bestfoodplaces.buzz/
46.101.188.242200 OK 2.8 kB IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cee1522610a4b625a3a6094996b0780e
36b614b1a86426f93e8cbd0fc3e509c49b0adcad
a1d48b9dea3763b7257f05fbd0e1a9d93dfec8acdcf937840347e3801eb53661
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET / HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:58 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1965860f5630f7dda817a236cb72ea24
beec8147d48911a007287014564ce544d296a5fd
00b4aafe530f6ceb3d6d4de42fffdaee0cb4e0a60834c85b1d21e42e5db2ef91
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00B4AAFE530F6CEB3D6D4DE42FFFDAEE0CB4E0A60834C85B1D21E42E5DB2EF91"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11358
Expires: Wed, 05 Apr 2023 02:35:17 GMT
Date: Tue, 04 Apr 2023 23:25:59 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e50dac5108a698d61ca49516033d1a20
53d243b89fc00deb9bfae07351bbe36ddb7c1df3
e9e0ad98c485b56fe65ea0a8bc4974fff3f804fcf2d8f6266ada9acd27c7b7cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9E0AD98C485B56FE65EA0A8BC4974FFF3F804FCF2D8F6266ADA9ACD27C7B7CC"
Last-Modified: Tue, 04 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10583
Expires: Wed, 05 Apr 2023 02:22:22 GMT
Date: Tue, 04 Apr 2023 23:25:59 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Length, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 04 Apr 2023 22:28:46 GMT
content-type: application/json
age: 3433
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 903ed2d58f1f33d069b70c4b53f1cb1f
0ef89cd6eb79a2ddd74434f9233cf486fffc1142
d8c984b50f04fcdb1ebc99d982502d85193302c85239ee7497666247edfc0061
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8C984B50F04FCDB1EBC99D982502D85193302C85239EE7497666247EDFC0061"
Last-Modified: Sun, 02 Apr 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19575
Expires: Wed, 05 Apr 2023 04:52:14 GMT
Date: Tue, 04 Apr 2023 23:25:59 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 95f61d351f5fc9533cc78e255ce9bc06
fba284117f347782ac23c51d141d7e3ec15a867e
7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3
GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: hWCbFEBo+nsul1hvqJfUtukBQTQcdmH5h3NxpH56lX4IfT1TM1aB3M8yt+wyVhoivtJA4bzBAKo=
x-amz-request-id: 62S18JHYFPPG26HJ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Apr 2023 22:53:23 GMT
age: 1956
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
46.101.188.242200 OK 22 kB URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (422), with CRLF line terminators
Hash 981663d708c08ead717e223b61503f93
01ad5cdcd7df16f1fce1fe7f046a9e92179a47d0
fb1ffe6d9ff049022257f82644a3369dff21af7924136f66db31793f4e0328af
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/index.html HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 22:00:00 GMT
Accept-Ranges: bytes
Content-Length: 21865
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 23:25:59 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
bestfoodplaces.buzz/0WindbnNK1707w0winin87/styles.css
46.101.188.242200 OK 6.4 kB URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/styles.css
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, ASCII text, with CRLF line terminators
Hash 05ffd44d4e2fd4de4349affdf113d260
748a6d0d422cc2e03f90a175f7feb1cd6a472832
ccd4cb818aa91ac60b486084790e69348453ac7aa15654824b3f93ce26513e34
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/styles.css HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 06:56:26 GMT
Accept-Ranges: bytes
Content-Length: 6441
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
104.17.24.14200 OK 27 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (32180)
Hash b1e4b2a99336201b37fb8cea5d57abb9
d57980f0d0eaaf57ec33ddc9ed027274cfa86027
c805bfd991983f57b5b7878b998f7529e9b7e2df4bc2d39ba493934e23ba3f8a
GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Apr 2023 23:25:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 26660
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14983"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 26097547
expires: Sun, 24 Mar 2024 23:25:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EpE%2FhAoy6WKDhtpvv7QPiuZCYQ76LiCEwMbCQvOyWGOV0ciC5q14jkKR1i7%2Bg4eNWKIVxomxYg%2FhHOjUWiQuAqMv2765oURt4lMY534c3V7wp5oYvXaykMcKRcP8twJPx8KOpRH%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7b2d504e89d2b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bestfoodplaces.buzz/0WindbnNK1707w0winin87/scripts.js
46.101.188.242200 OK 7.4 kB URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/scripts.js
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Hash 82a30e47ef009db854ae66b1aa503658
ad1a3cb79334c221e38dac005eb2917383b41443
40f1d6ebbcb71c6a7230de522e8ecdf58da3b16cf96793b9d4aa642904ea2ff7
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/scripts.js HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Wed, 15 Mar 2023 22:16:12 GMT
Accept-Ranges: bytes
Content-Length: 7379
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
bestfoodplaces.buzz/0WindbnNK1707w0winin87/chat.css
46.101.188.242200 OK 8.3 kB URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/chat.css
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, ASCII text, with CRLF line terminators
Hash f59f97580a2ffb6a71fa2ced470ab236
9f24744b88eea45a0e18e2287a66447e4b145c69
4337001fc7bfdda7130c00f7ea72581134af1cb57750434d735548a7efb54817
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/chat.css HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Wed, 15 Mar 2023 22:49:36 GMT
Accept-Ranges: bytes
Content-Length: 8298
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
code.jquery.com/jquery-1.4.4.min.js
69.16.175.42200 OK 27 kB URL HTTP/2 code.jquery.com/jquery-1.4.4.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (820)
Hash 7a0b6602f591a171b37338148088e123
a5e2c755b9176d236e8deb230f161e0aafab8a91
330c910343479c293e1b6c48514dc806da2cb34560467ff2518076f75e10d8d8
GET /jquery-1.4.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Apr 2023 23:25:59 GMT
content-encoding: gzip
content-length: 27078
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-13309"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1680650759.dop012.sk1.t,1680650759.cds010.sk1.hn,1680650759.cds203.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2cd3f434a12d198abeaadbfb321bdac2
2720dbf537a719412e035c7682a738878211ba3c
00e6af13b49d9559588217ac936e87aa82a58da0af42fb03df3a8e04f376586e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:25:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bestfoodplaces.buzz/0WindbnNK1707w0winin87/s-S4-acc.png
46.101.188.242200 OK 813 B URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/s-S4-acc.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 77 x 72, 8-bit colormap, non-interlaced\012- data
Hash d648c1837d01495eccd63e053491f72a
991d8f6c72777239472410d6129fd5f25ed9d134
9edbf56b360080f5d6765dce77353b8130e9f8316ad34c68f6c2792cdc446321
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/s-S4-acc.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Wed, 01 Feb 2023 10:40:22 GMT
Accept-Ranges: bytes
Content-Length: 813
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
bestfoodplaces.buzz/0WindbnNK1707w0winin87/nOxp-sett.png
46.101.188.242200 OK 463 B URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/nOxp-sett.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 33 x 31, 8-bit colormap, non-interlaced\012- data
Hash 905d91c276116928fa306ea732723fa9
092604f6a8786e46a7dee06065d29d2896fcf568
9cffd13c2ce05ebe032709a88fa59504e1218a12b175ec40d5aab280c18be51e
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/nOxp-sett.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Wed, 01 Feb 2023 10:40:28 GMT
Accept-Ranges: bytes
Content-Length: 463
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
bestfoodplaces.buzz/0WindbnNK1707w0winin87/okPE-vs.png
46.101.188.242200 OK 313 B URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/okPE-vs.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 37 x 38, 8-bit grayscale, non-interlaced\012- data
Hash f8176054bb2e264452c0d7c3a1a1093c
dd3145e0f95a236e073a780a2529febf409d4f2b
bf8ebf2c2aeb4d8310341694baf1ed935d35c68c1572588af85b4775d5cf500e
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/okPE-vs.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Wed, 01 Feb 2023 10:40:26 GMT
Accept-Ranges: bytes
Content-Length: 313
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
bestfoodplaces.buzz/0WindbnNK1707w0winin87/-EBq-current.png
46.101.188.242200 OK 1.2 kB URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/-EBq-current.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 27 x 28, 8-bit colormap, non-interlaced\012- data
Hash 35629cc2adc804353a548305f1217206
cda6e89c5f6a644683aea6999a5d11e00dc64275
c1d52e31f7fc13cbb3efca8b0ec937ddd97a5ec545c4dad26193429db10d8662
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/-EBq-current.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Wed, 01 Feb 2023 10:41:04 GMT
Accept-Ranges: bytes
Content-Length: 1162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
bestfoodplaces.buzz/0WindbnNK1707w0winin87/qsbs-firewall.png
46.101.188.242200 OK 920 B URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/qsbs-firewall.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 77 x 63, 8-bit colormap, non-interlaced\012- data
Hash b0495ede4c875843fec037c794e9ff9a
c813aefba255a5cc53aea7811f987ccb551c3128
52b762d47c066e16300675d56cc359b504ffd3239438c96eb973864311bb7b79
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/qsbs-firewall.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Wed, 01 Feb 2023 10:40:24 GMT
Accept-Ranges: bytes
Content-Length: 920
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
bestfoodplaces.buzz/0WindbnNK1707w0winin87/def.png
46.101.188.242200 OK 3.8 kB URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/def.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 77a2ffc5545f87551d74781201de9b3b
c9c3798afd2ae95aa3bba3c428335d49c8255b06
316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/def.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Wed, 01 Mar 2023 14:56:28 GMT
Accept-Ranges: bytes
Content-Length: 3834
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
bestfoodplaces.buzz/0WindbnNK1707w0winin87/microsoft.png
46.101.188.242200 OK 1.0 kB URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/microsoft.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/microsoft.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Wed, 01 Mar 2023 14:56:48 GMT
Accept-Ranges: bytes
Content-Length: 1045
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
bestfoodplaces.buzz/0WindbnNK1707w0winin87/uZbx-si.png
46.101.188.242200 OK 5.4 kB URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/uZbx-si.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 42 x 702, 8-bit grayscale, non-interlaced\012- data
Hash 51147eb9734c3c0caf22aa77a80d96f0
dc33807cd0c0c35bb98d8e23efe2d625137a43f5
92d8510869b3d581401a93130fa72e4b54c5bf28dc8005994c5248d9afbfc37b
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/uZbx-si.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Wed, 01 Feb 2023 10:40:12 GMT
