-length: 1057
content-type: image/png
content-md5: 7ZyesNzhfXUr7eprWs2m2Q==
last-modified: Fri, 02 Nov 2018 20:25:31 GMT
etag: 0x8D641015620C409
x-cache: TCP_HIT
x-ms-request-id: 0913678a-d01e-0016-1a09-297d5d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0NLByZQAAAAB+itJCws8PRYkJqNidBC0qQU1TMDRFREdFMTgxNAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAADB/6dhrW2pRapKXTtj3KOkU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:30 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_0ad43084800fd8b50a2576b5173746fe.png

13.107.246.53

200 OK

207 B

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_0ad43084800fd8b50a2576b5173746fe.png

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-05-10

Last Seen2025-08-08

Times Seen1597

Size207 B (207 bytes)

MD50ad43084800fd8b50a2576b5173746fe

SHA197c08e6062ff37f6e7a6c65e94d693ccc9ccd443

SHA2562c03ee38a4eba6a047c3a5bacb3eb461efe14be8acd46ae772350a4dea2f0175

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/images/ellipsis_white_0ad43084800fd8b50a2576b5173746fe.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
content-length: 207
content-type: image/png
content-md5: CtQwhIAP2LUKJXa1FzdG/g==
last-modified: Fri, 02 Nov 2018 20:25:24 GMT
etag: 0x8D6410151EBB082
x-cache: TCP_HIT
x-ms-request-id: e6429557-501e-0022-639b-29f044000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0NLByZQAAAAAE+SaD4MsTSJ+4LiDr4R8VQU1TMDRFREdFMTkxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAABbjZZjx+GLQ6P4I3lYrXEgU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:30 GMT
X-Firefox-Spdy: h2

GET login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

20.190.177.83

200 OK

11 kB

URL GET HTTPS

IP / ASN

20.190.177.83

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10875), with CRLF, LF line terminators

First Seen2023-12-08

Last Seen2023-12-08

Times Seen1

Size11 kB (11159 bytes)

MD5c77dab296609e227bcb9d3671c3b9dad

SHA116754d1f6f97259fbb93b02567f56851421be597

SHA256e2f4a41c4d957f6e86949f3d7b2bec2dfb1c526e5070aa788bc34daec1d16365

Certificate Info

IssuerDigiCert Inc

Subjectstamp2.login.microsoftonline.com

Fingerprint2E:B3:86:45:AB:31:92:6E:11:85:D8:B1:22:CC:4C:E3:41:D7:48:04

ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 21 Nov 2024 23:59:59 GMT

HTTP Headers

GET /logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msauth.net>; rel=dns-prefetch, <https://aadcdn.msftauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 4381ec4c-aedf-4acf-b9cf-8a9747764300
x-ms-ests-server: 2.1.16919.4 - FRC ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: SignInStateCookie=CAgABAAIAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P9zXLn7CSe-g15F5t2a5ehOLi3b_cRPEnALUrKZsP6MhNfQsTexOjFDQ0vobtstH_surDYqClCarA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSSSOTILES=1; expires=Thu, 08-Dec-2033 08:48:31 GMT; path=/; secure; SameSite=None
AADSSOTILES=1; expires=Thu, 08-Dec-2033 08:48:31 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHPERSISTENT=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_IR2KXa8a58lQNO_rW5gZK7guSp8qB8L0gpLfzA20LzscM-Q3vpAMGEQ6kbT2D_SO5eXK7XCzf3Q; domain=.login.microsoftonline.com; expires=Thu, 07-Mar-2024 08:48:31 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTH=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P9CeA30nYaRltOxgZpJ_8kqdT2Y9E5S18jYqnAxwe3_fVFy-6vkoS9626r7tRXcA5Mf17lCMk3vBg; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHLIGHT=+; path=/; secure; SameSite=None
buid=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-f81TLAS9wgupOvbJAAsH0MS0uxFjkKc4A5Iy90j6Vze7FrTYM6_WfO8ek1xqhx3zPfBwXLGUH6swaabDYxa93OEBrwGSodlD6KAqUZ6FTGQgAA; expires=Sun, 07-Jan-2024 08:48:31 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=Aq3TlcUPzv9Lgqvu24X1-Eo; expires=Sun, 07-Jan-2024 08:48:31 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-IUJtScsSDPcwpMLC-zKbWfg8BVEzQxFJLCFQySGLVhN6NTXa8-f8tYxJo1HwbWj0n86ARArDZEZBaGelXGhaWDWa4l01ENbSZATzDJ3izZjXJYzlxZiM9Cv5JMRo9wZ0bsqJvjrRJRAogBTgze9dExJiOmvPH_vX0WSA9GcdgXIgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Fri, 08 Dec 2023 08:48:30 GMT
Content-Length: 11159