Accept-Ranges: bytes
Content-Length: 5377
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
bestfoodplaces.buzz/0WindbnNK1707w0winin87/mic.png
46.101.188.242200 OK 194 B URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/mic.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash df0a213a8bc598e53c8513b360fc910e
b8cb3eac6254ced5dcf57beecf3758a4a9bc8c26
c6ea65b06c0f199ee8073ae19b9909fa004de0bc3d5c9d6402693e14e0ae979f
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/mic.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 17:23:54 GMT
Accept-Ranges: bytes
Content-Length: 194
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
www.googletagmanager.com/gtag/js?id=UA-113411315-1
142.250.74.168200 OK 46 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-113411315-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2206)
Hash 1367c60fc733a8dc0292d1a5acd8d126
23f86006f18091aac2a3f5ac3f9985774ad10041
ac16c2ace001e44e6eedea2846e9f3ed7b759f79bac571df67939eda7397601c
GET /gtag/js?id=UA-113411315-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Apr 2023 23:25:59 GMT
expires: Tue, 04 Apr 2023 23:25:59 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45982
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bestfoodplaces.buzz/0WindbnNK1707w0winin87/cross.svg
46.101.188.242200 OK 586 B URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/cross.svg
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , Unicode text, UTF-8 text, with very long lines (584), with no line terminators
Hash bc1f7dd210381c4c10bd93c4bccdc587
76d3599df283231936edf5b2a31d15e8e76c22dd
50dc14b3d1fdd6aeeb9f2ca92062357bacecbf8f05992346ffe4178fd81ff68c
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/cross.svg HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 17:32:06 GMT
Accept-Ranges: bytes
Content-Length: 586
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/svg+xml
bestfoodplaces.buzz/0WindbnNK1707w0winin87/virus-images.png
46.101.188.242200 OK 33 kB URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/virus-images.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 200 x 191, 8-bit/color RGBA, non-interlaced\012- data
Hash 68c7d1836cf921e767b980e8ce6d845b
395fc474214809b1282fc589e4a8f0be81b16adc
870e9d768ba46521935ced4cee560acfbb4f12370e5476dc6a2a45f0141a8392
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/virus-images.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 22:09:20 GMT
Accept-Ranges: bytes
Content-Length: 33366
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
bestfoodplaces.buzz/0WindbnNK1707w0winin87/kxFy-clip.png
46.101.188.242200 OK 542 B URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/kxFy-clip.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 66 x 68, 8-bit colormap, non-interlaced\012- data
Hash 0e9558d2d6e8000ce5c6c749c8fc67c2
f7ba9490807ef70bb6195150d6287cd54b7fefd0
91fb42a68a122344fd78cfd5f0cf9d06ff6d307fd4a5c68f40231c5950ece9a1
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/kxFy-clip.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Wed, 01 Feb 2023 10:40:32 GMT
Accept-Ranges: bytes
Content-Length: 542
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
bestfoodplaces.buzz/0WindbnNK1707w0winin87/arrow.svg
46.101.188.242200 OK 193 B URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/arrow.svg
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 1b49457044fe0f969a601eade5b861ee
bb0139e4c98ac050717094b636612ce758a42062
65e5c584d029650c691506517be54c0046cb94f48b8522d7c78d3a550220691f
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/arrow.svg HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 17:26:58 GMT
Accept-Ranges: bytes
Content-Length: 193
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
bestfoodplaces.buzz/0WindbnNK1707w0winin87/Z5BR-network.png
46.101.188.242200 OK 607 B URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/Z5BR-network.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 63 x 70, 8-bit colormap, non-interlaced\012- data
Hash 2cd03a547f00cad010f9038619df45de
912f919836a77a514c76b990aceaf5e930a24024
c56a8ae4818963e0d71eda4ebf46b4f2cdd3a238537dc8e99711fb690d272a73
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/Z5BR-network.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Wed, 01 Feb 2023 10:40:56 GMT
Accept-Ranges: bytes
Content-Length: 607
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
bestfoodplaces.buzz/0WindbnNK1707w0winin87/minimize.jpeg
46.101.188.242200 OK 17 kB URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/minimize.jpeg
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3\012- data
Hash 4bf52eb9b3efce840add1a90d83a40e5
6348a7617dfce3165e07af53a48df7892d62ffe1
a85f1e749a829c5c909837844c6b53ce0a9ae2adb7c8eac0e7b96c372c679a0d
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/minimize.jpeg HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 11:53:32 GMT
Accept-Ranges: bytes
Content-Length: 17173
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg
bestfoodplaces.buzz/0WindbnNK1707w0winin87/seo.png
46.101.188.242200 OK 21 kB URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/seo.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash d6a6abff8300306298b9839210a01272
5d816e96fe022415f817bc580273bb6e3c58fb33
8d3a47bb7fede0db929ed92f8ebaee71fc12e3b4cc4f43362f3fc304d6fd130b
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/seo.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 17:42:22 GMT
Accept-Ranges: bytes
Content-Length: 20629
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
bestfoodplaces.buzz/0WindbnNK1707w0winin87/antivirus.png
46.101.188.242200 OK 17 kB URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/antivirus.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash f6e5701a264992107acc4583ed4ae622
a6df615fcb3a05bf4aefa62221127970956e5de6
45eb621e5fa1258a63f8e53d8032a1acd8805366bf0ea4c5f48cb2adbeaaa28f
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/antivirus.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 17:42:00 GMT
Accept-Ranges: bytes
Content-Length: 17021
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2cd3f434a12d198abeaadbfb321bdac2
2720dbf537a719412e035c7682a738878211ba3c
00e6af13b49d9559588217ac936e87aa82a58da0af42fb03df3a8e04f376586e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:25:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bestfoodplaces.buzz/0WindbnNK1707w0winin87/cross.png
46.101.188.242200 OK 386 kB URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/cross.png
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced\012- data
Size 386 kB (386359 bytes)
Hash be42ad7752720327d28bf52dbdbb64c2
f4cce31b9236319aa9c87fee038638d1de12c07d
c3ad6aa1c03fd108854f008cfec2753ba623e1470a4d61798b5d8c050e474868
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/cross.png HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Wed, 01 Mar 2023 14:56:42 GMT
Accept-Ranges: bytes
Content-Length: 386359
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
oneocsp.microsoft.com/ocsp
204.79.197.203200 OK 1.8 kB URL HTTP/1.1 oneocsp.microsoft.com/ocsp
IP 204.79.197.203:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash ddc7035cc89bfa7d203242e0a7214ee5
372b60d132b8851198dc3abac5c9c56b84600041
4e64814b4fd3a8aa13887610995921260a8cf4368df4a08755b5011c692db0ee
POST /ocsp HTTP/1.1
Host: oneocsp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 1777
Content-Type: application/ocsp-response
Expires: Mon, 10 Apr 2023 15:50:17 GMT
Last-Modified: Tue, 04 Apr 2023 17:09:34 GMT
ETag: "4e64814b4fd3a8aa13887610995921260a8cf4368df4a08755b5011c692db0ee"
X-Powered-By: ASP.NET
x-content-type-options: nosniff
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 46D164877892486BAD500049E80B6903 Ref B: OSL30EDGE0217 Ref C: 2023-04-04T23:25:59Z
Date: Tue, 04 Apr 2023 23:25:59 GMT
support.microsoft.com/
23.38.200.116301 Moved Permanently 0 B IP 23.38.200.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-length: 0
server: Kestrel
location: https://support.microsoft.com/en-US
request-context: appId=
x-correlationid: 0HMPL74PJM9I1:00000004
x-operationid: 1a5149a0a826d6c762f6d49696149329
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Tue, 04 Apr 2023 23:25:59 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 04 Apr 2023 23:25:59 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/en-US
23.38.200.116200 OK 24 kB URL HTTP/2 support.microsoft.com/en-US
IP 23.38.200.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1478), with CRLF, LF line terminators
Hash 616edb54123d416d405e24e5fb2d960e
54c269578c478244f0250cebbc67bbc4d5188000
2949872ab9156b6ca65af77b5dabda91a127ea19280ab27b73fcc430f55fc31a
GET /en-US HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bestfoodplaces.buzz/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: Kestrel
request-context: appId=
x-correlationid: 0HMPL74PJM9I1:00000005
x-operationid: 50e025535cc3ee2806db351f690d4255
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-encoding: gzip
expires: Tue, 04 Apr 2023 23:25:59 GMT
cache-control: max-age=0, no-cache, private
pragma: no-cache
date: Tue, 04 Apr 2023 23:25:59 GMT
content-length: 24005
strict-transport-security: max-age=86400 ; includeSubDomains
set-cookie: EXPID=f102649c-f61c-4bb5-931f-cfc0919a27a9; max-age=31536000; path=/; secure; samesite=none
ak_bmsc=9FA0AA45C18D638672E40A883812B206~000000000000000000000000000000~YAAQFE8kFza+1haHAQAAgG6XThODRew6G8x1S9djmkFxdqEl4vELlOJxDIr+8O8THqCTYPKoUQKOeijxCsiCxvA0GGPcXdS44QonJ40VhtBlewPx1V2gvcGN8R/wbPhZz66T1K4Zzggzsw7RIMX2H58Ei77f1I3RnLdpZ1aNyyCNSCOaMV7kGWCsarAXJhg8QJTdXimS5F54mc6GPN9o8ha5Uyodl5QFnI5KE4QVx50ajpYpDx/xT2k4v/zLf2sQkpSokRfPSwVVPM1P0lkLjZGDZYOBKIatjYt2nMWlVuFr1Ru0B2nej6M+66JMISKvofUpMh02e2fgPMPQohQOJ4t2VF/rAmZJzwJPmEjru7XSRY1H4HyfbIJLrwT7barr6/upMn6juE46TlVA; Domain=.microsoft.com; Path=/; Expires=Wed, 05 Apr 2023 01:25:59 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
support.microsoft.com/css/Article/officeShared.css?v=pXwOvfY_bbmRA2ZXF-N1NcIgKpx4aiq3XWBgiI9dETY
23.38.200.116302 Found 0 B URL HTTP/2 support.microsoft.com/css/Article/officeShared.css?v=pXwOvfY_bbmRA2ZXF-N1NcIgKpx4aiq3XWBgiI9dETY
IP 23.38.200.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /css/Article/officeShared.css?v=pXwOvfY_bbmRA2ZXF-N1NcIgKpx4aiq3XWBgiI9dETY HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: AkamaiGHost
content-length: 0
location: https://support.office.com/css/Article/officeShared.css?v=pXwOvfY_bbmRA2ZXF-N1NcIgKpx4aiq3XWBgiI9dETY
cache-control: max-age=0
date: Tue, 04 Apr 2023 23:25:59 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
23.38.200.116200 OK 1.1 kB URL HTTP/2 support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
IP 23.38.200.116:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (2867), with no line terminators
Hash 6477e3936b0e197b65cc1ff23763e340
096188c0ef95054d95c5dafe755df0106428c0b1
2056691cd1dcca7ad51f6c386f8c7baa4954a164b9b10d41a668910a8e91b854
GET /css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d946ecf6253e38"
last-modified: Wed, 22 Feb 2023 18:39:14 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOL0HRKHDLA:00000002
x-operationid: 84af460593256dc3080304b0aed3d5c8
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1096
cache-control: private, max-age=31330355
date: Tue, 04 Apr 2023 23:25:59 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 04 Apr 2023 22:05:12 GMT
expires: Wed, 05 Apr 2023 00:05:12 GMT
cache-control: public, max-age=7200
age: 4847
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
104.18.10.207200 OK 6.6 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP 104.18.10.207:0
File type ASCII text, with very long lines (27303)
Hash 6e432108fc0074699d262838db10d3cb
e2c55909329e90b2c40fe5bf9e8ec0c1fa6d6369
a8fc555543804814b5ff0a387eff573c5f3521feb3378e127ca02b50891c29f2
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Apr 2023 23:25:59 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 26095007
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7b2d504e8988b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
support.microsoft.com/css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U
23.38.200.116200 OK 1.3 kB URL HTTP/2 support.microsoft.com/css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U
IP 23.38.200.116:0
File type ASCII text, with very long lines (4873), with no line terminators
Hash eb48302afb214875c9d08368da4a7530
a713fcefa60669076aa63eb19c0227577f5498e2
6659165de1cc9fad2980212c737f78149b7a20f57f9532ba2ea311a848508e06
GET /css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd42c69a909"
last-modified: Thu, 09 Feb 2023 22:16:36 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATDUREA5D:00000002
x-operationid: c2d06df7537fd21f9cb163f3a13e251d
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1320
cache-control: private, max-age=31330355
date: Tue, 04 Apr 2023 23:25:59 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/SocContent/css
23.38.200.116200 OK 23 kB URL HTTP/2 support.microsoft.com/SocContent/css
IP 23.38.200.116:0
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Hash 68f3c668bd3369699a9e554c2294ff29
b06cb70c310a429d5000361e3ab7bb07146b23f6
392a288aaa8044b0344dc11b86a8291ec3ec7094f4efa773666e7048a5f98576
GET /SocContent/css HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 04 Apr 2023 23:25:59 GMT
x-correlationid: 74718d32-b655-451a-bce1-40318e993748
x-usersessionid: 74718d32-b655-451a-bce1-40318e993748
x-officefe: OdcSupFrontEnd_IN_4
x-officeversion: 16.0.16403.42702
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
content-encoding: gzip
content-length: 22921
cache-control: public, max-age=31535992
expires: Wed, 03 Apr 2024 23:25:51 GMT
date: Tue, 04 Apr 2023 23:25:59 GMT
vary: Accept-Encoding
set-cookie: EXPID=e51f3123-1f50-42ad-b277-44f2ae81b317; expires=Thu, 04-Apr-2024 23:25:59 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/SocContent/articleCss
23.38.200.116200 OK 18 kB URL HTTP/2 support.microsoft.com/SocContent/articleCss
IP 23.38.200.116:0
File type Unicode text, UTF-8 text, with very long lines (65518), with no line terminators
Hash eb4cf7babe624ca5751ffc0bd0029da7
d9014486ade1ac5c32014c707acc93b0eb51d0b4
3f66a84c6c0db43726cd535a95616bf062cc999f9d872768cfe5cf20e3452657
GET /SocContent/articleCss HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 04 Apr 2023 23:25:59 GMT
x-correlationid: ae8f683d-a586-40cd-860c-fb5832e45408
x-usersessionid: ae8f683d-a586-40cd-860c-fb5832e45408
x-officefe: OdcSupFrontEnd_IN_1
x-officeversion: 16.0.16403.42702
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=31536000
expires: Wed, 03 Apr 2024 23:25:59 GMT
date: Tue, 04 Apr 2023 23:25:59 GMT
content-length: 17812
set-cookie: EXPID=5d3881a1-84b9-43aa-8313-2acd061a71fa; expires=Thu, 04-Apr-2024 23:25:59 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM
23.38.200.116200 OK 370 B URL HTTP/2 support.microsoft.com/js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM
IP 23.38.200.116:0
File type ASCII text, with CRLF line terminators
Hash 5590a7dc56b6f43b99568fe62e2d03cf
f2923af0b22bd272acbbcd68958a7df4169ec703
f594937c23c9154cc20ef4522bebb8ac61cae53824ad6e02660c381b396b952d
GET /js/TelemetryLogging.js?v=PI8krdyAXTV0whxSz7oGWOLjo8PeIdfp8gD_jTA31VM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd345be35aa"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATAF6QE44:00000004
x-operationid: 1fd18d66895cce47bc59a783018dbd8e
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 370
cache-control: private, max-age=31330357
date: Tue, 04 Apr 2023 23:25:59 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=341434241&t=pageview&_s=1&dl=http%3A%2F%2Fbestfoodplaces.buzz%2F0WindbnNK1707w0winin87%2Findex.html&ul=en-us&de=UTF-8&dt=Microsoft%20Support%20Assistance%20Er0SaAnif007&sd=24-bit&sr=1280x1024&vp=1140x836&je=0&_u=YADAAUABAAAAACAAI~&jid=1072428169&gjid=1662787006&cid=994887229.1680650760&tid=UA-113411315-1&_gid=1858795720.1680650760&_r=1>m=457e3430&jsscut=1&z=5094689
142.250.74.110200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=341434241&t=pageview&_s=1&dl=http%3A%2F%2Fbestfoodplaces.buzz%2F0WindbnNK1707w0winin87%2Findex.html&ul=en-us&de=UTF-8&dt=Microsoft%20Support%20Assistance%20Er0SaAnif007&sd=24-bit&sr=1280x1024&vp=1140x836&je=0&_u=YADAAUABAAAAACAAI~&jid=1072428169&gjid=1662787006&cid=994887229.1680650760&tid=UA-113411315-1&_gid=1858795720.1680650760&_r=1>m=457e3430&jsscut=1&z=5094689
IP 142.250.74.110:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j99&a=341434241&t=pageview&_s=1&dl=http%3A%2F%2Fbestfoodplaces.buzz%2F0WindbnNK1707w0winin87%2Findex.html&ul=en-us&de=UTF-8&dt=Microsoft%20Support%20Assistance%20Er0SaAnif007&sd=24-bit&sr=1280x1024&vp=1140x836&je=0&_u=YADAAUABAAAAACAAI~&jid=1072428169&gjid=1662787006&cid=994887229.1680650760&tid=UA-113411315-1&_gid=1858795720.1680650760&_r=1>m=457e3430&jsscut=1&z=5094689 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://bestfoodplaces.buzz
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: http://bestfoodplaces.buzz
date: Tue, 04 Apr 2023 23:25:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
support.microsoft.com/js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo
23.38.200.116200 OK 847 B URL HTTP/2 support.microsoft.com/js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo
IP 23.38.200.116:0
File type ASCII text, with CRLF line terminators
Hash f98824c7874bdc9841e01fbaa01543b4
b730428ca089dbe0723ff771a684a289152fea92
04384335b3aec1cfec1fd9f4502c5d59af217d9ae49f0015e4ceeef3f10bcb72
GET /js/topNav.js?v=-eDiKlpcJhp0uSWk8XM_g0tWTQM1wwUfMmoZosDDQdo HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95b63110b87a7"
last-modified: Mon, 20 Mar 2023 19:35:03 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMP9F9QRNTIA:00000002
x-operationid: 339e5f86b50090f398deab88aaa43966
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 847
cache-control: private, max-age=30226378
date: Tue, 04 Apr 2023 23:25:59 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w
23.38.200.116200 OK 6.5 kB URL HTTP/2 support.microsoft.com/js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w
IP 23.38.200.116:0
File type ASCII text, with CRLF line terminators
Hash 57ad680f02f3ca9a9af4c79da71b20b3
fce7b9c1ab4a2fc188401ce4c878e50d3856c60f
59ae157e976f6dbac3b472f1c245f335f9876fb335ef433cf32ecd24404c9d0b
GET /js/feedback.js?v=84GPO0wsKJkREYhzfs2-839cEXZQU9kTiITr30Y1u8w HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd3903fe747"
last-modified: Thu, 09 Feb 2023 22:12:14 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATC66761M:00000002
x-operationid: 371c1978c70d58eb03991bb7f5eea881
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 6488
cache-control: private, max-age=31330358
date: Tue, 04 Apr 2023 23:25:59 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/Support.Main.min.js?v=W8dFf-_6LsYeYnFrrDAnlly_2cW523R5VJTM1vuKsW4
23.38.200.116200 OK 24 kB URL HTTP/2 support.microsoft.com/js/Support.Main.min.js?v=W8dFf-_6LsYeYnFrrDAnlly_2cW523R5VJTM1vuKsW4
IP 23.38.200.116:0
File type Unicode text, UTF-8 text, with very long lines (58115)
Hash 105cbd8945d38785a2a225a4e2a04bf0
993f0244b5d77729f3909d75c7c64c71e1bdd5b1
d2f3364c26cc5bf0c6f178d864e28cb6f5f08920a48f65f903d918f24b170239
GET /js/Support.Main.min.js?v=W8dFf-_6LsYeYnFrrDAnlly_2cW523R5VJTM1vuKsW4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd42c695936"
last-modified: Thu, 09 Feb 2023 22:16:36 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATE6LPA1K:00000002
x-operationid: b7ce1a9e2ddfa7d6520682a56dfe49cf
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 24426
cache-control: private, max-age=31330358
date: Tue, 04 Apr 2023 23:25:59 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM
23.38.200.116200 OK 75 kB URL HTTP/2 support.microsoft.com/js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM
IP 23.38.200.116:0
File type Unicode text, UTF-8 text, with very long lines (65454)
Hash 905e4956b0ee0ce4dacb9d8d6aa748b6
4be710784f7df01c5d86dfb68ede898a82554b06
96be4a840515cb727871c66b3c40195b19b089cb6631040f6829984682af64ae
GET /js/SearchBox.Main.min.js?v=sY_YBvw6gcgD1e-o1JhIQTBF7pirfPL8WqOaD-_eXFM HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: gzip
etag: "1d94c908da8eb8a"
last-modified: Wed, 01 Mar 2023 22:52:52 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOQL02L0OMJ:00000002
x-operationid: 5b8b5494cf9f7a6fc6840973a3afbd03
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 75066
cache-control: private, max-age=31330358
date: Tue, 04 Apr 2023 23:25:59 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4
23.38.200.116200 OK 1.9 kB URL HTTP/2 support.microsoft.com/js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4
IP 23.38.200.116:0
File type ASCII text, with very long lines (6261)
Hash d860a5eba2cb21a350c6b002a30b03de
a4514156fbd14905578dd4441bc6a1c51eb8162d
379799b97d2437e7280a8d952fe80856341c6deb95c2c0fe5f9ce4a453bd57d9
GET /js/PromotionBanner.Main.min.js?v=lPxxwt8ZKzDFNYuSNvRbC24S24EImVPnl-WkYX8w3n4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fd9f0caa"
last-modified: Thu, 09 Feb 2023 22:08:08 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9TTJQAB:00000002
x-operationid: 44790d2f053b6b8bd68accd38b8eec59
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1876
cache-control: private, max-age=31330358
date: Tue, 04 Apr 2023 23:25:59 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css
23.36.76.114200 OK 473 B URL HTTP/1.1 statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css
IP 23.36.76.114:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (342), with CRLF line terminators
Hash a40589609d8e75c109e93abbff0dcf60
76ae9c943d54022e24b90467713a73a431eddd6d
2c959c2618be84448b26de18639db8a66126449c6ebb29f4f6d33e00adb5b069
GET /statics/override.css HTTP/1.1
Host: statics-marketingsites-neu-ms-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 11 Jun 2019 23:22:13 GMT
ETag: 0x8D6EEC3A2D67C35
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7502d9a5-901e-0068-28c4-66545b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 473
Unused62: 8096267
Date: Tue, 04 Apr 2023 23:25:59 GMT
Connection: keep-alive
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
23.36.76.186200 OK 4.1 kB URL HTTP/2 img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
IP 23.36.76.186:0
ASN #20940 Akamai International B.V.