GET smtpjs.com/v3/smtp.js

109.169.71.112

200 OK

871 B

URL GET HTTPS

smtpjs.com/v3/smtp.js

IP / ASN

109.169.71.112

#20860 Iomart Cloud Services Limited

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeUnicode text, UTF-8 (with BOM) text, with very long lines (841), with CRLF line terminators

First Seen2023-04-05

Last Seen2025-03-01

Times Seen1896

Size871 B (871 bytes)

MD53834e1b9e65ca954b7479464ea1e5118

SHA1437df45dbf59c3a3414236f44e3bcd5045bfe314

SHA256fc33c6b2c79aafa930e841962ae3c25bf8f56cbc20ec48fc2b0ddd0aa6ee23b6

Certificate Info

IssuerLet's Encrypt

Subjectsmtpjs.com

Fingerprint80:11:F5:EE:07:C3:FF:C6:7A:51:CC:25:CE:9E:03:8D:A4:6E:65:81

ValiditySat, 11 Nov 2023 02:15:38 GMT - Fri, 09 Feb 2024 02:15:37 GMT

HTTP Headers

GET /v3/smtp.js HTTP/1.1
Host: smtpjs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 10 Nov 2020 17:17:51 GMT
accept-ranges: bytes
etag: "162f436b85b7d61:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Fri, 08 Dec 2023 08:48:30 GMT
content-length: 871
X-Firefox-Spdy: h2

GET login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0

20.190.177.83

200 OK

11 kB

URL GET HTTPS

login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0

IP / ASN

20.190.177.83

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

First Seen2023-12-08

Last Seen2023-12-08

Times Seen1

Size11 kB (11304 bytes)

MD5a911fb2677b4ffe70f937d9235d13464

SHA1f3a3c393e5893b2491537e4ce35b6a39b138a3dc

SHA2563e5b174e786399a1c1a165e4a9123a306c7313c3c6368c447678e702aeffc47f

Certificate Info

IssuerDigiCert Inc

Subjectstamp2.login.microsoftonline.com

Fingerprint2E:B3:86:45:AB:31:92:6E:11:85:D8:B1:22:CC:4C:E3:41:D7:48:04

ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 21 Nov 2024 23:59:59 GMT

HTTP Headers

GET /common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
DNT: 1
Connection: keep-alive
Cookie: SignInStateCookie=CAgABAAIAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P9zXLn7CSe-g15F5t2a5ehOLi3b_cRPEnALUrKZsP6MhNfQsTexOjFDQ0vobtstH_surDYqClCarA; ESTSSSOTILES=1; AADSSOTILES=1; ESTSAUTHPERSISTENT=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_IR2KXa8a58lQNO_rW5gZK7guSp8qB8L0gpLfzA20LzscM-Q3vpAMGEQ6kbT2D_SO5eXK7XCzf3Q; ESTSAUTH=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P9CeA30nYaRltOxgZpJ_8kqdT2Y9E5S18jYqnAxwe3_fVFy-6vkoS9626r7tRXcA5Mf17lCMk3vBg; ESTSAUTHLIGHT=+; buid=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-f81TLAS9wgupOvbJAAsH0MS0uxFjkKc4A5Iy90j6Vze7FrTYM6_WfO8ek1xqhx3zPfBwXLGUH6swaabDYxa93OEBrwGSodlD6KAqUZ6FTGQgAA; fpc=Aq3TlcUPzv9Lgqvu24X1-Eo; esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-IUJtScsSDPcwpMLC-zKbWfg8BVEzQxFJLCFQySGLVhN6NTXa8-f8tYxJo1HwbWj0n86ARArDZEZBaGelXGhaWDWa4l01ENbSZATzDJ3izZjXJYzlxZiM9Cv5JMRo9wZ0bsqJvjrRJRAogBTgze9dExJiOmvPH_vX0WSA9GcdgXIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msauth.net>; rel=dns-prefetch, <https://aadcdn.msftauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: a7366bd0-31ec-4ec5-9f9e-d5c41b672a00
x-ms-ests-server: 2.1.16878.5 - NEULR1 ProdSlices
x-ms-clitelem: 1,0,0,,
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: SignInStateCookie=CAgABAAIAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_Smw9Io5xdUZVw39Ioc2Nv81V4LEwIIdAPmCW36vCSYjzYfmocDv2Cw67h8-9Si7Rd8rOlOuzCEg; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSSSOTILES=1; expires=Thu, 08-Dec-2033 08:48:31 GMT; path=/; secure; SameSite=None
AADSSOTILES=1; expires=Thu, 08-Dec-2033 08:48:31 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHPERSISTENT=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_l0P5tXGETw0vXxRGLxEApxeV-R9oWJu8BLsvJrrm8tMXapH2CkCzJ2pWItXu_9KLMlKuwTMIGBA; domain=.login.microsoftonline.com; expires=Thu, 07-Mar-2024 08:48:31 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTH=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P-fckLk61ZLQPHeWQ-07PA0aDWnVOPX4JCBWtFdkRsd6SQoCXiMac7uxGVhqXFkE8pM3zu8G61ZSA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHLIGHT=+; path=/; secure; SameSite=None
buid=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-x6bnvU4yozdXOXXb4VPOtvWHhLslfYjk61Q3RDeOEbCoD4oATyNEHOsnzlQhqM1ClPoOVpTukSC6WA4LP5dw68HiKJtwBgjDoIy44YeG2WwgAA; expires=Sun, 07-Jan-2024 08:48:31 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=Aq3TlcUPzv9Lgqvu24X1-Eo; expires=Sun, 07-Jan-2024 08:48:31 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Fri, 08 Dec 2023 08:48:30 GMT
Content-Length: 11304

GET aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css

13.107.246.53

200 OK

20 kB

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

Resource Info

File typeASCII text, with very long lines (61177)

First Seen2023-12-08

Last Seen2024-08-20

Times Seen1467

Size20 kB (20226 bytes)

MD5087cbf41bea0d506c90719671b6cad21

SHA16b937c0788b61572a829dfba228814b957350cce

SHA2565e47dd51ca94efccd58f4a7dc95a51744493292586fbe031e78f72508f0f4f89

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 20226
content-type: text/css
content-encoding: gzip
content-md5: cclsNwaya3AD0ci2cGBnrw==
last-modified: Fri, 17 Nov 2023 00:24:07 GMT
etag: 0x8DBE703830C8407
x-cache: TCP_HIT
x-ms-request-id: 2a4863a5-f01e-0050-02d8-285440000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0F5lyZQAAAAD2p1cl6S9MTaetY/glkE2NQU1TMDRFREdFMTgwOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAAD2iRU9gs4CQbY4lK6UyRxjU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:31 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

13.107.246.53

200 OK

40 kB

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=heHTdMfqvyzNRGKHd-4dOYgQH3vgmjtEgCoFESUonHTTs5-m5Gnqte3Vn1pPccYOXc-wiPH7HNRyI_UlsXZMK8TkIR5ICT8qIyXNwP2vOaf1MaH3WTfXR7QpKjIRUKZF&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0