File type PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f14c20150a003d7ce4de57c298f0fba
daa53cf17cc45878a1b153f3c3bf47dc9669d78f
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
GET /cms/api/am/imageFileData/RE1Mu3b?ver=5c31 HTTP/1.1
Host: img-prod-cms-rt-microsoft-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
last-modified: Mon, 27 Mar 2023 19:09:17 GMT
x-datacenter: northeu
x-activityid: 94e46343-541f-4777-8f3e-4a582240a347
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-type: image/png
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
x-source-length: 4054
content-length: 4054
cache-control: public, max-age=114186
expires: Thu, 06 Apr 2023 07:09:06 GMT
date: Tue, 04 Apr 2023 23:26:00 GMT
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
X-Firefox-Spdy: h2
support.microsoft.com/socbundles/article
23.38.200.116200 OK 15 kB URL HTTP/2 support.microsoft.com/socbundles/article
IP 23.38.200.116:0
File type ASCII text, with very long lines (62046), with no line terminators
Hash a7a35095b42d66f97324a02e61aeabbd
fc5b2ce888868bb62b40f2b580c16d0e23b53f4a
138863d8ea2818321a86df2e3f72b28feb8348def4d72d5d29b09d57fe235a83
GET /socbundles/article HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 04 Apr 2023 23:25:59 GMT
x-correlationid: 6096677c-eeb6-40ef-ac9e-fb8ac3c9bc29
x-usersessionid: 6096677c-eeb6-40ef-ac9e-fb8ac3c9bc29
x-officefe: OdcSupFrontEnd_IN_18
x-officeversion: 16.0.16403.42702
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=0
expires: Tue, 04 Apr 2023 23:25:59 GMT
date: Tue, 04 Apr 2023 23:25:59 GMT
content-length: 15150
set-cookie: EXPID=f353ca45-1a5c-412f-80b8-074824363963; expires=Thu, 04-Apr-2024 23:25:59 GMT; path=/; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1c682b982d1ecaa1d27cb4da560edd95
fa046ceed7b97d3893993b65490b24f718bd1d7a
4faa28c9a8c88aa88a28e8065763938a3cf81e62a244482b280a58e825f5a904
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FAA28C9A8C88AA88A28E8065763938A3CF81E62A244482B280A58E825F5A904"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4133
Expires: Wed, 05 Apr 2023 00:34:53 GMT
Date: Tue, 04 Apr 2023 23:26:00 GMT
Connection: keep-alive
ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.1.min.js
152.199.19.160200 OK 31 kB URL HTTP/2 ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.1.min.js
IP 152.199.19.160:0
File type ASCII text, with very long lines (65451)
Hash 01ed540a1edc0b1cae4b91ef5d576be3
0f4aa0ea331348a4c2bca0f3898dd681646455c4
da348028c4b581592016ee99ec4ee38cdaaac87d2c0317962c52c18a9338a101
GET /ajax/jQuery/jquery-3.5.1.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 20407285
cache-control: public,max-age=31536000
content-type: application/javascript
date: Tue, 04 Apr 2023 23:26:00 GMT
etag: "80e72fc8fd6fd61:0"
last-modified: Tue, 11 Aug 2020 16:38:03 GMT
server: ECAcc (ska/F74F)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30976
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 274780afcb4fbc5f81feba1c5d99add3
c26412d591486507f86c9c310a2b1cc62ddd8e76
2baa6a831f9856ee6b02859c3681a5a0d0e9dc361c60d04580b9f893fc06802c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:26:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.microsoft.com/videoplayer/js/vxpiframe.js
23.38.201.156200 OK 6.3 kB URL HTTP/2 www.microsoft.com/videoplayer/js/vxpiframe.js
IP 23.38.201.156:0
File type ASCII text, with very long lines (13602)
Hash 009d92e8af9d884776822cbb40471dab
8215ca8a1c6d3c6b68c99aa3bc84df2ad57386f7
7ca4a25996ab5129a87d219a3382b645e266b1e43b6f3052770dc23bf15e7fb6
GET /videoplayer/js/vxpiframe.js HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/en-US
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: private, no-transform
content-type: application/x-javascript; charset=utf-8
x-activity-id: 17e6e359-3104-4b6e-81d1-839ca4dfeddd
x-appversion: 1.0.8377.8392
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-12-08T12:39:44.0000000Z}
ms-operation-id: be224816fd017f4f9b82f99b045be330
p3p: CP="CAO CONi OTR OUR DEM ONL"
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 04 Apr 2023 23:26:00 GMT
content-length: 6332
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV1b248dea.0
ms-cv-esi: CASMicrosoftCV1b248dea.0
set-cookie: akacd_OneRF=1688426760~rv=27~id=b1480221ca4a4ef4c1005e7b45819ee5; path=/; Expires=Mon, 03 Jul 2023 23:26:00 GMT; Secure; SameSite=None
x-rtag: RT
X-Firefox-Spdy: h2
www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231
23.38.201.156200 OK 23 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231
IP 23.38.201.156:0
File type Unicode text, UTF-8 text, with very long lines (64241)
Hash 09800dff9a5770bdc368ae73ec89b229
52864194fec1b7fa70ba6e8bda68f0d8f27b21d1
d981d06eaec00bf7feef2b5dc799c3b50332ee867b8048109d45cb6a97e52557
GET /onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/32-1b8b7c/74-888e54?ver=2.0&_cf=02242021_3231 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
last-modified: Tue, 13 Dec 2022 20:44:22 GMT
x-activity-id: 5970f663-607d-4b17-942b-7f6d6b6635bc
x-appversion: 1.0.8349.33967
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-11-11T02:52:14.0000000Z}
ms-operation-id: 2c52758a7ed38d4ba46d8133da4c1f83
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2022-12-13T20:44:22
x-s2: 2022-12-13T20:44:22
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 22729
cache-control: public, max-age=21849504
expires: Wed, 13 Dec 2023 20:44:24 GMT
date: Tue, 04 Apr 2023 23:26:00 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV1b248dee.0
ms-cv-esi: CASMicrosoftCV1b248dee.0
x-rtag: RT
X-Firefox-Spdy: h2
oneocsp.microsoft.com/ocsp
204.79.197.203200 OK 1.8 kB URL HTTP/1.1 oneocsp.microsoft.com/ocsp
IP 204.79.197.203:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash c540d7e943ddf0a199cbdee1b819d9a7
c16a986821881c25ff5043c1c915e9d86308a985
cfc085695addb1fda9ddfe679033c9f1f217211d0670c90dd66642e39e2a3654
POST /ocsp HTTP/1.1
Host: oneocsp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 1777
Content-Type: application/ocsp-response
Expires: Mon, 10 Apr 2023 15:50:14 GMT
Last-Modified: Tue, 04 Apr 2023 18:14:09 GMT
ETag: "cfc085695addb1fda9ddfe679033c9f1f217211d0670c90dd66642e39e2a3654"
X-Powered-By: ASP.NET
x-content-type-options: nosniff
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 5DAF5ECC7D6A4A3E8FBCF2D495E401FD Ref B: OSL30EDGE0217 Ref C: 2023-04-04T23:26:00Z
Date: Tue, 04 Apr 2023 23:25:59 GMT
www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1
23.38.201.156200 OK 36 kB URL HTTP/2 www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1
IP 23.38.201.156:0
File type ASCII text, with very long lines (42133)
Hash d95e11ceb03f2345a320093cab78025e
61a86a14316100b63da779f7e173849643e687f5
e51a46060665f507a73982f7aa0a4088fc5b371023c237fefa0a1d806b56f6b0
GET /onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Tue, 24 Jan 2023 17:57:40 GMT
x-activity-id: afdd9be8-9abb-4122-ae9b-da02f28f8762
x-appversion: 1.0.8405.38376
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-01-06T05:19:12.0000000Z}
ms-operation-id: 6363f87892584147986ee80ae96eefc0
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
x-s1: 2023-01-24T17:57:40
x-s2: 2023-01-24T17:57:41
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=25468300
expires: Wed, 24 Jan 2024 17:57:40 GMT
date: Tue, 04 Apr 2023 23:26:00 GMT
content-length: 35900
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV1b248def.0
ms-cv-esi: CASMicrosoftCV1b248def.0
x-rtag: RT
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, ETag, Cache-Control, Expires, Backoff, Last-Modified, Pragma, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 04 Apr 2023 23:17:29 GMT
age: 511
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-W1J0L1Q5NX&cid=994887229.1680650760>m=45je3430&aip=1&z=942231594
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-W1J0L1Q5NX&cid=994887229.1680650760>m=45je3430&aip=1&z=942231594
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-W1J0L1Q5NX&cid=994887229.1680650760>m=45je3430&aip=1&z=942231594 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Apr 2023 23:26:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
support.office.com/css/Article/officeShared.css?v=pXwOvfY_bbmRA2ZXF-N1NcIgKpx4aiq3XWBgiI9dETY
104.88.24.36301 Moved Permanently 172 B URL HTTP/2 support.office.com/css/Article/officeShared.css?v=pXwOvfY_bbmRA2ZXF-N1NcIgKpx4aiq3XWBgiI9dETY
IP 104.88.24.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 953216194cd13ea625353e65ecf0a11b
4863c579d6ccc8f8fee2d4349be1467af00127f6
b51f4bb265807e9b74954b0dacac64e560e5688bfc8cc0b8c656bcb40ec609c2
GET /css/Article/officeShared.css?v=pXwOvfY_bbmRA2ZXF-N1NcIgKpx4aiq3XWBgiI9dETY HTTP/1.1
Host: support.office.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html; charset=utf-8
location: https://support.office.com/css/Article/officeShared.css
x-correlationid: 115e4a4d-dbb0-4016-9e33-29de06056b55
x-usersessionid: 115e4a4d-dbb0-4016-9e33-29de06056b55
x-officefe: OdcSupFrontEnd_IN_17
x-officeversion: 16.0.16402.42701
x-officecluster: weu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
content-length: 172
cache-control: max-age=48440
expires: Wed, 05 Apr 2023 12:53:20 GMT
date: Tue, 04 Apr 2023 23:26:00 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
13.107.237.53200 OK 82 kB URL HTTP/2 wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (63888), with no line terminators
Hash e51f388b62281af5b4a9193cce419941
364f3d737462b7fd063107fe2c580fdb9781a45a
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
GET /mscc/lib/v2/wcp-consent.js HTTP/1.1
Host: wcpstatic.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: max-age=43200
content-length: 81726
content-type: application/javascript
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
age: 38207
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3b8f2c9d-a01e-0061-0df3-665e53000000
x-ms-version: 2009-09-19
x-azure-ref: 0CLIsZAAAAAAeNO7aHYeeRL+KunmNRb3rQ1BIMzBFREdFMDQyMQAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 274780afcb4fbc5f81feba1c5d99add3
c26412d591486507f86c9c310a2b1cc62ddd8e76
2baa6a831f9856ee6b02859c3681a5a0d0e9dc361c60d04580b9f893fc06802c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:26:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
support.office.com/css/Article/officeShared.css
104.88.24.36301 Moved Permanently 154 B URL HTTP/2 support.office.com/css/Article/officeShared.css