Resource Info

File typeASCII text, with very long lines (65450), with CRLF line terminators

First Seen2023-03-08

Last Seen2025-08-08

Times Seen14146

Size40 kB (40454 bytes)

MD575cf78d0e38c65a538ad253ca9e48dbe

SHA1bf0452e4a42a9af3b69d5d8c3a3a0433f14921b6

SHA256df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 40454
content-type: application/x-javascript
content-encoding: gzip
content-md5: HWW92uTq7vx3y5z+zFZbXQ==
last-modified: Fri, 26 Feb 2021 06:12:05 GMT
etag: 0x8D8DA1D70FBDD97
x-cache: TCP_HIT
x-ms-request-id: 11c0ec53-801e-000b-2ce7-281264000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0XfFxZQAAAAB65HopnG3xRooFyS7YaZakQU1TMDRFREdFMTkxOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAADD2qwt5qbUS54oilc9r3VUU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:31 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js

13.107.246.53

200 OK

45 kB

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=UbQp9dISoHWqNK8njnC9NSHVVd30SHUqs1OZFJ80bbEUm7lED56LV65SB0hpv5md7geS2PZbNN8xjMVoZt12_WrSONiZkYXaWk2HrYdtWhzci6KxLgdrkSd8E60iJn5U&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0

Resource Info

File typeASCII text, with very long lines (778)

First Seen2023-10-31

Last Seen2024-09-20

Times Seen1170

Size45 kB (44809 bytes)

MD5be630e623d7ee30720abfe258d7e77f9

SHA128e1655eac90fc1f5a93f16366739ddfc9f04638

SHA25687e738d94f83503f243a4544d7c78a6dadd01c261a6a58fa5085715652029ab9

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 44809
content-type: application/x-javascript
content-encoding: gzip
content-md5: gkCQOa5xTExKUB2dlzn2rA==
last-modified: Thu, 12 Oct 2023 21:23:59 GMT
etag: 0x8DBCB698CEF3B25
x-cache: TCP_HIT
x-ms-request-id: 7a11d444-f01e-0028-2510-24fe51000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0kS5tZQAAAAA12l9WOtjLS4LIdVftErHVQU1TMDRFREdFMTgxNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAABd85oWQeWGQJQxAxb6RVrhU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:31 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png

13.107.246.53

200 OK

1.1 kB

URL GET HTTPS

aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

Resource Info

File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-04-10

Last Seen2025-08-08

Times Seen3304

Size1.1 kB (1057 bytes)

MD5ed9c9eb0dce17d752bedea6b5acda6d9

SHA1eca56c4904354eed5da0debcd6bd66856ab4784d

SHA256f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 1057
content-type: image/png
content-md5: 7ZyesNzhfXUr7eprWs2m2Q==
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F48FD7E08
x-cache: TCP_HIT
x-ms-request-id: 182c2558-001e-003f-22de-249f7d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0MWVvZQAAAAAkkqpQzfpITL0Xzx7v0fWOQU1TMDRFREdFMTkxOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAAADYGyqnxObTr+0yb1d5wLBU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:31 GMT
X-Firefox-Spdy: h2

GET login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=UbQp9dISoHWqNK8njnC9NSHVVd30SHUqs1OZFJ80bbEUm7lED56LV65SB0hpv5md7geS2PZbNN8xjMVoZt12_WrSONiZkYXaWk2HrYdtWhzci6KxLgdrkSd8E60iJn5U&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0

20.190.177.148

200 OK

11 kB

URL GET HTTPS

login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=UbQp9dISoHWqNK8njnC9NSHVVd30SHUqs1OZFJ80bbEUm7lED56LV65SB0hpv5md7geS2PZbNN8xjMVoZt12_WrSONiZkYXaWk2HrYdtWhzci6KxLgdrkSd8E60iJn5U&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0