IP 104.88.24.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash dc77a7a8fbb5289acbd96135af3824a1
d7bc69974bd31118640bb92631b8c20ace7a650f
b542e50d104e6d58369797b67ebcafbb83886f243056b44a8f2ab5c90a181116
GET /css/Article/officeShared.css HTTP/1.1
Host: support.office.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
content-type: text/html; charset=utf-8
location: https://support.office.com/Home/Error
x-correlationid: 3b77fa2d-1a6c-491c-a381-330011a4f845
x-usersessionid: 3b77fa2d-1a6c-491c-a381-330011a4f845
x-officefe: OdcSupFrontEnd_IN_17
x-officeversion: 16.0.16402.42701
x-officecluster: weu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
content-length: 154
cache-control: max-age=48360
expires: Wed, 05 Apr 2023 12:52:00 GMT
date: Tue, 04 Apr 2023 23:26:00 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
23.38.201.156200 OK 26 kB URL HTTP/2 www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
IP 23.38.201.156:0
File type Web Open Font Format, TrueType, length 26288, version 0.0\012- data
Hash d0263dc03be4c393a90bda733c57d6db
8a032b6deab53a33234c735133b48518f8643b92
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
GET /mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
last-modified: Tue, 14 Jun 2022 13:23:15 GMT
x-activity-id: 433fff9c-ac1c-4827-bb3b-a2ca5fa6dd83
x-appversion: 1.0.8167.41521
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-05-13T07:04:02.0000000Z}
ms-operation-id: 2f08fc2d143919438bfe914fdfecfc02
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 26288
cache-control: public, max-age=6098242
expires: Wed, 14 Jun 2023 13:23:22 GMT
date: Tue, 04 Apr 2023 23:26:00 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV1b2490f3.0
ms-cv-esi: CASMicrosoftCV1b2490f3.0
x-rtag: RT
X-Firefox-Spdy: h2
support.microsoft.com/css/Glyphs/SupMDL2_v4_69.woff2
23.38.200.116200 OK 30 kB URL HTTP/2 support.microsoft.com/css/Glyphs/SupMDL2_v4_69.woff2
IP 23.38.200.116:0
File type Web Open Font Format (Version 2), TrueType, length 29588, version 0.0\012- data
Hash f04217f47619ac51664e7a65b3f77b48
c32c07c33ba8850f282492b2bd38be170b556541
5975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61
GET /css/Glyphs/SupMDL2_v4_69.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 29588
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1d93cd346ef1014"
last-modified: Thu, 09 Feb 2023 22:10:11 GMT
request-context: appId=
x-correlationid: 0HMOATABNE8AT:00000002
x-operationid: 3c3af96c464f3a0ba6f0aae0480951e2
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=31330357
date: Tue, 04 Apr 2023 23:26:00 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.117.65.55101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.117.65.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: K1JaxHTSjFxpmYqidHuRqw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IVu63NIt9yXk1R+s9GbHaHxySm0=
Date: Tue, 04 Apr 2023 23:26:00 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
support.microsoft.com/socfonts/DevCMDL2.2.50.woff
23.38.200.116200 OK 18 kB URL HTTP/2 support.microsoft.com/socfonts/DevCMDL2.2.50.woff
IP 23.38.200.116:0
File type Web Open Font Format, TrueType, length 18316, version 0.0\012- data
Hash 0cedbb5e7888349e4705a66ede3dd01c
bff3c70dbd94c866bdefc48e7bba1d8f359577ac
12d95d8d400eeafa0258e9d29d6ea5ef0ec9cfc1410b75e47976fcb3f92082b0
GET /socfonts/DevCMDL2.2.50.woff HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/SocContent/css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: font/x-woff
last-modified: Wed, 08 Feb 2023 13:22:44 GMT
accept-ranges: bytes
etag: "0aa706dc03bd91:0"
x-correlationid: 70065751-9c2c-4c50-88be-f28ea4c1b02e
x-usersessionid: 70065751-9c2c-4c50-88be-f28ea4c1b02e
x-officefe: OdcSupFrontEnd_IN_13
x-officeversion: 16.0.16208.42700
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
content-length: 18316
cache-control: public, max-age=7776000
date: Tue, 04 Apr 2023 23:26:00 GMT
access-control-allow-origin:
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
js.monitor.azure.com/scripts/c/ms.analytics-web-3.2.7.min.js
13.107.237.53200 OK 50 kB URL HTTP/2 js.monitor.azure.com/scripts/c/ms.analytics-web-3.2.7.min.js
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65398)
Hash 0888bb7879080ed7ef4877114adbcbd7
569b99bf87b5e4bc7775ca1a2a31f17b67700934
c4b89f81286722cbffd3a68691a45b11c6e71110c55de310a98a6c3227c07d18
GET /scripts/c/ms.analytics-web-3.2.7.min.js HTTP/1.1
Host: js.monitor.azure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: Sb/q47QLN6j5URAwRjCa2Q==
last-modified: Wed, 05 Oct 2022 16:53:02 GMT
etag: 0x8DAA6F2110CCD22
x-cache: TCP_HIT
x-ms-request-id: 37e8e04b-101e-00eb-23d5-66a8eb000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.7
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0yYUsZAAAAAB2Qb032IOoTpwEo2sVKGFbRlJBMjMxMDUwNDE3MDUxAGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng==
x-azure-ref: 0CLIsZAAAAABp5wzYfzGHTLF38bdcJk2eQ1BIMzBFREdFMDQwOQBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d09f346e-3b3f-4bbc-b4cd-ad6f9df1ab6e.png
23.14.15.147200 OK 4.2 kB URL HTTP/2 support.content.office.net/en-us/media/d09f346e-3b3f-4bbc-b4cd-ad6f9df1ab6e.png
IP 23.14.15.147:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash b93f7321e326ca5c00d52e5df0357efa
5620e44d1318a3fa8c3f3f7685d76706752f4e36
5b00dfd36987ed6f3f48ba6eac2f7d177b9eb6526ef82f2cc786549bad43b5ec
GET /en-us/media/d09f346e-3b3f-4bbc-b4cd-ad6f9df1ab6e.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 4246
content-type: image/png
content-md5: uT9zIeMmylwA1S5d8DV++g==
last-modified: Fri, 04 Mar 2022 07:17:52 GMT
etag: 0x8D9FDAF18FAABFA
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b9a84848-401e-005c-7c59-483038000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d6ba446c-4077-4462-bfc9-7ddf7c07d7bd.png
23.14.15.147200 OK 4.3 kB URL HTTP/2 support.content.office.net/en-us/media/d6ba446c-4077-4462-bfc9-7ddf7c07d7bd.png
IP 23.14.15.147:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash dc66df4b133bbbeed776ca86b5ad68da
eab70e67489815ac093d17c1922a5dc5cf8c0ef0
8cbbbe47e52239d7d23ae19946fc2b2e3c6e95dcf7631c807af7a811c89cb78e
GET /en-us/media/d6ba446c-4077-4462-bfc9-7ddf7c07d7bd.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 4280
content-type: image/png
content-md5: 3GbfSxM7u+7XdsqGta1o2g==
last-modified: Fri, 04 Mar 2022 20:23:50 GMT
etag: 0x8D9FE1CE54267E6
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8aa50655-a01e-0026-0baa-442d78000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png
23.14.15.147200 OK 4.6 kB URL HTTP/2 support.content.office.net/en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png
IP 23.14.15.147:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash c59d7f179b1837d03040c0673c5ec15d
e219f3e3a6a01233b84bb27ef7ebe941a792a3af
e83c28f43b70c9d58e8f8758e547b985577f5a38045f1b5a63169913f02a0cc5
GET /en-us/media/d8369889-04df-4721-831d-e0490e10aaeb.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 4596
content-type: image/png
content-md5: xZ1/F5sYN9AwQMBnPF7BXQ==
last-modified: Fri, 04 Mar 2022 07:17:49 GMT
etag: 0x8D9FDAF172969CD
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c5a30787-901e-0070-0d67-41dc97000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png
23.14.15.147200 OK 2.7 kB URL HTTP/2 support.content.office.net/en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png
IP 23.14.15.147:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 4ef082afe9892d1af2bf56ebbbe43b24
6af8951ab396523fd8339b2df591835838d15c42
664490c5ed805c089f854c1edf01d005f170730a3614d19c60375eb7c3b08fdf
GET /en-us/media/2c3c0c0c-bcb1-4582-834f-ddd6daf4b1de.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 2703
content-type: image/png
content-md5: TvCCr+mJLRryv1bru+Q7JA==
last-modified: Fri, 04 Mar 2022 07:17:28 GMT
etag: 0x8D9FDAF0AA3B079
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: be11323c-601e-0029-2938-135b14000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png
23.14.15.147200 OK 210 B URL HTTP/2 support.content.office.net/en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png
IP 23.14.15.147:0
File type PNG image data, 256 x 256, 2-bit colormap, non-interlaced\012- data
Hash 5e136d738c93fdb32c08fdb249905c1f
abeaa733ead9d6a3843aae402afe8d8fbf0452bf
5a639ac902dffec0b8174e7a2dda2e18c8038b76ff5c88ec507984e71b7b4a1b
GET /en-us/media/3ae06b5c-45ee-4509-9ca2-e3958a88ab7f.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 210
content-type: image/png
content-md5: XhNtc4yT/bMsCP2ySZBcHw==
last-modified: Fri, 04 Mar 2022 07:17:30 GMT
etag: 0x8D9FDAF0B81DF68
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1e9e959a-101e-0033-6df7-4e3acb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
23.38.201.156200 OK 34 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
IP 23.38.201.156:0
File type Web Open Font Format (Version 2), TrueType, length 34052, version 0.0\012- data
Hash 36397a3bc139c6e9f81d383f060f080a
3f4f86c10920d4ed345f4858b6cde9f93e1aeb81
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
GET /static/fonts/segoe-ui/west-european/normal/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 34052
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "588d483e9c7d51:0"
cache-control: public, max-age=68344
expires: Wed, 05 Apr 2023 18:25:04 GMT
date: Tue, 04 Apr 2023 23:26:00 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
23.38.201.156200 OK 29 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
IP 23.38.201.156:0
File type Web Open Font Format (Version 2), TrueType, length 29388, version 0.0\012- data
Hash 6e75a94d5f7170a1ab532d32c2a35755
9c1b6fff544089941bbeddbcf529c3f0b46d853a
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
GET /static/fonts/segoe-ui/west-european/Semibold/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://www.microsoft.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 29388
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "5b68d583e9c7d51:0"
cache-control: public, max-age=68286
expires: Wed, 05 Apr 2023 18:24:06 GMT
date: Tue, 04 Apr 2023 23:26:00 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js
13.107.237.53200 OK 34 kB URL HTTP/2 js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65395)
Hash c36dcde83f87931be2a03750be60141b
3125c5fb4b9e42576ed68885f78021434a38559e
4515dac5130e5da2712f9ef9b94fe82ae52a18d3dedfc0bed03b487d14266a76
GET /scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js HTTP/1.1
Host: js.monitor.azure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: RlzwH95FOkmm6gksZWAC+w==
last-modified: Thu, 18 Aug 2022 21:40:45 GMT
etag: 0x8DA81624EF9033C
x-cache: TCP_HIT
x-ms-request-id: 9ab6fafd-c01e-00fe-1779-649fc3000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.6
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 00zosZAAAAAD+fsJ+8zZIQI+Fz52DzLnnRlJBMjMxMDUwNDE3MDQ5AGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng==
x-azure-ref: 0CLIsZAAAAADzfJ2JnvDQQY7yqabMY/wQQ1BIMzBFREdFMDQxMgBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
region1.analytics.google.com/g/collect?v=2&tid=G-W1J0L1Q5NX>m=45je3430&_p=341434241&_gaz=1&cid=994887229.1680650760&ul=en-us&sr=1280x1024&_s=1&sid=1680650759&sct=1&seg=0&dl=http%3A%2F%2Fbestfoodplaces.buzz%2F0WindbnNK1707w0winin87%2Findex.html&dr=http%3A%2F%2Fbestfoodplaces.buzz%2F&dt=Microsoft%20Support%20Assistance%20Er0SaAnif007&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.analytics.google.com/g/collect?v=2&tid=G-W1J0L1Q5NX>m=45je3430&_p=341434241&_gaz=1&cid=994887229.1680650760&ul=en-us&sr=1280x1024&_s=1&sid=1680650759&sct=1&seg=0&dl=http%3A%2F%2Fbestfoodplaces.buzz%2F0WindbnNK1707w0winin87%2Findex.html&dr=http%3A%2F%2Fbestfoodplaces.buzz%2F&dt=Microsoft%20Support%20Assistance%20Er0SaAnif007&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-W1J0L1Q5NX>m=45je3430&_p=341434241&_gaz=1&cid=994887229.1680650760&ul=en-us&sr=1280x1024&_s=1&sid=1680650759&sct=1&seg=0&dl=http%3A%2F%2Fbestfoodplaces.buzz%2F0WindbnNK1707w0winin87%2Findex.html&dr=http%3A%2F%2Fbestfoodplaces.buzz%2F&dt=Microsoft%20Support%20Assistance%20Er0SaAnif007&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://bestfoodplaces.buzz
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://bestfoodplaces.buzz
date: Tue, 04 Apr 2023 23:26:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8318be4633e5bd7ed8b010dced813a61
bf8c3a8932684e7e2cabe13dc40ed71b710829ec
add9922dfdcf26c07d9a286e529332fa488099e9c7029ca62b658434e4e987c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:26:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/g/collect?v=2&tid=G-W1J0L1Q5NX&cid=994887229.1680650760>m=45je3430&aip=1
64.233.161.154204 No Content 0 B URL HTTP/2 stats.g.doubleclick.net/g/collect?v=2&tid=G-W1J0L1Q5NX&cid=994887229.1680650760>m=45je3430&aip=1
IP 64.233.161.154:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-W1J0L1Q5NX&cid=994887229.1680650760>m=45je3430&aip=1 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://bestfoodplaces.buzz
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://bestfoodplaces.buzz
date: Tue, 04 Apr 2023 23:26:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png
23.14.15.147200 OK 3.4 kB URL HTTP/2 support.content.office.net/en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png
IP 23.14.15.147:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash b7b315e5398a5177f50394fc16f577a6
23d3cbf6a21d4fc6c275e70cd71e9f276bb4db52
92aa5dec4f2ee690cf1f8230fd67ed58b5918a7d1b0137dee46e6751fb439da6
GET /en-us/media/059b7716-5dfe-4510-9f5e-1f42cc2ba1b4.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 3425
content-type: image/png
content-md5: t7MV5TmKUXf1A5T8FvV3pg==
last-modified: Fri, 04 Mar 2022 07:17:31 GMT
etag: 0x8D9FDAF0BEDAF8E
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6d91cf68-101e-0033-0862-343acb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png
23.14.15.147200 OK 150 kB URL HTTP/2 support.content.office.net/en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png
IP 23.14.15.147:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size 150 kB (150348 bytes)
Hash 9aea7c1dc69d1cea907c024eab971118
4986a5deab1bb0c9f0a66e5ea996bce6f56683aa
ce4c6516f665d6893fdbe6e537c75e52213793bc2a6c55457fa63ebf1344112f
GET /en-us/media/2d61de8b-ff96-4a49-afa5-0795e254cc87.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 150348
content-type: image/png
content-md5: mup8HcadHOqQfAJOq5cRGA==
last-modified: Thu, 27 Oct 2022 22:24:37 GMT
etag: 0x8DAB86A08773082
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b088ad0d-a01e-0036-3585-46e810000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
support.microsoft.com/css/sitewide/articleCss-overwrite.css?v=lZSSDfw046y64snpLoK4NgnZrSECmoT0veaYhqSmS8A
23.38.200.116200 OK 417 B URL HTTP/2 support.microsoft.com/css/sitewide/articleCss-overwrite.css?v=lZSSDfw046y64snpLoK4NgnZrSECmoT0veaYhqSmS8A
IP 23.38.200.116:0
File type ASCII text, with very long lines (1083), with no line terminators
Hash 710d7c94635adc595f7724f45942ea36
f950c07f5eeb303f6c8279924e8eb2c65d48151b
8264d50b6ac5a684bd3ea38e1d0a4e8fbefd6dec68f755260ae8c7666777de03
GET /css/sitewide/articleCss-overwrite.css?v=lZSSDfw046y64snpLoK4NgnZrSECmoT0veaYhqSmS8A HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d9665e9791923b"
last-modified: Mon, 03 Apr 2023 19:00:44 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPKEO5AI0LP:00000002
x-operationid: 788f8b8f18b6cd296ceb8788cbdd0f3f
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 417
cache-control: private, max-age=31515378
date: Tue, 04 Apr 2023 23:26:00 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4
23.38.200.116200 OK 814 B URL HTTP/2 support.microsoft.com/css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4
IP 23.38.200.116:0
File type ASCII text, with very long lines (2230), with no line terminators
Hash e22f91333200d597a00d4e98527400e1
76659fa749d8848ace64e464941316325b07bb42
831d28e62fbfbb7488dc3471184f9116ebc453bed3464870815e22c9e2240233
GET /css/SearchBox/search-box.css?v=bybwzGBajHicVXspVs540UfV0swW0vCbOmBjBryj9N4 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd3903fbbb6"
last-modified: Thu, 09 Feb 2023 22:12:14 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATD1USEQK:00000002
x-operationid: 0c0e55ff10eab179f65f822a7c87351c
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 814
cache-control: private, max-age=31330357
date: Tue, 04 Apr 2023 23:26:00 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI
23.38.200.116200 OK 654 B URL HTTP/2 support.microsoft.com/css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI
IP 23.38.200.116:0
File type ASCII text, with very long lines (1877), with no line terminators
Hash 0d5d7ed2a6b811caffa8f525e3f71610
553802ca3a157bfd1fd028f494b792c201eb1ef7
8af71052a0ee40641e37dc7ec367a380e1d88cdc057a71b460f397085c011fcc
GET /css/supportbridge/support-bridge.css?v=ft5yipT-SPVc4yMl4wK9PnMTXqhVUrUJZoPQVrYDjUI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd3903fb455"
last-modified: Thu, 09 Feb 2023 22:12:14 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATD1USFL5:00000002
x-operationid: 6763e0e4301db0f411f25a0bc557ace1
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 654
cache-control: private, max-age=31330770
date: Tue, 04 Apr 2023 23:26:00 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI
23.38.200.116200 OK 1.5 kB URL HTTP/2 support.microsoft.com/css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI
IP 23.38.200.116:0
File type ASCII text, with very long lines (4370), with no line terminators
Hash 99ba2848ba9a06514e6cc579f6995206
632460dae575c7c20a27b5716c236d9debe4b9ed
85455b4dd8114d33bedf87384aa0ee36a67b38183452686a76c2846d11caf3f1
GET /css/promotionbanner/promotion-banner.css?v=cAmflE3c6Gw7niTOiMPEie9MY87yDE2mSl3DO7_jZRI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd2fd9f0512"
last-modified: Thu, 09 Feb 2023 22:08:08 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOAT9TTJQBN:00000003
x-operationid: f3859306795e2625d9ab0631d82e917e
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 1492
cache-control: private, max-age=31330357
date: Tue, 04 Apr 2023 23:26:00 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/landingpage/landing-page.min.css?v=yfVEPK33ndcBi43i0hgEJ2wI5J7vdLQ-zQCKIjoHuzQ
23.38.200.116200 OK 7.2 kB URL HTTP/2 support.microsoft.com/css/landingpage/landing-page.min.css?v=yfVEPK33ndcBi43i0hgEJ2wI5J7vdLQ-zQCKIjoHuzQ
IP 23.38.200.116:0
File type Unicode text, UTF-8 text, with very long lines (51715)
Hash f0c069967fa243caf912bf8b1697cfac
99fb0c8d3eeedec53896a0c941b1c81e8dc1e5b0
1f069a146d8726ae08a13e218908b454c3360afbe4ee8f5702918b0096c17e01
GET /css/landingpage/landing-page.min.css?v=yfVEPK33ndcBi43i0hgEJ2wI5J7vdLQ-zQCKIjoHuzQ HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d95cec6b84f5ee"
last-modified: Wed, 22 Mar 2023 18:30:47 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPB0F800BJN:00000002
x-operationid: 4f71be67d76080db65952720a2e38293
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 7233
cache-control: private, max-age=30833227
date: Tue, 04 Apr 2023 23:26:00 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
23.38.200.116200 OK 3.1 kB URL HTTP/2 support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
IP 23.38.200.116:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (10532), with no line terminators
Hash 0737acfed55616de4eda800b15cbf1fb
7e896a35974259d41ced3e2b70f564f3c34df4f8
8da6bcf631d27020b2ff6b788648d0f124f69ee5806e37ce415cdf9d4b88b8c9
GET /css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d93cd42c69913b"
last-modified: Thu, 09 Feb 2023 22:16:36 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMOATDUREA5D:00000007
x-operationid: 2ec79ddb2c53415b7190319296b607e5
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 3141
cache-control: private, max-age=31330357
date: Tue, 04 Apr 2023 23:26:00 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8318be4633e5bd7ed8b010dced813a61
bf8c3a8932684e7e2cabe13dc40ed71b710829ec
add9922dfdcf26c07d9a286e529332fa488099e9c7029ca62b658434e4e987c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:26:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bestfoodplaces.buzz/0WindbnNK1707w0winin87/en07.php
46.101.188.242401 Unauthorized 84 B URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/en07.php
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 52bf3ccddb64ba07d5d6d79fdfba4765
f369871f7f1efa470a92ebb8ab98ad26b6754965
11359d75d1ccf8ead98ba93030fb3e9050157c154ac53255f9dda71f1465c3d7
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/en07.php HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
Cookie: _ga_W1J0L1Q5NX=GS1.1.1680650759.1.0.1680650759.60.0.0; _ga=GA1.2.994887229.1680650760; _gid=GA1.2.1858795720.1680650760; _gat_gtag_UA_113411315_1=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 401 Unauthorized