IP / ASN

20.190.177.148

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

First Seen2023-12-08

Last Seen2023-12-08

Times Seen1

Size11 kB (11309 bytes)

MD5316873aa89f9b153da94768091237689

SHA1a55ad5ce5357bbcf54f6ccdec9a1781f6884bcec

SHA256ba89c0e5895e253644850eebe2220128c10eef172c6e8d05a3c09a597558733d

Certificate Info

IssuerDigiCert Inc

Subjectstamp2.login.microsoftonline.com

Fingerprint2E:B3:86:45:AB:31:92:6E:11:85:D8:B1:22:CC:4C:E3:41:D7:48:04

ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 21 Nov 2024 23:59:59 GMT

HTTP Headers

GET /common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=UbQp9dISoHWqNK8njnC9NSHVVd30SHUqs1OZFJ80bbEUm7lED56LV65SB0hpv5md7geS2PZbNN8xjMVoZt12_WrSONiZkYXaWk2HrYdtWhzci6KxLgdrkSd8E60iJn5U&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
DNT: 1
Connection: keep-alive
Cookie: SignInStateCookie=CAgABAAIAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P9zXLn7CSe-g15F5t2a5ehOLi3b_cRPEnALUrKZsP6MhNfQsTexOjFDQ0vobtstH_surDYqClCarA; ESTSSSOTILES=1; AADSSOTILES=1; ESTSAUTHPERSISTENT=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_IR2KXa8a58lQNO_rW5gZK7guSp8qB8L0gpLfzA20LzscM-Q3vpAMGEQ6kbT2D_SO5eXK7XCzf3Q; ESTSAUTH=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P9CeA30nYaRltOxgZpJ_8kqdT2Y9E5S18jYqnAxwe3_fVFy-6vkoS9626r7tRXcA5Mf17lCMk3vBg; ESTSAUTHLIGHT=+; buid=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-f81TLAS9wgupOvbJAAsH0MS0uxFjkKc4A5Iy90j6Vze7FrTYM6_WfO8ek1xqhx3zPfBwXLGUH6swaabDYxa93OEBrwGSodlD6KAqUZ6FTGQgAA; fpc=Aq3TlcUPzv9Lgqvu24X1-Eo; esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-IUJtScsSDPcwpMLC-zKbWfg8BVEzQxFJLCFQySGLVhN6NTXa8-f8tYxJo1HwbWj0n86ARArDZEZBaGelXGhaWDWa4l01ENbSZATzDJ3izZjXJYzlxZiM9Cv5JMRo9wZ0bsqJvjrRJRAogBTgze9dExJiOmvPH_vX0WSA9GcdgXIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msauth.net>; rel=dns-prefetch, <https://aadcdn.msftauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: c3f3eddc-b4fb-4498-ba4f-fa8040d30a00
x-ms-ests-server: 2.1.16919.4 - WEULR1 ProdSlices
x-ms-clitelem: 1,0,0,,
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: SignInStateCookie=CAgABAAIAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P9OdHzQzHVhtvoudUZs2ZzySsr9clFSO-pPpf63q2m1wLVjFRAM0LLhbnBE6LEGpr3OaF_TQKpNKw; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSSSOTILES=1; expires=Thu, 08-Dec-2033 08:48:31 GMT; path=/; secure; SameSite=None
AADSSOTILES=1; expires=Thu, 08-Dec-2033 08:48:31 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHPERSISTENT=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P-Zs-ZtaYsiQoTFwt1UFbtqELt9hj2sw6vxMm9UfWbwqS0eyICcRbS_EUgT0QTUIet_shsfv24tdQ; domain=.login.microsoftonline.com; expires=Thu, 07-Mar-2024 08:48:31 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTH=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P-LXuAt7qo57fsqfVLkj0WGXCWckkxDPmjjw6XU3tLAqQgWbkAdUfzH8D89j96XI8_NK6CMcGTO6Q; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHLIGHT=+; path=/; secure; SameSite=None
buid=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-GekrgQFsqHaxF15EZ09m5vVNU5vYJyKTfHaVnKS4MOW2kl3KG8WOcJEMQxJpfdTdDrH8q_BYx-rt2eE1bDGWtdbxtfHnHD5O3urPWixdW5IgAA; expires=Sun, 07-Jan-2024 08:48:31 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=Aq3TlcUPzv9Lgqvu24X1-Eo; expires=Sun, 07-Jan-2024 08:48:31 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Fri, 08 Dec 2023 08:48:31 GMT
Content-Length: 11309

GET api.ipify.org/?format=jsonp&callback=getPublic

64.185.227.156

200 OK

33 B

URL GET HTTPS

api.ipify.org/?format=jsonp&callback=getPublic

IP / ASN

64.185.227.156

#18450 WEBNX

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeASCII text, with no line terminators

First Seen2023-03-07

Last Seen2025-06-22

Times Seen1525

Size33 B (33 bytes)

MD5b1fdb43145cf7c3f6f2a1370889232f1

SHA119cd287ba1ffae5908cf8d53d13abc302dac6f9c

SHA2569a751b74811a7c42413bc5109600706395ac8a8c057f7e6a55fc45b7ea41b191

Certificate Info

IssuerSectigo Limited

Subject*.ipify.org

FingerprintF4:76:2D:2C:65:D1:15:BE:19:A4:C5:E0:8D:EB:89:1A:B6:75:4A:54

ValidityTue, 07 Feb 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

HTTP Headers

GET /?format=jsonp&callback=getPublic HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.1
Date: Fri, 08 Dec 2023 08:48:31 GMT
Content-Type: application/javascript
Content-Length: 33
Connection: keep-alive
Vary: Origin

GET aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

13.107.246.53

200 OK

17 kB

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeMS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data

First Seen2023-04-05

Last Seen2025-08-08

Times Seen156846

Size17 kB (17174 bytes)

MD512e3dac858061d088023b2bd48e2fa96

SHA1e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA25690cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
content-length: 17174
content-type: image/x-icon
content-md5: EuPayFgGHQiAI7K9SOL6lg==
last-modified: Fri, 02 Nov 2018 20:25:25 GMT
etag: 0x8D6410152A9D7E1
x-cache: TCP_HIT
x-ms-request-id: 7ed70d83-301e-005c-5835-29a059000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 04pxyZQAAAADqs0vNUy2mQo2/T03+TRNyQU1TMDRFREdFMTgxOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAABeC7VPz6HtSohoF4+s4E+sU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:31 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

13.107.246.53

200 OK

40 kB

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Resource Info

File typeASCII text, with very long lines (65450), with CRLF line terminators

First Seen2023-03-08

Last Seen2025-08-08

Times Seen14146

Size40 kB (40454 bytes)

MD575cf78d0e38c65a538ad253ca9e48dbe

SHA1bf0452e4a42a9af3b69d5d8c3a3a0433f14921b6

SHA256df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 40454
content-type: application/x-javascript
content-encoding: gzip
content-md5: HWW92uTq7vx3y5z+zFZbXQ==
last-modified: Fri, 26 Feb 2021 06:12:05 GMT
etag: 0x8D8DA1D70FBDD97
x-cache: TCP_HIT
x-ms-request-id: 11c0ec53-801e-000b-2ce7-281264000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0XfFxZQAAAAB65HopnG3xRooFyS7YaZakQU1TMDRFREdFMTkxOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAABMgbVVfU6xSKkzX6NIxwU3U1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:31 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css

13.107.246.53

200 OK

20 kB

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Resource Info

File typeASCII text, with very long lines (61177)

First Seen2023-09-21

Last Seen2024-08-22

Times Seen23596

Size20 kB (20208 bytes)