Date: Tue, 04 Apr 2023 23:26:00 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
WWW-Authenticate: Basic realm="Call Microsoft Security Helpline immediately. +1-888-599-8180 "
Refresh: 0; url=/0WindbnNK1707w0winin87/en07.php
Set-Cookie: PHPSESSID=9fdcac7019c8de1e7ce8ef73ae8b5843; path=/
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
support.content.office.net/en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png
23.14.15.147200 OK 94 kB URL HTTP/2 support.content.office.net/en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png
IP 23.14.15.147:0
File type PNG image data, 2006 x 426, 8-bit colormap, non-interlaced\012- data
Hash f2378ce679cd470615bc0f5fdfb04868
377f63641a07739d73b4b119c927dc43a853d5cf
d66573493a7baebfb1ebf6913e924129bebf36b563d84a7e613a6418a79637fd
GET /en-us/media/76bb3497-baf7-4f68-ac15-0da34f0caf56.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 94486
content-type: image/png
content-md5: 8jeM5nnNRwYVvA9f37BIaA==
last-modified: Thu, 07 Oct 2021 18:46:47 GMT
etag: 0x8D989C2D12875EB
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e471a9d9-801e-0053-2ddf-474654000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
support.microsoft.com/css/glyphs/SupMDL2_v4_69.woff2
23.38.200.116200 OK 30 kB URL HTTP/2 support.microsoft.com/css/glyphs/SupMDL2_v4_69.woff2
IP 23.38.200.116:0
File type Web Open Font Format (Version 2), TrueType, length 29588, version 0.0\012- data
Hash f04217f47619ac51664e7a65b3f77b48
c32c07c33ba8850f282492b2bd38be170b556541
5975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61
GET /css/glyphs/SupMDL2_v4_69.woff2 HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://support.microsoft.com/css/glyphs/glyphs.css?v=0Hf7KD3KuarPGDf55g1ICt-VY442qRabqObuIoFb6Bo
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 29588
content-type: font/woff2
server: Kestrel
accept-ranges: bytes
etag: "1d93cd345be4514"
last-modified: Thu, 09 Feb 2023 22:10:09 GMT
request-context: appId=
x-correlationid: 0HMOATAF6QE34:0000000D
x-operationid: ef8ffa0743ea480ae675d88e445d16d5
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=31330357
date: Tue, 04 Apr 2023 23:26:00 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png
23.14.15.147200 OK 785 B URL HTTP/2 support.content.office.net/en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png
IP 23.14.15.147:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 859052ca7e07aca482d0ef74f86b45b6
d680c1c7c84a04ab96bc23adecee5efc4bc71bb4
4c238159bdfd032eb6ef4fefe83f453d3166adeb2331ba61dbdd67dfa6d0ed36
GET /en-us/media/262443df-1388-45a9-9c78-4dd6f528d08b.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 785
content-type: image/png
content-md5: hZBSyn4HrKSC0O90+GtFtg==
last-modified: Wed, 09 Mar 2022 06:23:54 GMT
etag: 0x8DA0195629FEC6D
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3fedf525-101e-0041-71a3-3f3d84000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
support.content.office.net/en-us/media/d245e220-3337-404c-b0cc-c0684b680f7e.png
23.14.15.147200 OK 9.4 kB URL HTTP/2 support.content.office.net/en-us/media/d245e220-3337-404c-b0cc-c0684b680f7e.png
IP 23.14.15.147:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash ebd667c89f68bf45837e47001c909015
c258e7eaa89971ff277d22bad64e71025d3b16f3
b51cbe1af99579551b84a0dd4310f2cc763aba6885f9e302cb164c67c661bc9d
GET /en-us/media/d245e220-3337-404c-b0cc-c0684b680f7e.png HTTP/1.1
Host: support.content.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=86400
content-length: 9385
content-type: image/png
content-md5: 69ZnyJ9ov0WDfkcAHJCQFQ==
last-modified: Fri, 04 Mar 2022 07:17:50 GMT
etag: 0x8D9FDAF17BE6653
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a1e93095-601e-0080-1af1-449a66000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638162475604015967.MmJkZTE3NWMtYjk1ZS00MWJlLWFjZGMtYWUzN2NhODAwMzg4N2MwZDM5NzctMzg1My00ZWU4LWE1MzctMjQ4NTU1NThiYzMw&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-g2oCSuSVLshT2Q9qo85slFbLfACoiHF9nQza-l3pf7lFkUpAZNP5ibXS3zpFJHax1CW5VuVYSCgzK2_N3UhUpoYgOdjNGHiYi-28rS8xcSZAP0ddlIF2YaeGU4QktQJu7siHU9OAUOUmmOjpffZaOZhy-jJ9JMOB0YB-dKQL39-_L8Qg96mhe7Wa9CwBs6xCRnmECXHnNkb60khonJDARKhAJvbverKmEDDoNAqLrMmau02tUuIcKBBwxoPNFXu33s_-XhUW0EPxmJMrfZgGkCI0XyIX3T0DRcpCYHVmQlxgFCMy450oswbbKT3fpwVV38aSDfEYYhsPsRDIEtOLQa&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
40.126.32.139200 OK 59 kB URL HTTP/1.1 login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638162475604015967.MmJkZTE3NWMtYjk1ZS00MWJlLWFjZGMtYWUzN2NhODAwMzg4N2MwZDM5NzctMzg1My00ZWU4LWE1MzctMjQ4NTU1NThiYzMw&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-g2oCSuSVLshT2Q9qo85slFbLfACoiHF9nQza-l3pf7lFkUpAZNP5ibXS3zpFJHax1CW5VuVYSCgzK2_N3UhUpoYgOdjNGHiYi-28rS8xcSZAP0ddlIF2YaeGU4QktQJu7siHU9OAUOUmmOjpffZaOZhy-jJ9JMOB0YB-dKQL39-_L8Qg96mhe7Wa9CwBs6xCRnmECXHnNkb60khonJDARKhAJvbverKmEDDoNAqLrMmau02tUuIcKBBwxoPNFXu33s_-XhUW0EPxmJMrfZgGkCI0XyIX3T0DRcpCYHVmQlxgFCMy450oswbbKT3fpwVV38aSDfEYYhsPsRDIEtOLQa&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
IP 40.126.32.139:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (42376), with CRLF, LF line terminators
Hash 5dc18344485b63138ae6cca52bf49351
bf448f84d3c8ef0c44f5683ee76b534f7a350252
8679a6be066bea76363741b1ebba11d595f094af5514850d81414997a1be85bc
GET /common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638162475604015967.MmJkZTE3NWMtYjk1ZS00MWJlLWFjZGMtYWUzN2NhODAwMzg4N2MwZDM5NzctMzg1My00ZWU4LWE1MzctMjQ4NTU1NThiYzMw&prompt=none&nopa=2&state=CfDJ8PY55fRSQr1CrcRGN2fDm-g2oCSuSVLshT2Q9qo85slFbLfACoiHF9nQza-l3pf7lFkUpAZNP5ibXS3zpFJHax1CW5VuVYSCgzK2_N3UhUpoYgOdjNGHiYi-28rS8xcSZAP0ddlIF2YaeGU4QktQJu7siHU9OAUOUmmOjpffZaOZhy-jJ9JMOB0YB-dKQL39-_L8Qg96mhe7Wa9CwBs6xCRnmECXHnNkb60khonJDARKhAJvbverKmEDDoNAqLrMmau02tUuIcKBBwxoPNFXu33s_-XhUW0EPxmJMrfZgGkCI0XyIX3T0DRcpCYHVmQlxgFCMy450oswbbKT3fpwVV38aSDfEYYhsPsRDIEtOLQa&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/
Connection: keep-alive
Cookie: brcap=0; MSFPC=GUID=27491a5fca0c436896bdbf20a1588da0&HASH=2749&LV=202205&V=4&LU=1652883922743; ESTSSSOTILES=1; AADSSOTILES=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msauth.net>; rel=dns-prefetch, <https://aadcdn.msftauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 1bd71ae9-2332-4d6d-97a6-f29e80123900
x-ms-ests-server: 2.1.14939.4 - WEULR1 ProdSlices
x-ms-clitelem: 1,0,0,,
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: buid=0.ATsAMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrpxPjbLCLt15NRzFExiLMhEE_hPnlgLrDOghgFXvXRH340_EqHCWgCL-CzLCSycCJ3pMd3RZvNCdtgZyVzIR0cJ9-TdCyV-fLmz52TjUs75ogAA; expires=Thu, 04-May-2023 23:26:00 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=Ak8zzTdJnnhMmu1tbK3HLudqwEtIAQAAAAepvtsOAAAA; expires=Thu, 04-May-2023 23:26:00 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABAAEAAAD--DLA3VO7QrddgJg7Wevr0oX1PlBeaOOLM_dkiga1mqUtZfMicn5mD3p5xX6AwTZ5wqZ7eXyut0FYioUSq65Fcio5iELSZHn2wYo1nU9PxjZDcqBAbPPPusdad4qqBCMTBvMUTCbfVqni7TxEHjg5a1PDeWI_R2l68O6GfO22PGPxB_flUxlL3pBxt2jhC3EgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 04 Apr 2023 23:26:00 GMT
Content-Length: 59206
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f06399875b2b1c6a0afe8a1d791f5a4a
f2ce36c5d6599e57e4df8f08a030e8cb00ebe830
2eef24cc1ae135e7e1687c3e56cd7be21530e2aa7612e686a829d2c204ab532e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EEF24CC1AE135E7E1687C3E56CD7BE21530E2AA7612E686A829D2C204AB532E"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6310
Expires: Wed, 05 Apr 2023 01:11:11 GMT
Date: Tue, 04 Apr 2023 23:26:01 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f06399875b2b1c6a0afe8a1d791f5a4a
f2ce36c5d6599e57e4df8f08a030e8cb00ebe830
2eef24cc1ae135e7e1687c3e56cd7be21530e2aa7612e686a829d2c204ab532e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EEF24CC1AE135E7E1687C3E56CD7BE21530E2AA7612E686A829D2C204AB532E"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6310
Expires: Wed, 05 Apr 2023 01:11:11 GMT
Date: Tue, 04 Apr 2023 23:26:01 GMT
Connection: keep-alive
mem.gfx.ms/scripts/me/MeControl/10.23082.2/en-US/meBoot.min.js
13.107.238.53200 OK 34 kB URL HTTP/2 mem.gfx.ms/scripts/me/MeControl/10.23082.2/en-US/meBoot.min.js
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Hash 3bb3d6353a7ad49269d8b51f84d7ae6a
88d14f59ecf4000073d3d0444581430d31624a5e
80c4d25ee2572ef588f8e06f1ca46c555c28bd984fbe8a25df21bd92eebd87f3
GET /scripts/me/MeControl/10.23082.2/en-US/meBoot.min.js HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
last-modified: Wed, 29 Mar 2023 19:24:18 GMT
etag: "1d962aebaac36e7"
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0TaEsZAAAAAAogXYQRjWjRYNtYV9lMiTSQU1TMDRFREdFMTkyMABlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0CLIsZAAAAABsg8E04m4kT5qh7e0KSPkUQ1BIMzBFREdFMDQwOQBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 04 Apr 2023 23:26:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f06399875b2b1c6a0afe8a1d791f5a4a
f2ce36c5d6599e57e4df8f08a030e8cb00ebe830
2eef24cc1ae135e7e1687c3e56cd7be21530e2aa7612e686a829d2c204ab532e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EEF24CC1AE135E7E1687C3E56CD7BE21530E2AA7612E686A829D2C204AB532E"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6310
Expires: Wed, 05 Apr 2023 01:11:11 GMT
Date: Tue, 04 Apr 2023 23:26:01 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f06399875b2b1c6a0afe8a1d791f5a4a
f2ce36c5d6599e57e4df8f08a030e8cb00ebe830
2eef24cc1ae135e7e1687c3e56cd7be21530e2aa7612e686a829d2c204ab532e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EEF24CC1AE135E7E1687C3E56CD7BE21530E2AA7612E686A829D2C204AB532E"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6310
Expires: Wed, 05 Apr 2023 01:11:11 GMT
Date: Tue, 04 Apr 2023 23:26:01 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06d31622-0a13-44c5-af26-f54d7858062c.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06d31622-0a13-44c5-af26-f54d7858062c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a1f459480dc0b55ae4825d3a1c329c65
993e5077165cf389c986c7c73d39384bf21b24ec
360931163e5d707215d9a273661d364e6ae6a71b1821cb39a2e52619812312ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06d31622-0a13-44c5-af26-f54d7858062c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4424