MD52ed8d5b2f2b901e92d03f9068812341a

SHA18470214fc8e246c3910bcb0eae9070d4abe3a389

SHA2561a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 20208
content-type: text/css
content-encoding: gzip
content-md5: znAMuOwBXwRYMjVZ8p4wCw==
last-modified: Wed, 06 Sep 2023 21:22:45 GMT
etag: 0x8DBAF1F69A21EAA
x-cache: TCP_HIT
x-ms-request-id: 2d93e4bd-701e-0030-28fb-241662000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0sPJuZQAAAAAd+fcF/T0zTYti/Jb29laKQU1TMDRFREdFMTkxMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAAAMYCEcSgeeSYUdM+ItbukAU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:31 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js

13.107.246.53

200 OK

45 kB

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Resource Info

File typeASCII text, with very long lines (778)

First Seen2023-10-31

Last Seen2024-09-20

Times Seen1170

Size45 kB (44809 bytes)

MD5be630e623d7ee30720abfe258d7e77f9

SHA128e1655eac90fc1f5a93f16366739ddfc9f04638

SHA25687e738d94f83503f243a4544d7c78a6dadd01c261a6a58fa5085715652029ab9

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 44809
content-type: application/x-javascript
content-encoding: gzip
content-md5: gkCQOa5xTExKUB2dlzn2rA==
last-modified: Thu, 12 Oct 2023 21:23:59 GMT
etag: 0x8DBCB698CEF3B25
x-cache: TCP_HIT
x-ms-request-id: 7a11d444-f01e-0028-2510-24fe51000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0kS5tZQAAAAA12l9WOtjLS4LIdVftErHVQU1TMDRFREdFMTgxNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAABLBWPMFtraTbunzNGYIa0RU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:31 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css

13.107.246.53

200 OK

20 kB

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

Resource Info

File typeASCII text, with very long lines (61177)

First Seen2023-12-08

Last Seen2024-08-20

Times Seen1467

Size20 kB (20226 bytes)

MD5087cbf41bea0d506c90719671b6cad21

SHA16b937c0788b61572a829dfba228814b957350cce

SHA2565e47dd51ca94efccd58f4a7dc95a51744493292586fbe031e78f72508f0f4f89

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 20226
content-type: text/css
content-encoding: gzip
content-md5: cclsNwaya3AD0ci2cGBnrw==
last-modified: Fri, 17 Nov 2023 00:24:07 GMT
etag: 0x8DBE703830C8407
x-cache: TCP_HIT
x-ms-request-id: 2a4863a5-f01e-0050-02d8-285440000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0F5lyZQAAAAD2p1cl6S9MTaetY/glkE2NQU1TMDRFREdFMTgwOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAAAgV6UY19jLQLZUXdJlQKtlU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:31 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

13.107.246.53

200 OK

40 kB

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Resource Info

File typeASCII text, with very long lines (65450), with CRLF line terminators

First Seen2023-03-08

Last Seen2025-08-08

Times Seen14146

Size40 kB (40454 bytes)

MD575cf78d0e38c65a538ad253ca9e48dbe

SHA1bf0452e4a42a9af3b69d5d8c3a3a0433f14921b6

SHA256df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 40454
content-type: application/x-javascript
content-encoding: gzip
content-md5: HWW92uTq7vx3y5z+zFZbXQ==
last-modified: Fri, 26 Feb 2021 06:12:05 GMT
etag: 0x8D8DA1D70FBDD97
x-cache: TCP_HIT
x-ms-request-id: 11c0ec53-801e-000b-2ce7-281264000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0XfFxZQAAAAB65HopnG3xRooFyS7YaZakQU1TMDRFREdFMTkxOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAABuZShIZWELQ63BCZBROFQWU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:31 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js

13.107.246.53

200 OK

45 kB

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Resource Info

File typeASCII text, with very long lines (778)

First Seen2023-10-31

Last Seen2024-09-20

Times Seen1170

Size45 kB (44809 bytes)

MD5be630e623d7ee30720abfe258d7e77f9

SHA128e1655eac90fc1f5a93f16366739ddfc9f04638

SHA25687e738d94f83503f243a4544d7c78a6dadd01c261a6a58fa5085715652029ab9

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 44809
content-type: application/x-javascript
content-encoding: gzip
content-md5: gkCQOa5xTExKUB2dlzn2rA==
last-modified: Thu, 12 Oct 2023 21:23:59 GMT
etag: 0x8DBCB698CEF3B25
x-cache: TCP_HIT
x-ms-request-id: 7a11d444-f01e-0028-2510-24fe51000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0kS5tZQAAAAA12l9WOtjLS4LIdVftErHVQU1TMDRFREdFMTgxNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAABKnCZ634ISQr54Gd5DDalpU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:31 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png

13.107.246.53

200 OK

1.1 kB

URL GET HTTPS

aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

Resource Info

File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-04-10

Last Seen2025-08-08

Times Seen3304

Size1.1 kB (1057 bytes)

MD5ed9c9eb0dce17d752bedea6b5acda6d9

SHA1eca56c4904354eed5da0debcd6bd66856ab4784d

SHA256f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 1057
content-type: image/png
content-md5: 7ZyesNzhfXUr7eprWs2m2Q==
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F48FD7E08
x-cache: TCP_HIT
x-ms-request-id: 182c2558-001e-003f-22de-249f7d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0MWVvZQAAAAAkkqpQzfpITL0Xzx7v0fWOQU1TMDRFREdFMTkxOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAABWsKK8sZ99QLJUQGzzzEnCU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:31 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png

13.107.246.53

200 OK

1.1 kB

URL GET HTTPS

aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png

IP / ASN

13.107.246.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

Resource Info

File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-04-10

Last Seen2025-08-08

Times Seen3304

Size1.1 kB (1057 bytes)

MD5ed9c9eb0dce17d752bedea6b5acda6d9

SHA1eca56c4904354eed5da0debcd6bd66856ab4784d

SHA256f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 1057
content-type: image/png
content-md5: 7ZyesNzhfXUr7eprWs2m2Q==
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F48FD7E08
x-cache: TCP_HIT
x-ms-request-id: 182c2558-001e-003f-22de-249f7d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0MWVvZQAAAAAkkqpQzfpITL0Xzx7v0fWOQU1TMDRFREdFMTkxOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0X9hyZQAAAABF3GVbhDRjRY09Z7KgaugPU1ZHMjBFREdFMDYxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:48:31 GMT
X-Firefox-Spdy: h2

GET pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html

104.18.2.35

200 OK

110 kB

URL User Request GET HTTPS

pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html

IP / ASN

104.18.2.35

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (64651), with CRLF line terminators

First Seen2023-12-08

Last Seen2024-08-20

Times Seen204

Size110 kB (110092 bytes)

MD58c5882e6702c337ea109a2b96793c460

SHA11b0745a7643762bd368cbbade524875ee2ca30ae

SHA2560ecbd9ed32cb678b3bb835f54ccba95bca19042944952a3d94042d6a6ca68064

Certificate Info

IssuerLet's Encrypt

Subject*.r2.dev

Fingerprint91:F0:8B:D3:AA:FC:86:18:F9:F2:29:EB:98:8C:D8:5A:3A:76:5C:CF

ValidityWed, 11 Oct 2023 17:13:53 GMT - Tue, 09 Jan 2024 17:13:52 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /aas.html HTTP/1.1
Host: pub-d89e3188311c46f49978b9555d4c9596.r2.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://derakh.vxx8na.badfolk.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 08 Dec 2023 08:48:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"8c5882e6702c337ea109a2b96793c460"
Last-Modified: Fri, 08 Dec 2023 05:33:50 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8323bfee6a745687-OSL
Content-Encoding: gzip