x-amzn-requestid: cfcba3e0-1e91-44de-883d-b059229834ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cyg_1H2roAMFU7A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642a7b98-022b97ae47933289670cd3ad;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 07:09:12 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: nMYIqxb9lOzP01Tcs4KbNkYgMQukQ0aU-K1-zVerItMe5g8S_s2s6A==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 1f41b5f27f3ec2e93db2155dbc56900c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:14:31 GMT
age: 58290
etag: "993e5077165cf389c986c7c73d39384bf21b24ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73999c40-7b3d-4374-b77c-c7085176f842.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73999c40-7b3d-4374-b77c-c7085176f842.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 07170d7044036eff2cb56f60cb46d2b9
f5f7e97f471fac1921d6af5bc85f23f5ea8cdf0e
074e4f53d398c0ff61c5cffbd88e32bfc9815a8f3a7ab5f53778cebe3569bb27
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73999c40-7b3d-4374-b77c-c7085176f842.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12649
x-amzn-requestid: 58335899-023c-431a-b01c-2262a94c3603
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cr7_AEZDoAMFyYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6427d9f9-5827c50f699109da69803818;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sat, 01 Apr 2023 07:15:05 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: MCINCDrZ94cW4sJcsJ0AFSxlglas_XR2KR1jmsvGllswoPKXK3O4Og==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 85ee490c179dc0af42b771f11421073e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 21:48:39 GMT
age: 5842
etag: "f5f7e97f471fac1921d6af5bc85f23f5ea8cdf0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0ce9423-d786-4295-8902-98540e77018c.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0ce9423-d786-4295-8902-98540e77018c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4a430149d3ba353b328b8579050c540
07b8cc3c5a10e784d5555a3e0a973855d2351a1f
e68870543dbb89ce7c975267a940ed9c10becfd60553a68b422dff747d0b2067
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0ce9423-d786-4295-8902-98540e77018c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9749
x-amzn-requestid: d2f80674-ea6f-4a39-87be-32b39c746576
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cyg_UFwYIAMFmyA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642a7b94-3c4e4e625878f3027c1280ed;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 07:09:09 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: BR_WjUQ5sDkXO62MHoqh7XiCsr6dNdBR75LTUuaBAZj13dSjxwkPOw==
via: 1.1 f3802d173009698413044360f84de06c.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:15:49 GMT
age: 58212
etag: "07b8cc3c5a10e784d5555a3e0a973855d2351a1f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 20ff30ea98e9f9086ee28d4ac369e938
40aee6f21d4958a8e36bb9e9359a1784bb4e059d
1fa8c56d96a34e8971f580a83ef30b460b622d43ed7486ccb2c317366cb2179c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6606
x-amzn-requestid: 2e52472d-4c31-46af-b2e7-4ffc169c2222
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C34yhEGhIAMF1sA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642ca1a9-4f0faa13315fe1e76cbb09a3;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 22:16:09 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: -3eyeauXxMTnrWCD5BX_WX2pakIj6fexjGzeXiTotEkJi7tkQBFFjA==
via: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 22:47:01 GMT
age: 2340
etag: "40aee6f21d4958a8e36bb9e9359a1784bb4e059d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0c14dd9bfa7f1f37c711973900dbb5af
c8dea8f9cafcf7d108c93156f40537e78f7da88f
b99050909eb528f9c22201ed2f0f185edbb1f0b1e16631ef21dca72433e1e05d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3500
x-amzn-requestid: 5626e00a-90a4-42c5-bcbd-1ec24decfa47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C3yqqG0_oAMFTcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642c97dd-16eb602d2ac30b2521cc8165;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 21:34:21 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: Q-yoSHYZcCHlnNSX3Gyzw6wLmH6Mr2z9WR39wfa8lgEVJhh5rPE6_A==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 ef8f66c83aecd87910ce2e1153544a20.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 21:35:57 GMT
age: 6604
etag: "c8dea8f9cafcf7d108c93156f40537e78f7da88f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59d6989a-36a1-4ed7-9694-00dfbfc9b386.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59d6989a-36a1-4ed7-9694-00dfbfc9b386.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d504943bc15b039b6813b2d1a8a8783
865a647f277bf9234adce200cb6c3e0735f2c9e7
5906ddbaf547fcc998dc1121a1e345b34f575ffe867e32453121354f91df7d53
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59d6989a-36a1-4ed7-9694-00dfbfc9b386.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4774
x-amzn-requestid: 8c43d597-5000-48a3-be58-7157558d119e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CvNtSGTqoAMF-Aw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64292987-66a228e347e1fd032c920287;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sun, 02 Apr 2023 07:06:47 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: eMj9Fv9kO_r5yNKqjA2px4vX6UgpDNgP0GmtAz-g5dBikHR2dhikEA==
via: 1.1 6af36c6902a46beec743522a9bbb3ab0.cloudfront.net (CloudFront), 1.1 c9b161639a9353c2354b895548ea9fca.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:50:08 GMT
age: 56153
etag: "865a647f277bf9234adce200cb6c3e0735f2c9e7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bestfoodplaces.buzz/0WindbnNK1707w0winin87/_Fm7-alert.mp3
46.101.188.242206 Partial Content 0 B URL HTTP/1.1 bestfoodplaces.buzz/0WindbnNK1707w0winin87/_Fm7-alert.mp3
IP 46.101.188.242:0
ASN #14061 DIGITALOCEAN-ASN
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /0WindbnNK1707w0winin87/_Fm7-alert.mp3 HTTP/1.1
Host: bestfoodplaces.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/0WindbnNK1707w0winin87/index.html
HTTP/1.1 206 Partial Content
Date: Tue, 04 Apr 2023 23:25:59 GMT
Server: Apache
Last-Modified: Sun, 06 Oct 2019 04:37:18 GMT
Accept-Ranges: bytes
Content-Length: 200832
Content-Range: bytes 0-200831/200832
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: audio/mpeg
support.office.com/Home/Error
104.88.24.36404 Not Found 0 B URL HTTP/2 support.office.com/Home/Error
IP 104.88.24.36:0
GET /Home/Error HTTP/1.1
Host: support.office.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
cache-control: private
content-type: text/html; charset=utf-8
x-correlationid: 8c47f005-9876-4220-adbd-d73168d1538e
x-usersessionid: 8c47f005-9876-4220-adbd-d73168d1538e
x-officefe: OdcSupFrontEnd_IN_1
x-officeversion: 16.0.16403.42702
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
content-length: 96084
date: Tue, 04 Apr 2023 23:26:00 GMT
set-cookie: EXPID=ebd74cc9-ea28-49b3-982e-793723c35c21; expires=Thu, 04-Apr-2024 23:26:00 GMT; path=/; secure; HttpOnly
AuthSess=3fc14b14-cdab-40e6-bba0-b5f9fe9c42c9; domain=support.office.com; path=/; samesite=none; secure; HttpOnly
AADNonce.support=0d129d16-e8b7-4fd5-aaf1-c985703da03e.638162475604959992; domain=support.office.com; path=/; samesite=none; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
support.microsoft.com/lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI
23.38.200.116200 OK 0 B URL HTTP/2 support.microsoft.com/lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI
IP 23.38.200.116:0
GET /lib/ucs/dist/ucsCreativeService.js?v=yGbJEzVThu6xTzkXAmcIosGuJnJczcH12Av0qylgjiI HTTP/1.1
Host: support.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: Kestrel
accept-ranges: bytes
content-encoding: br
etag: "1d9672248a55f9f"
last-modified: Tue, 04 Apr 2023 18:21:33 GMT
vary: Accept-Encoding
request-context: appId=
x-correlationid: 0HMPL76C90DLL:00000002
x-operationid: 208c89b2234d3dd62452c8db78b1e2ad
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
critical-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 218885
cache-control: private, max-age=109
date: Tue, 04 Apr 2023 23:25:59 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1
13.107.238.53200 OK 0 B URL HTTP/2 mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://support.microsoft.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, no-transform, max-age=43200
content-type: application/javascript
content-encoding: br
expires: Wed, 05 Apr 2023 07:17:57 GMT
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0Z64sZAAAAAALIT6QFe/dTYnx36blSo0URlJBMjMxMDUwNDE4MDQ3AGVhYzVmNDlmLWUwMmQtNGY0MS1iMGE2LTJkNTBmOWZjZjg0YQ==
x-azure-ref: 0CLIsZAAAAACZ21GAqrkbQ5HoiFgVmQYSQ1BIMzBFREdFMDQxNwBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Tue, 04 Apr 2023 23:25:59 GMT
X-Firefox-Spdy: h2
support.office.com/Home/Error
104.88.24.36404 Not Found 0 B URL HTTP/2 support.office.com/Home/Error
IP 104.88.24.36:0
GET /Home/Error HTTP/1.1
Host: support.office.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support.microsoft.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
cache-control: private
content-type: text/html; charset=utf-8
x-correlationid: bffa14df-5a27-4c24-a7c2-492d05243502
x-usersessionid: bffa14df-5a27-4c24-a7c2-492d05243502
x-officefe: OdcSupFrontEnd_IN_1
x-officeversion: 16.0.16403.42702
x-officecluster: neu-100.odcsup.osi.office.net
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-content-type-options: nosniff
content-length: 96097
date: Tue, 04 Apr 2023 23:26:00 GMT
set-cookie: EXPID=8d6a082b-5413-44f0-9765-4606b51722d7; expires=Thu, 04-Apr-2024 23:26:00 GMT; path=/; secure; HttpOnly
AuthSess=2059f3fb-179a-4a0d-a720-818f9d34bbc6; domain=support.office.com; path=/; samesite=none; secure; HttpOnly
AADNonce.support=fe5a2807-5f1d-4fa6-887c-17057909a6ae.638162475606366287; domain=support.office.com; path=/; samesite=none; secure; HttpOnly
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://bestfoodplaces.buzz
Connection: keep-alive
Referer: http://bestfoodplaces.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Apr 2023 23:25:59 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"02d223393e00c273efdcb1ade8f4f8b1"
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
cdn-cachedat: 01/05/2023 11:07:49
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-edgestorageid: 1080
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 8b170f5326c783873e770899f7842c74
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7b2d504e8e57b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2